Business Continuity Planning (BCP)

Question 1

activation

Answer 1

to start business continuity processes

Question 2

alert

Answer 2

Notification that a potential disaster situation exists or has occurred

Question 3

alternate site

Answer 3

location to perform the business function

Question 4

Backup

Answer 4

A copy of files and programs made to facilitate recovery if necessary.

Question 5

Business Continuity Plan

Answer 5

documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.

Question 6

business continuity program

Answer 6

ongoing process supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested

Question 7

business continuity steering committee

Answer 7

group of decision makers, business owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization.

Question 8

Business Impact Analysis

Answer 8

detailed review of information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

Question 9

business interruption

Answer 9

Any event, whether anticipated or unanticipated which stops the normal course of business operations at an organization location.

Question 10

business interruption insurance

Answer 10

contract to pay for disaster related expenses that may be incurred until operations are fully recovered.

Question 11

business recovery team

Answer 11

group of individuals responsible for maintaining the procedures and coordinating return of business functions and processes.

Question 12

business recovery timeline

Answer 12

chronological sequence of recovery activities, or critical path, that must be followed to resume an acceptable level of operations following a business interruption. may range from minutes to weeks, depending upon requirements and methodology.

Question 13

business unit recovery

Answer 13

component which deals specifically with the relocation of a key function or department in the event of a disaster.

Question 14

call tree

Answer 14

internal list of contact information used for the communication of incident information, designed in a distributed manor so that no one person is responsible for contacting everyone.

Question 15

checklist test

Answer 15

(desk check) a test that answers the questions: Does the organization have the documentation it needs? Can it be located?

Question 16

cold site

Answer 16

recovery alternative, a building only with sufficient power, and HVAC

Question 17

Continuity of Operations Plan

Answer 17

A predetermined set of instructions or procedures that describe how an organization’s mission essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.

Question 18

coordinator

Answer 18

person responsible for overall recovery of an organization or unit(s).

Question 19

crisis

Answer 19

A critical event, which may dramatically impact an organization’s profitability, reputation, or ability to operate.

Question 20

critical functions

Answer 20

Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.

Question 21

critical infrastructure

Answer 21

Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization

Question 22

critical records

Answer 22

documents that, if lost, would cause considerable inconvenience and/or require replacement or recreation at considerable expense.

Question 23

data backup strategies

Answer 23

processes determined by an organization to be necessary to meet its recovery and restoration objectives. these will determine the timeframes, technologies, media and offsite storage of the backups, and will ensure that recovery point and time objectives can be met.

Question 24

data backups

Answer 24

confidential system, application, program and/or production files on media that can be stored both on and/or offsite.

Question 25

data recovery

Answer 25

restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.

Question 26

database replication

Answer 26

partial or full duplication of data from source to one or more destinations.

Question 27

declaration

Answer 27

formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions.

Question 28

desk check test

Answer 28

test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?

Question 29

disaster

Answer 29

an event which stops business from continuing.

Question 30

Disaster Recovery Plan

Answer 30

A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.

Question 31

disaster recovery teams

Answer 31

A structured group of teams ready to take control of the recovery operations if a disaster should occur.

Question 32

disk mirroring

Answer 32

Disk mirroring is the duplication of data on separate disks in real time to ensure its continuous availability, currency and accuracy.

Question 33

Disruption

Answer 33

An unplanned event that causes an information system to be inoperable for a length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).

Question 34

distributed processing

Answer 34

a back up type, where the organization has excess capacity in another location.

Question 35

Drills - Test

Answer 35

practice of activity typically targeted to a specific response. The purpose is to have the participants follow the designated response activities specified in their plans to become more proficient in executing the response activity.

Question 36

electronic vaulting

Answer 36

transmission of backup data to an offsite facility; it eliminates the need for tape shipment and therefore significantly shortens the time required to move the data offsite.

Question 37

emergency

Answer 37

sudden, unexpected event requiring immediate action due to potential threat to health and safety, the environment, or property.

Question 38

Emergency Operations Center

Answer 38

location where coordination and execution of BCP or DRP is directed

Question 39

emergency procedures

Answer 39

plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.

Question 40

executive succession

Answer 40

planning for the delegation of authority required when decisions must be made without the normal chain of command

Question 41

exercise

Answer 41

activity that is performed for the purpose of training and conditioning team members, and improving their performance.

Question 42

file shadowing

Answer 42

asynchronous duplication of the production database on separate media to ensure data availability, currency and accuracy.

Question 43

forward recovery

Answer 43

process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.

Question 44

Full Interruption Test

Answer 44

live, very high risk test.

Question 45

hot site

Answer 45

recovery alternative, everything needed for the business function, except people and last backup

Question 46

Impact

Answer 46

magnitude of harm that can be expected to result from consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.

Question 47

Impact Level

Answer 47

classify the intensity of a potential impact that may occur if the information system is jeopardized.

Question 48

incident manager

Answer 48

highest level of authority at EOC with knowledge of the business process and the resources available

Question 49

incident response

Answer 49

reaction of an organization to a significant event that may impact the organization, its people, or its ability to function productively.

Question 50

Incident Response Plan

Answer 50

documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber attacks against an organization's information system(s).

Question 51

Information System Contingency Plan

Answer 51

management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters.

Question 52

integrated test

Answer 52

test conducted on multiple components of a plan, in conjunction with each other, typically under simulated operating conditions

Question 53

journaling

Answer 53

process of logging single changes or updates to a database since the last full backup.

Question 54

Live Walk-Through Test

Answer 54

an exercise where the plan is executed as if a real disaster has taken place at a specific point in the facility and is typically conducted with multiple BC/DR teams. (simulation test)

Question 55

Maximum Tolerable Downtime

Answer 55

amount of time mission/business process can be disrupted without causing significant harm to the organization's mission.

Question 56

mirrored site

Answer 56

recovery alternative, complete duplication of services including personnel

Question 57

mission-critical application

Answer 57

essential to the organization’s ability to perform necessary business functions.

Question 58

mobile site

Answer 58

recovery alternative, short-term, high cost movable processing location

Question 59

near site

Answer 59

backup of data located where staff can gain access readily and a localized disaster will not cause harm

Question 60

off site

Answer 60

backup of data located where staff can not gain access readily and a regional disaster will not cause harm

Question 61

off-site storage

Answer 61

Alternate location where duplicated vital records and documentation may be stored for use during disaster recovery.

Question 62

on-site

Answer 62

backup of data located where staff can gain access immediately

Question 63

operational impact analysis

Answer 63

determines the significance of the loss of an operational or technological resource. The loss of a system, network or other critical resource may affect a number of business processes.

Question 64

operational test

Answer 64

test conducted on one or more components of a plan under actual operating conditions.

Question 65

Parallel Test

Answer 65

operational test is held at the same time with the actual processing of critical systems to ensure that the systems will run correctly at the alternative site.

Question 66

reciprocal agreement

Answer 66

between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other’s site.

Question 67

recovery period

Answer 67

time period between a disaster and a return to normal functions, during which the disaster recovery plan is employed.

Question 68

Recovery Point Objective

Answer 68

determinant of the amount of data that may need to be recreated after the systems or functions have been recovered. stipulates the amount of data an organization can lose when a disaster occurs

Question 69

Recovery Time Objective

Answer 69

target time which respects tolerance for loss of certain business function, basis of strategy stipulates the amount of time an organization needs to recover from a disaster

Question 70

remote journaling

Answer 70

database backup type which records at the transaction level

Question 71

replication

Answer 71

backup type which creates a complete copy

Question 72

Resilience

Answer 72

ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning.

Question 73

restoration

Answer 73

planning with a goal of returning to the normal business function

Question 74

resumption

Answer 74

process of planning for and/or implementing the restarting of defined business operations following a disaster, usually beginning with the most critical or time-sensitive functions first.

Question 75

risk assessment / analysis

Answer 75

assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls; involves an evaluation of the probabilities of a particular negative event.

Question 76

risk mitigation

Answer 76

Implementation of measures to limit specific threats to the continuity of business operations, and/or respond to any occurrence of such threats in a timely and appropriate manner.

Question 77

service bureau

Answer 77

recovery alternative which outsources a business function at a cost

Question 78

shadowing

Answer 78

backup type, for databases at a point in time

Question 79

simulation

Answer 79

scenario based test that answers the question: Can the organization replicate the business process?

Question 80

standalone test

Answer 80

test conducted on a specific component of a plan, in isolation from other components, typically under simulated operating conditions.

Question 81

structured walkthrough

Answer 81

One method of testing a specific component of a plan. Typically, a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.

Question 82

System Development Life Cycle

Answer 82

The scope of activities associated with initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal

Question 83

system downtime

Answer 83

planned or unplanned interruption in system availability

Question 84

Tabletop Walk-Through Test

Answer 84

A is a test that exercises all or part of the BC/DR plan as specified in the scope of the test plan.

Question 85

test plan

Answer 85

document designed to periodically exercise specific action tasks and procedures to ensure viability in a real disaster.

Question 86

triage

Answer 86

to evaluate the current situation and make basic decisions as to what to do

Question 87

Walk-Through Test

Answer 87

first test conducted to familiarize the team leader and members with the plan. It addresses all components of the BC/ DR plan.

Question 88

warm site

Answer 88

recovery alternative which includes cold site and some equipment and infrastructure is available