Business Resilience 2 Flashcards
What does a lower recovery time objective equate to?
Higher Costs
How? - Because RTO is based on the acceptable down time in case of a disruption of operations
What should the IS auditor review first to determine why the performance of the disaster recovery site’s server is slow?
Configurations and alignment of the primary and disaster recovery sites
What type of risk approach is being used when an organization enters into a disaster recovery plan reciprocal agreement?
Risk Mitigation
i.e. a reciprocal agreement in which two organizations agree to provide computing resources to each other in the event of a disaster is a form of risk mitigation.
Which group within an organization would be the best source of information for determining the criticality of application systems as part of a business impact analysis (BIA)?
The Business Process Owners’
Why? - Because the BIA is designed to evaluate criticality and recovery time lines, based on business needs.
What should an organization do after completing a business impact analysis as part of business continuity planning?
A business continuity strategy
which identifies the best way to recover
How can a business ensure their business continuity plan remains up to date?
A group walkthrough of the different scenarios of the plan from beginning to end
What is the primary purpose of a business impact analysis?
To define recovery strategies
i.e. The recovery time objective and the recovery point objective
In a scenario with multiple applications hosted on one server what is the recovery time objective based on?
The application with the shortest RTO
i.e. the server’s RTO must be determined by taking the RTO of the most critical application, which is the shortest RTO
What key phrases best help define disaster recovery strategies?
Maximum tolerable downtime and data loss
What business continuity plan test involves participation of relevant members of the crisis management/response team (For proper coordination)?
Tabletop
i.e. This testing practices proper coordination because it involves all or some of the crisis team members
How can a company ensure a structured disaster recovery?
By making sure the business continuity plan and disaster recovery plan are tested regularly
What is a great indicator of the effectiveness of backup and restore procedures while restoring data after a disaster?
Recovery time objectives were met
True or False.
Recovery procedures for an information processing facility are best based on recovery point objective.
FALSE.
Recovery procedures for an information processing facility are best based on:
- recovery time objective (i.e. the amount of time allowed for the recovery of a business function or resource after a disaster occurs)
What is a key indicator that shows that the disaster recovery procedures meets a data center requirements?
A tabletop exercise using the procedures was conducted
i.e. This tabletop exercise (paper-based test) best ensures that the procedures meet the requirements
What measure mitigates the risk arising from using reciprocal agreements as a recovery alternative?
Ensuring that partnering organizations are separated geographically.
