Business Resilience 2 Flashcards
What does a lower recovery time objective equate to?
Higher Costs
How? - Because RTO is based on the acceptable down time in case of a disruption of operations
What should the IS auditor review first to determine why the performance of the disaster recovery site’s server is slow?
Configurations and alignment of the primary and disaster recovery sites
What type of risk approach is being used when an organization enters into a disaster recovery plan reciprocal agreement?
Risk Mitigation
i.e. a reciprocal agreement in which two organizations agree to provide computing resources to each other in the event of a disaster is a form of risk mitigation.
Which group within an organization would be the best source of information for determining the criticality of application systems as part of a business impact analysis (BIA)?
The Business Process Owners’
Why? - Because the BIA is designed to evaluate criticality and recovery time lines, based on business needs.
What should an organization do after completing a business impact analysis as part of business continuity planning?
A business continuity strategy
which identifies the best way to recover
How can a business ensure their business continuity plan remains up to date?
A group walkthrough of the different scenarios of the plan from beginning to end
What is the primary purpose of a business impact analysis?
To define recovery strategies
i.e. The recovery time objective and the recovery point objective
In a scenario with multiple applications hosted on one server what is the recovery time objective based on?
The application with the shortest RTO
i.e. the server’s RTO must be determined by taking the RTO of the most critical application, which is the shortest RTO
What key phrases best help define disaster recovery strategies?
Maximum tolerable downtime and data loss
What business continuity plan test involves participation of relevant members of the crisis management/response team (For proper coordination)?
Tabletop
i.e. This testing practices proper coordination because it involves all or some of the crisis team members
How can a company ensure a structured disaster recovery?
By making sure the business continuity plan and disaster recovery plan are tested regularly
What is a great indicator of the effectiveness of backup and restore procedures while restoring data after a disaster?
Recovery time objectives were met
True or False.
Recovery procedures for an information processing facility are best based on recovery point objective.
FALSE.
Recovery procedures for an information processing facility are best based on:
- recovery time objective (i.e. the amount of time allowed for the recovery of a business function or resource after a disaster occurs)
What is a key indicator that shows that the disaster recovery procedures meets a data center requirements?
A tabletop exercise using the procedures was conducted
i.e. This tabletop exercise (paper-based test) best ensures that the procedures meet the requirements
What measure mitigates the risk arising from using reciprocal agreements as a recovery alternative?
Ensuring that partnering organizations are separated geographically.
What is a method to best ensures that critical IT system failures do not recur?
Perform root cause analysis
This allows for appropriate corrections that will help prevent the incident from recurring
What would be a good reason for integrating the testing of noncritical systems in disaster recovery plans (DRPs) with business continuity plans (BCPs)?
BCPs may assume the existence of capabilities that are not in DRPs
What is the primary concern when determining the service delivery objective?
The minimum acceptable operational capability
What is the result of segmenting a highly sensitive database?
Reduced Exposure
i.e. It reduces the quantity of data exposed to a particular vulnerability
