Ch3

Question 1

What are phases of BCP

Answer 1

• project scope and planning
• business impact assessment
• continuity planning
• approval and implementation

Question 2

What is the overall goal of BCP

Answer 2

ensuring business operations continue uninterrupted during emergencies

Question 3

Business Organization Analysis

Answer 3

• performed by the individuals spearheading the BCP effort to identify what departments have stake in the BCP
• should be reviewed first thing…again by BCP Team once members are chosen

Question 4

BCP - project scope and planning

Answer 4

■ analysis of the business’s organization
■ creation of a BCP team
■ assessment of the resources available
■ analysis of the legal and regulatory

Question 5

BIA - Business Impact Analysis

Answer 5

• identifies resources critical to an organization
• threats posed to those resources (risk analysis)
• likelihood that each threat will actually occur
• impact those occurrences will have on the business
• includes Quantitative & Qualitative analysis
• MTD and RTO (Recovery Time Objective) are analyzed at this point

Question 6

Name of report by independent auditing firm that conducts an assessment of controls

Answer 6

a service organization control (SOC) report.
Keep in mind that there are three different versions of the SOC report. The simplest of these, a SOC-1 report, covers only internal controls over financial reporting. If you want to verify the security, privacy, and availability controls, you’ll want to review either an SOC-2 or SOC-3 report. The American Institute of Certifed Public Accountants (AICPA) sets and maintains the standards surrounding these reports to maintain consistency between
auditors from different accounting firms

Question 7

Continuity Planning

Answer 7

• focuses on developing and implementing a continuity strategy to minimize the impact realized risks might have on protected assets.

Question 8

Strategy Development

Answer 8

• bridges the gap between BIA and continuity planning by analyzing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP

Question 9

four responses to risk

Answer 9

accept
reduce (mitigate)
assign (transfer)
reject

Question 10

Provisions and Processes Phase

Answer 10

• meat of the BCP
• BCP Team design specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development stage.
• people, buildings/facilities, and infrastructure are protected

Question 11

Approval and Implementation phase

Answer 11

• Requires Senior management approval
• plan implementation
• training and education
• BCP Documentation

Question 12

what are the necessary members of the BCP Team

Answer 12

IT
Operational dept
Support dept
Legal
HR
Senior Management
Security personnel

Question 13

Steps of Business Impact Assessment

Answer 13

• Identify priorities
• Identify Risk
• Likelihood assessment
• impact assessment
• resource prioritization