Chapter 3 Flashcards

1
Q

Business Continuity Planning (BCP)

A

used to maintain the continuous operation of a business in the event of an emergency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Difference between BCP and DRP

A

BC is strategic and high level - focused on business processes and operations. DR are more tactical and describe technical activities like recovery sites, backups, and fault tolerance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

4 steps of business continuity

A
  1. Project scope and planning
  2. Business impact analysis
  3. Continuity planning
  4. Approval and implementation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

top priority of BCP and DRP

A

PEOPLE - don’t let them die

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which step of BCP does this belong to?

Perform a structured review of the business’s organization from a crisis planning POV

A
  1. Project Scope and Planning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which step of BCP does this belong to?

Create a BCP team with the approval of senior management.

A
  1. Project scope and planning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which step of BCP does this belong to?

Assess the resources available to participate in BC activities

A
  1. Project scope and planning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which step of BCP does this belong to?

Analyze the legal and regulatory landscape that governs an organization’s respond to a catastrophic event.

A
  1. project scope and planning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which step of BCP does this describe?

Analyze the business organization to identify all departments and individuals who have a stake in the BCP process

A
  1. Organizational Review
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are four key departments to identify during the Organizational Review?

A
  1. Operational departmets - core services
  2. Critical support - maintain systems for operations
  3. physical security teams - usually first responders
  4. senior executives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why would a BCP team made of only the IT and security departments be a critical flaw?

A

other departments may not know about the plan until it is too late
plan may not take into account aspects critical to business ops

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

critical roles filled by snr management in bcp

A

setting priorities, providing staff and financial resources, settling disputes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Resource requirements should be assessed for three phases. Which are they?

A
  1. BCP development - time and staff effort
  2. BCP testing, training, and maintenance
  3. BCP implementation - when disaster strikes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which step of BCP does this describe?

Identify business processes and tasks that are critical to an organization’s viability and threats to those resources

A
  1. Business Impact Analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Quantitative Impact Assessment

A

use numbers and formulas to reach a decision - often expressed in dollar value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Qualitative Impact Analysis

A

uses non-numerical factors that are categorized (high, med, low)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

critical business functions

A

activities that if disrupted would jeopardize the organization’s ability to achieve its goal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

MTD/MTO

A

maximum tolerable downtime/maximum tolerable outage

length of time a business function can tolerate a disruption before suffering irreparable harm

19
Q

RTO

A

Recovery Time Objective

amount of time in which you think you can feasibly recover the function

20
Q

RPO

A

Recovery Point Objective

defines the point in time before the incident where the organization should be able to recover data from a critical business process

how much data the business will loose during an incident

21
Q

two types of risks

A

natural and person-made

22
Q

pandemics are an example of

A

natural risks

23
Q

fires can be examples of both

24
Q

transportation failures are examples of

A

human made risks

25
risk identification is qualitative
true
26
Exposure Factor (EF)
amount of damage the risk poses to an asset, percentage of asset's value
27
Single Loss Expectancy (SLE)
monetary loss expected each time the risk materializes SLE=AV*EF
28
Annualized Loss Expectancy (ALE)
monetary loss the business expects to suffer from a risk during a typical year ALE = SLE x ARO
29
What step of BIA does this describe? prioritize the allocation of business continuity resources to the various risks identified.
resource prioritization (last step)
30
If a risk has loss of life should it be prioritized higher than it's quantitative priority?
Yes
31
Which phase of BCP does this describe? developing and implementing a continuity strategy
Continuity Planning
32
Two subtasks in continuity planning
1. strategy development 2. provisions and processes
33
Continuity of Operations Plan (COOP)
how the business will carry out critical functions beginning shortly after a disruption occurs and extending for up to one month of sustained ops
34
Which part of continuity planning does this describe? determine which risks identified in the BIA will be addressed by the business continuity plan
strategy development
35
Which part of continuity planning does this describe? design the procedures and mechanisms that will mitigate the unacceptable risks
provisions and processes
36
3 categories of assets that much be protected
1. people 2. buildings/facilities 3. infrastructure
37
Two areas that should be addressed for each facility
1. Hardening Provisions 2. Alternate Sites
38
Hardening Provisions
protect existing facilities against identified risks ie fireproof walls
39
2 areas to address for infrastructure
1. Physically Hardening Systems 2. Alternative Systems - redundancy
40
If all IT systems are in the cloud, they do not need to be considered in BCP.
FALSE - the service providers should also have BCPs and contracts should have SLAs that are achievable by the vendor.
41
Essential Components of the written BCP (11)
Continuity Planning Goals Statement of Importance Statement of Priorities Statement of Organizational Responsibility Statement of Urgency and Timing Risk Assessment Risk Acceptance/Mitigation Vital Records Program Emergency Response Guidelines Maintenance Testing/Exercises
42
Statement of Priorities
listing the functions considered critical to business ops in prioritized order
43
vital records program
states where critical business records will be stored and the procedures for making and storing backup copies of those records