Chapter 3: Business Continuity Planning Flashcards

1
Q

What are the 4 main steps of BCP?

A

Project Scope Planning
Business Impact Anlaysis
Continuity Planning
Approval and Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is BCP (business continuity planning)?

A

involves assessing the risks to organizational processes and creating policies, plans, and procedures to minimize the impact those risks might have on the organization if they were to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the most significant resource consumed by the BCP process?

A

Personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does BIA (business impact analysis) help identify?

A

business processes and tasks that are critical to an organization’s ongoing viability and the threats posed to those resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Quantitative impact assessment involves the use of _____ to reach a decision. This type of data often expresses options in terms of the dollar value to the business

A

numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Qualitative impact assessment takes ______ factors, such as reputation, investor/customer confidence, workforce stability, and other concerns, into account. This type of data often results in categories of prioritization (such as high, medium, and low).

A

non-numerical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or False?

When selecting the individual members of the BCP team, try to achieve a balance between people who prefer each strategy.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is MTD (max tolerable downtown)?

A

the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the RTO (recovery time objective)?

A

the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True or False

A

Ensure that your MTDs are less than your RTOs, resulting in a situation in which a function should never be unavailable beyond the maximum tolerable downtime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is RPO (recovery point objective)?

A

the data loss equivalent to the time-focused RTO. The RPO defines the point in time before the incident where the organization should be able to recover data from a critical business process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What type of risks is the following list:

Violent storms/hurricanes/tornadoes/blizzards
Lightning strikes
Earthquakes
Mudslides/avalanches
Volcanic eruptions
Pandemics
A

Natural

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of risks is the following list:

Terrorist acts/wars/civil unrest
Theft/vandalism
Fires/explosions
Prolonged power outages
Building collapses
Transportation failures
Internet disruptions
Service provider outages
Economic crises
A

Person-made

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is ARO (annualized rate of occurrence)?

A

the number of times a business expects to experience a given disaster each year.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The amount of damage that the risk poses to the asset, expressed as a percentage of the asset’s value

A

Exposure factor (EF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The monetary loss expected each time the risk materializes

A

Single loss expectancy (SLE)

17
Q

What is the formula for SLE (single loss expectancy)?

A

SLE = AV x EF

18
Q

A building is worth $500,000. If a fire were to occur, it would destroy 70% of the building. What is the SLE?

A

$350,000

19
Q

The monetary loss that the business expects to suffer as a result of the risk harming the asset during a typical year.

A

Annualized loss expectancy (ALE)

20
Q

What is the formula for annualized loss expectancy (ALE)?

A

ALE = SLE x ARO

21
Q

Fire experts predict that a fire will occur in the building approximately once every 30 years. The SLE is $350,000. What is the ALE?

A

$10,500

22
Q

This phase of BCP (business continuity planning) focuses on developing and implementing a continuity strategy to minimize the impact realized risks might have on protected assets.

A

Continuity Planning

23
Q

This plan focuses on how an organization will carry out critical business functions beginning shortly after a disruption occurs and extending for up to one month of sustained operations.

A

Continuity of operations plan (COOP)

24
Q

What are the 3 categories that must be protected by BCP provisions and processes?

A

People, buildings/facilities, and infrastructure

25
Q

In this task, the BCP team designs the specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development stage.

A

Provisions and Processes phase

26
Q

True or False

Documentation is a critical step in the business continuity planning process.

A

True

27
Q

This document commonly takes the form of a letter to the organization’s employees, stating the reason that the organization devoted significant resources to the BCP development process and requesting the cooperation of all personnel in the BCP implementation phase.

A

Statement of importance

28
Q

Listing the functions considered critical to continued business operations in a prioritized order.

A

Statement of priorities

29
Q

This statement echoes the sentiment that “business continuity is everyone’s responsibility!”

A

Statement of organizational responsibility

30
Q

Common goal of BCP is?

A

To ensure the continuous operation of the business in the face of an emergency.

31
Q

This statement expresses the criticality of implementing the BCP and outlines the implementation timetable decided on by the BCP team and agreed to by upper management.

A

Statement of urgency and timing

32
Q

True or False

The BCP is a living document

A

True

33
Q

List the necessary members of the business continuity planning team

A

The BCP team should contain, at a minimum, representatives from each of the operational and support departments; technical experts from the IT department; physical and IT security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.

34
Q

What are the 5 steps of BIA?

A

The identification of priorities, risk identification, likelihood assessment, impact analysis, and resource prioritization.