Chapter 3: Business Continuity Planning Flashcards
What are the 4 main steps of BCP?
Project Scope Planning
Business Impact Anlaysis
Continuity Planning
Approval and Implementation
What is BCP (business continuity planning)?
involves assessing the risks to organizational processes and creating policies, plans, and procedures to minimize the impact those risks might have on the organization if they were to occur
What is the most significant resource consumed by the BCP process?
Personnel
What does BIA (business impact analysis) help identify?
business processes and tasks that are critical to an organization’s ongoing viability and the threats posed to those resources
Quantitative impact assessment involves the use of _____ to reach a decision. This type of data often expresses options in terms of the dollar value to the business
numbers
Qualitative impact assessment takes ______ factors, such as reputation, investor/customer confidence, workforce stability, and other concerns, into account. This type of data often results in categories of prioritization (such as high, medium, and low).
non-numerical
True or False?
When selecting the individual members of the BCP team, try to achieve a balance between people who prefer each strategy.
True
What is MTD (max tolerable downtown)?
the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.
What is the RTO (recovery time objective)?
the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.
True or False
Ensure that your MTDs are less than your RTOs, resulting in a situation in which a function should never be unavailable beyond the maximum tolerable downtime.
What is RPO (recovery point objective)?
the data loss equivalent to the time-focused RTO. The RPO defines the point in time before the incident where the organization should be able to recover data from a critical business process.
What type of risks is the following list:
Violent storms/hurricanes/tornadoes/blizzards Lightning strikes Earthquakes Mudslides/avalanches Volcanic eruptions Pandemics
Natural
What type of risks is the following list:
Terrorist acts/wars/civil unrest Theft/vandalism Fires/explosions Prolonged power outages Building collapses Transportation failures Internet disruptions Service provider outages Economic crises
Person-made
What is ARO (annualized rate of occurrence)?
the number of times a business expects to experience a given disaster each year.
The amount of damage that the risk poses to the asset, expressed as a percentage of the asset’s value
Exposure factor (EF)