Chapter 3: Business Continuity Planning

Question 1

What are the 4 main steps of BCP?

Answer 1

Project Scope Planning
Business Impact Anlaysis
Continuity Planning
Approval and Implementation

Question 2

What is BCP (business continuity planning)?

Answer 2

involves assessing the risks to organizational processes and creating policies, plans, and procedures to minimize the impact those risks might have on the organization if they were to occur

Question 3

What is the most significant resource consumed by the BCP process?

Answer 3

Personnel

Question 4

What does BIA (business impact analysis) help identify?

Answer 4

business processes and tasks that are critical to an organization’s ongoing viability and the threats posed to those resources

Question 5

Quantitative impact assessment involves the use of _____ to reach a decision. This type of data often expresses options in terms of the dollar value to the business

Answer 5

numbers

Question 6

Qualitative impact assessment takes ______ factors, such as reputation, investor/customer confidence, workforce stability, and other concerns, into account. This type of data often results in categories of prioritization (such as high, medium, and low).

Answer 6

non-numerical

Question 7

True or False?

When selecting the individual members of the BCP team, try to achieve a balance between people who prefer each strategy.

Answer 7

True

Question 8

What is MTD (max tolerable downtown)?

Answer 8

the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.

Question 9

What is the RTO (recovery time objective)?

Answer 9

the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.

Question 10

True or False

Answer 10

Ensure that your MTDs are less than your RTOs, resulting in a situation in which a function should never be unavailable beyond the maximum tolerable downtime.

Question 11

What is RPO (recovery point objective)?

Answer 11

the data loss equivalent to the time-focused RTO. The RPO defines the point in time before the incident where the organization should be able to recover data from a critical business process.

Question 12

What type of risks is the following list:

Violent storms/hurricanes/tornadoes/blizzards
Lightning strikes
Earthquakes
Mudslides/avalanches
Volcanic eruptions
Pandemics

Answer 12

Natural

Question 13

What type of risks is the following list:

Terrorist acts/wars/civil unrest
Theft/vandalism
Fires/explosions
Prolonged power outages
Building collapses
Transportation failures
Internet disruptions
Service provider outages
Economic crises

Answer 13

Person-made

Question 14

What is ARO (annualized rate of occurrence)?

Answer 14

the number of times a business expects to experience a given disaster each year.

Question 15

The amount of damage that the risk poses to the asset, expressed as a percentage of the asset’s value

Answer 15

Exposure factor (EF)

Question 16

The monetary loss expected each time the risk materializes

Answer 16

Single loss expectancy (SLE)

Question 17

What is the formula for SLE (single loss expectancy)?

Answer 17

SLE = AV x EF

Question 18

A building is worth $500,000. If a fire were to occur, it would destroy 70% of the building. What is the SLE?

Answer 18

$350,000

Question 19

The monetary loss that the business expects to suffer as a result of the risk harming the asset during a typical year.

Answer 19

Annualized loss expectancy (ALE)

Question 20

What is the formula for annualized loss expectancy (ALE)?

Answer 20

ALE = SLE x ARO

Question 21

Fire experts predict that a fire will occur in the building approximately once every 30 years. The SLE is $350,000. What is the ALE?

Answer 21

$10,500

Question 22

This phase of BCP (business continuity planning) focuses on developing and implementing a continuity strategy to minimize the impact realized risks might have on protected assets.

Answer 22

Continuity Planning

Question 23

This plan focuses on how an organization will carry out critical business functions beginning shortly after a disruption occurs and extending for up to one month of sustained operations.

Answer 23

Continuity of operations plan (COOP)

Question 24

What are the 3 categories that must be protected by BCP provisions and processes?

Answer 24

People, buildings/facilities, and infrastructure

Question 25

In this task, the BCP team designs the specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development stage.

Answer 25

Provisions and Processes phase

Question 26

True or False

Documentation is a critical step in the business continuity planning process.

Answer 26

True

Question 27

This document commonly takes the form of a letter to the organization’s employees, stating the reason that the organization devoted significant resources to the BCP development process and requesting the cooperation of all personnel in the BCP implementation phase.

Answer 27

Statement of importance

Question 28

Listing the functions considered critical to continued business operations in a prioritized order.

Answer 28

Statement of priorities

Question 29

This statement echoes the sentiment that “business continuity is everyone’s responsibility!”

Answer 29

Statement of organizational responsibility

Question 30

Common goal of BCP is?

Answer 30

To ensure the continuous operation of the business in the face of an emergency.

Question 31

This statement expresses the criticality of implementing the BCP and outlines the implementation timetable decided on by the BCP team and agreed to by upper management.

Answer 31

Statement of urgency and timing

Question 32

True or False

The BCP is a living document

Answer 32

True

Question 33

List the necessary members of the business continuity planning team

Answer 33

The BCP team should contain, at a minimum, representatives from each of the operational and support departments; technical experts from the IT department; physical and IT security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.

Question 34

What are the 5 steps of BIA?

Answer 34

The identification of priorities, risk identification, likelihood assessment, impact analysis, and resource prioritization.