Chapter 3: Business Continuity Planning Flashcards
What are the 4 main steps of BCP?
Project Scope Planning
Business Impact Anlaysis
Continuity Planning
Approval and Implementation
What is BCP (business continuity planning)?
involves assessing the risks to organizational processes and creating policies, plans, and procedures to minimize the impact those risks might have on the organization if they were to occur
What is the most significant resource consumed by the BCP process?
Personnel
What does BIA (business impact analysis) help identify?
business processes and tasks that are critical to an organization’s ongoing viability and the threats posed to those resources
Quantitative impact assessment involves the use of _____ to reach a decision. This type of data often expresses options in terms of the dollar value to the business
numbers
Qualitative impact assessment takes ______ factors, such as reputation, investor/customer confidence, workforce stability, and other concerns, into account. This type of data often results in categories of prioritization (such as high, medium, and low).
non-numerical
True or False?
When selecting the individual members of the BCP team, try to achieve a balance between people who prefer each strategy.
True
What is MTD (max tolerable downtown)?
the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.
What is the RTO (recovery time objective)?
the maximum length of time a business function can tolerate a disruption before suffering irreparable harm.
True or False
Ensure that your MTDs are less than your RTOs, resulting in a situation in which a function should never be unavailable beyond the maximum tolerable downtime.
What is RPO (recovery point objective)?
the data loss equivalent to the time-focused RTO. The RPO defines the point in time before the incident where the organization should be able to recover data from a critical business process.
What type of risks is the following list:
Violent storms/hurricanes/tornadoes/blizzards Lightning strikes Earthquakes Mudslides/avalanches Volcanic eruptions Pandemics
Natural
What type of risks is the following list:
Terrorist acts/wars/civil unrest Theft/vandalism Fires/explosions Prolonged power outages Building collapses Transportation failures Internet disruptions Service provider outages Economic crises
Person-made
What is ARO (annualized rate of occurrence)?
the number of times a business expects to experience a given disaster each year.
The amount of damage that the risk poses to the asset, expressed as a percentage of the asset’s value
Exposure factor (EF)
The monetary loss expected each time the risk materializes
Single loss expectancy (SLE)
What is the formula for SLE (single loss expectancy)?
SLE = AV x EF
A building is worth $500,000. If a fire were to occur, it would destroy 70% of the building. What is the SLE?
$350,000
The monetary loss that the business expects to suffer as a result of the risk harming the asset during a typical year.
Annualized loss expectancy (ALE)
What is the formula for annualized loss expectancy (ALE)?
ALE = SLE x ARO
Fire experts predict that a fire will occur in the building approximately once every 30 years. The SLE is $350,000. What is the ALE?
$10,500
This phase of BCP (business continuity planning) focuses on developing and implementing a continuity strategy to minimize the impact realized risks might have on protected assets.
Continuity Planning
This plan focuses on how an organization will carry out critical business functions beginning shortly after a disruption occurs and extending for up to one month of sustained operations.
Continuity of operations plan (COOP)
What are the 3 categories that must be protected by BCP provisions and processes?
People, buildings/facilities, and infrastructure
In this task, the BCP team designs the specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development stage.
Provisions and Processes phase
True or False
Documentation is a critical step in the business continuity planning process.
True
This document commonly takes the form of a letter to the organization’s employees, stating the reason that the organization devoted significant resources to the BCP development process and requesting the cooperation of all personnel in the BCP implementation phase.
Statement of importance
Listing the functions considered critical to continued business operations in a prioritized order.
Statement of priorities
This statement echoes the sentiment that “business continuity is everyone’s responsibility!”
Statement of organizational responsibility
Common goal of BCP is?
To ensure the continuous operation of the business in the face of an emergency.
This statement expresses the criticality of implementing the BCP and outlines the implementation timetable decided on by the BCP team and agreed to by upper management.
Statement of urgency and timing
True or False
The BCP is a living document
True
List the necessary members of the business continuity planning team
The BCP team should contain, at a minimum, representatives from each of the operational and support departments; technical experts from the IT department; physical and IT security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.
What are the 5 steps of BIA?
The identification of priorities, risk identification, likelihood assessment, impact analysis, and resource prioritization.
