Contingency Planning

Question 1

This type of plan focuses on sustaining an organization’s mission/ business processes during and after disruption

Answer 1

BUSINESS CONTINUITY PLAN (BCP)

Question 2

This plan focuses on restoring an organization’s mission essential functions (MEF) at an alternate site for up to 30 days

Answer 2

CONTINUITY OF OPERATIONS (COOP) PLAN

Question 3

The documentation of standard procedures for internal and external communications in the event of a disruption

Answer 3

CRISIS COMMUNICATIONS PLAN

Question 4

Designed to mitigate the risk of system and service unavailability and provide solutions to enhance system availability

Answer 4

CONTINGENCY PLANNING

Question 5

This document provides guidelines on determining information system impact to organizational operations and assets

Answer 5

FIPS 199

Question 6

What are the 3 security objectives?

Answer 6

• CONFIDENTIALITY
• INTEGRITY
• AVAILIBILITY

Question 7

This type of planning applies to the mission/business itself; it concerns the ability to continue critical functions after an emergency event

Answer 7

CONTINUITY PLANNING

Question 8

This type of planning applies to information systems, and provides the steps needed to recover the operation of all or part of designated information systems

Answer 8

CONTINGENCY PLANNING

Question 9

A set of policies and procedures that serve to protect and recover assets and mitigate risks and vulnerabilities

Answer 9

CRITICAL INFRASTRUCTURE PLAN (CIP)

Question 10

This plan establishes procedures to address cyber-attacks against an organization’s information system(s)

Answer 10

CYBER INCIDENT RESPONSE PLAN

Question 11

This plan applies to major (usually physical) disruptions to service that deny access to primary facility infrastructure for an extended period

Answer 11

DISASTER RECOVERY PLAN (DRP)

Question 12

This plan provides established procedures for the assessment and recovery of a system following a system disruption

Answer 12

INFORMATION SYSTEM CONTINGENCY PLAN (ISCP)

Question 13

This plan outlines first-response procedures for occupants of a facility in the event of a threat or incident to the health and safety or personnel, property, and the environment

Answer 13

OCCUPANT EMERGENCY PLAN (OEP)

Question 14

Step 1 in ISCP planning

Answer 14

Develop the contingency planning policy

Question 15

Step 2 in ISCP planning

Answer 15

Conduct the business impact analysis (BIA)

Question 16

Step 3 in ISCP planning

Answer 16

Identify preventive controls

Question 17

Step 4 in ISCP planning

Answer 17

Create contingency strategies

Question 18

Step 5 in ISCP planning

Answer 18

Develop an information system contingency plan

Question 19

Step 6 in ISCP planning

Answer 19

Ensure plan testing, training, and exercises

Question 20

Step 7 in ISCP planning

Answer 20

Ensure plan maintenance

Question 21

Represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations

Answer 21

MAXIMUM TOLERABLE DOWNTIME (MTD)

Question 22

Defines the maximum amount of time a system resource can remain unavailable before an there is an unacceptable impact on other resources

Answer 22

RECOVERY TIME OBJECTIVE (RTO)

Question 23

Represents the point in time, prior to a disruption or outage, to which mission/business process data can be recovered. Unlike the RTO, this is not considered part of the MTD

Answer 23

RECOVERY POINT OBJECTIVE (RPO)

Question 24

COOP functions must be sustained within ___ hours and for up to ___ days from an alternate site

Answer 24

12 and 30

Question 25

Types of Alternate Sites

Answer 25

• Cold
• Warm
• Hot
• Mobile
• Mirrored

Question 26

Facilities with adequate space and infrastructure (power, connections, environmental controls) to support information system recovery activities

Answer 26

COLD SITES

Question 27

Partially equipped office spaces that contain some or all of the system hardware, software, telecom, and power sources

Answer 27

WARM SITES

Question 28

Facilities appropriately sized to support system requirements and configured with the necessary system hardware, supporting infrastructure, and support personnel.

Answer 28

HOT SITES

Question 29

Self-contained, transportable shells custom-fitted with specific telecommunications and system equipment necessary to meet system requirements

Answer 29

MOBILE SITES

Question 30

Fully redundant facilities with automated real-time information mirroring; identical to the primary site in all technical respects

Answer 30

MIRRORED SITES

Question 31

What are the 3 classifications of threats?

Answer 31

• Natural
• Human
• Environmental

Question 32

The ________________ ( ) focuses on restoring an organization’s essential functions at an alternate site and performing those functions up to ___ days before returning to normal ops.

Answer 32

Continuity of Operations Plan (COOP) / 30

Question 33

This provides detailed procedures to facilitate recovery of capabilities at an alternate site when major disruptions will have a long term affect.

Answer 33

Disaster Recovery Plan (DRP)

Question 34

This enables the Contingency Planning Coordinator to fully characterize the system requirements, processes, and interdependencies and use this information to determine contingency planning requirements and priorities.

Answer 34

Business Impact Analysis (BIA)

Question 35

Which type of agreement allows two organizations to backup each other?

Answer 35

Reciprocal Agreement

Question 36

What is the first step to take before writing an IT contingency plan?

Answer 36

Develop a planning policy statement supported by senior management (i.e. Chief Information Officer)

Question 37

How often should my IT Contingency Plan be tested?

Answer 37

At least annually, and when significant changes are made to the IT system, supported business process(s), or the IT Contingency Plan

Question 38

How often should my Contingency Plan be updated?

Answer 38

• It should be reviewed annually for accuracy and completeness
• Upon significant changes to any element of the plan, system, processes, or recovery resources

Question 39

What COMDINST covers Command Incident Response?

Answer 39

COMDINST 3120.15