Disaster Recovery and Business Continuity Planning Flashcards
BCP Process
- Project scope and planning
- Business impact analysis
- Continuity planning
- Approval and implementation
Quantitative Decision Making
Involves the use of numbers and formulas to reach a decision.
Qualitative Decision Making
Takes non-numerical factors, such as emotions, investor/customer confidence, workforce stability, and other concerns into account. This often results in categories of prioritization (such as high, medium, and low).
Annualized Rate of Occurrence
The number of times a business expects to experience a given disaster a year.
Business Impact Assessment Process
- Identification of priorities
- Risk Identification
- Likelihood Assessment
- Impact Assessment
- Resource Prioritization
Maximum Tolerable Downtime (MTD)
The maximum length of time a business function can be inoperable without causing irreparable harm to the business.
Recovery Time Objective (RTO)
The amount of time in which you think you can feasibly recover the business function in the event of disruption.
Single Loss Expectancy (SLE) – Definition
The monetary loss that is expected each time the risk materializes.
Single Loss Expectancy (SLE) – Formula
SLE = Asset Value (AV) X Exposure Factor (EF)
Exposure Factor (EF) – Definition
The amount of damage that the risk poses to the asset, expressed as a percentage of the asset’s value.
Annualized Loss Expectancy (ALE) – Definition
The monetary loss that the business expects to occur as a result of the risk harming the asset over the course of a year.
Annualized Loss Expectancy (ALE) – Formula
ALE = Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ALE)
Necessary Members of the Business Continuity Planning Team
- Representatives from each of the operational and support departments.
- Technical experts from the IT department.
- Security personnel with BCP skills.
- Legal representatives familiar with corporate legal, regulatory, and contractual responsibilities.
- Representatives from senior management.
