Domain 7: BCP/DRP pt 2

Question 1

• Business Continuity Planning process
• Formal method for determining how a disruption to IT systems will impact the organization’s requirements, process, and interdependencies with respect to the business mission

Answer 1

Business Impact Analysis (BIA)

Question 2

Describes the total time a system can be inoperable before an organization is severely impacted

Answer 2

Maximum Tolerable Downtime (MTD)

Question 3

What are some alternate terms for the Maximum Tolerable Downtime (MTD)?

Answer 3

Maximum Allowable Downtime
Maximum Tolerable Outage
Maximum Acceptable Outage

Question 4

• Failure and recovery metric

- The amount of data loss or system inaccessibility that an organization can withstand

Answer 4

Recovery Point Objective (RPO)

Question 5

• Failure and recovery metric

- Describes the maximum time allowed to recover an IT system

Answer 5

Recovery Time Objective (RTO)

Question 6

The time required to configure a recovered system

MTD = RTO + ____

Answer 6

Work recovery time (WRT)

Question 7

• Failure and recovery metric

- Describes the length of time a new or repaired system will run before failing

Answer 7

Mean Time between Failures (MTBF)

Question 8

• Failure and recovery metric

- Describes the length of time it will take specific failed system to recover

Answer 8

Mean Time to Repair (MTTR)

Question 9

• Failure and recovery metric

- Describes the minimum environmental and connectivity requirements in order to operate computer equipment

Answer 9

Minimum operating requirements (MOR)

Question 10

• A location that is an exact production duplicate of main IT operation systems
• No loss of availability during a disruption

Answer 10

Redundant Site

Question 11

• Location that contains all equipment and services required by the company
• Organization may relocate to following a major disruption or disaster
• Can be brought up within minutes or hours

Answer 11

Hot Site

Question 12

Location with readily accessible hardware and connectivity, but relies on backup data in order to rebuild a system after a disruption

Answer 12

Warm Site

Question 13

• Location that does not contain backup copies of data or any immediately available hardware
• Could take weeks to get up and running

Answer 13

Cold site

Question 14

• Bidirectional agreement between two organizations

- One company promises another that it can move in and share space if it experiences a disaster

Answer 14

Reciprocal agreements aka Mutual Assistance Agreements (MAAs)

Question 15

Transportable data centers that can be towed, supplied with power and network to be brought online

Answer 15

Mobile site

Question 16

• Procedures for sustaining essential business operations while recovering from significant disruptions
• Addresses business processes; IT addressed bases only on its support for business process

Answer 16

Business Continuity Plan (BCP)

Question 17

• Procedures for recovering business operations immediately following a disaster
• Addresses business processes; not IT focus; IT addressed based only on its support for business process

Answer 17

Business Recovery Plan (BRP)

Question 18

• Procedures and capabilities to sustain an organization’s essential, strategic functions at an alternate site for up to 30 days
• Addresses the subset of organization’s missions that are deemed most critical; usually written at headquarters level; not IT-focused

Answer 18

Continuity of Operations Plan (COOP)

Question 19

• Procedures and capabilities for recovering a major application or general support system
• Addresses IT system disruptions; not business process-related

Answer 19

Continuity of Support Plan/IT Contingency Plan

Question 20

• Procedures for publishing status reports to personnel and public
• Not IT-focused

Answer 20

Crisis Communications Plan

Question 21

Plan to detect, respond to and limit consequences of malicious cyber incidents

Answer 21

Cyber Incident Response Plan

Question 22

• Detailed procedure to facilitate recovery of capabilities at an alternate site
• Often IT-focused; limited to major disruptions with long-term effects

Answer 22

Disaster Recovery Plan

Question 23

• Coordinated procedure for minimizing loss of life or injury and protecting property damage in response to physical threat
• Focuses on personnel and property particularly of a specific facility

Answer 23

Occupant Emergency Plan (OEP)

Question 24

What are the five steps of the Business Impact Analysis (BIA) process?

Answer 24

1. Identification of priorities
2. Risk identification
3. Likelihood assessment
4. Impact assessment
5. Resource prioritization

Question 25

• BCP Business Impact Analysis (BIA) process
• Involves creating a comprehensive list of business processes and ranking them in order or importance
• Metrics: asset value (AV), maximum tolerable downtime (MTD), recovery time objective (RTO)

Answer 25

Identification of priorities

Question 26

• BCP Business Impact Analysis (BIA) process

- Natural and man-made threats posed to your organization

Answer 26

Risk identification

Question 27

• BCP Business Impact Analysis (BIA) process

- Determines probability of a risk occurring

Answer 27

Likelihood assessment

Question 28

• BCP Business Impact Analysis (BIA) process
• Determine the effect each of the identified risks would have on the business if it were to occur
• Metrics: exposure factor (EF), single loss expectancy (SLE), annualized loss expectancy (ALE)

Answer 28

Impact assessment

Question 29

• BCP Business Impact Analysis (BIA) process

- Here we allocate resources to the various risks we’ve already identified and assessed

Answer 29

Resource prioritization

Question 30

• Company that owns large server farms and fields of workstations, it leases this computer time
• Can support all IT needs in the event of a disaster even desktops
• Tend to oversell their capacity by betting all their contracts will not be excised at the same time
• Potential for resource contention in the event of a major disaster

Answer 30

Service bureaus