Ch 11 Key Terms
Business Continuity Plan (BCP)
A business continuity plan contains the actions needed to keep critical business processes running after a disruption. Disruptions can be minor, such as weather damage that makes an organization's building unusable. Part of the Business Continuity Management (BCM)
Business impact analysis (BIA)
A BIA is an analysis of CBFs (Critical business function) to determine what kinds of events could interrupt normal operation. Should not limit the focus of the BIA to the information systems department and infrastructure; a business with a supply-chain disruption could easily suffer a major impact that has nothing to do with technology at all.
Checklist test
A simple review of the plan by managers and the business continuity team to make sure that contact numbers are current and the plan reflects the company's priorities and structure. this kind of check is a desk check, which means that individual team members check their portion of the plan while sitting at their desks. As well as checking their contact lists, team members review whether changes in their departments affect the plan.
Critical business function (CBF)
A starting point in planning for interruptions is to define each business function that is critical to an organization staying in business. if any critical business function fails, normal operation ceases. Therefore, and organization's primary objective is to protect is CBFs.
Maximum tolerable downtime (MTD)
Is the most time a business can survive without a specific CBF. A major disruption is any event that makes a CBF unavailable for longer than its MTD. Each of the disaster-planning and mitigation solutions must be able to recover CBFs within their MTDs. Systems and functions with the shortest MTD are often the most critical.
Parallel test
Most organizations conduct parallel tests at an alternate site. it the same as a full-interruption test except that processing does not stop at the primary site. Key points: *A parallel test is an operational test, so ti will not include representatives from, for example, human resources, public relations, purchasing, and facilities. *Because a parallel test means activating an alternate site, it will likely cost a significant amount of money. Therefore, the test must have senior management approval. *Compare the results of the test wit the processing at the original site. *A gap analysis exposes any weaknesses or underperformance that requires attention. *Usually, auditors are involved at every step to monitor the success and to make sure the parallel-run data is not mixed into the normal operational data.
Incident response team (IRT)
The IRT will have the training and documentation necessary to respond to incidents as they occur.
Fault tolerance
The ability to encounter a fault, or error, of some type and still support critical operations.
Simulation test
a paper exercise. It requires more planning than a walk-through. All the members of the staff involved in the operations/procedures participate in the test. The test identifies: *Staff reaction and response times *Inefficiencies or previous unidentified vulnerabilities
Structured walk-through test
a tabletop exercise. During this test, a team of representatives from each department should do the following; * Present their portion of the plan to the other teams *Review the goals of the plan for completeness and correctness *Affirm the scope of the plan as well as any assumptions made *look for overlaps and gaps *Review the structure of the organization as well as the reporting/communications structure *Evaluate the testing, maintenance, and training requirements * Conduct a number of scenario-based exercises to evaluate the plan's effectiveness *Meet to step through the plan together in a structured manner
Disaster recovery plan (DRP)
A disaster recovery plan (DRP) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations. Part of Business Continuity Management (BCM)
Disruption
A sudden unplanned event. it upsets an organization's ability to provide critical business functions and causes great damage or loss. Examples of major disruptions include: *Extreme weather *Criminal activity * Civil unrest/terrorist acts *Operational *Application failure *Pandemic
