Chapter 3

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

What does project scoping and project planning for a BCP entail?

(1) Analysis of the organization with crisis in mind, (2) Approval of senior management, (3) Resource estimation and approval, (4) Legal and regulatory implications for BCP

What are the five steps of the business impact assessment process?

(1) Identification of priorities, (2) Risk Identification, (3) Likelihood assessment, (4) Impact assessment, and (5) Resource prioritization

What are the four steps of the business continuity planning process?

(1) Project scope and planning, (2) Business impact assessment, (3) Continuity planning, and (4) Approval and Implementation. Each task contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency situation.

_____________ represents the number of times a business expects to experience a given disaster each year

Annualized rate of occurrence (ARO)

The most common goal of ______________ is the following: To ensure the continuous operation of the business in the face of an emergency situation

BCP

Who are the necessary members of the business continuity planning team?

BCP team should contain at a minimum, representative from each of the operational and support departments; technical experts from the IT department; physical and IT security personnel with BCP skills; legal representatives familiar with corporate legal, regulatory, and contractual responsibilities; and representatives from senior management.

What types of legal and regulatory requirements face business continuity planners?

Business leaders must exercise due diligence to ensure that shareholders' interests are protected in the event disaster strikes. Some industries are also subject to federal, state, and local regulations that mandate specific BCP procedures. Many businesses have contractual obligations to their clients that must be met before and after a disaster.

Why is fully documenting an organization's business continuity plan important?

Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes. It prevents the "It's in my head" syndrome and ensures the orderly progress of events in an emergency.

What is the difference between disaster recovery and business continuity?

Disaster recovery is more tactical in nature. A disaster recovery plan picks up where a business continuity plan left off.

The officers and directors of publicly traded firms have a fiduciary responsibility to exercise ______________________ in the execution of their business continuity duties

Due diligence

What term is used to describe the responsibility of the firm's officers and directors to ensure that adequate measures are in place to minimize the effect of a disaster on the company's continued viability?

Due diligence

What is the process for developing a continuity strategy?

During the strategy development phase (1), the BCP team determines which risks will be mitigated. In the provisions and processes phase (2), mechanism and procedures that will mitigate the risks are designed. The plan must then be approved by senior management and implemented. Personnel must also receive training on their roles in the BCP process.

___________ is the amount of damage that a risk poses to an asset, expressed as a percentage of the asset's value

Exposure Factor (EF)

The _____________ is the maximum length of time a business function can be inoperable without causing irreparable harm to the business

Maximum tolerable downtime (MTD). Also known as Maximum tolerable outage (MTO). Quantitative measure identified during the business impact analysis. Provides valuable information when you're performing both BCP and DRP planning.

Is a business continuity plan a discretionary expense?

No

BCP team selection is part of which element of business continuity planning (which of four elements)?

Project scoping and planning

In which business continuity planning phase task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team? (1) Provisions and processes, or (2) Resource prioritization

Provisions and processes

In the ________________ phase of continuity planning, the BCP team designs the specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development phase

Provisions and processes Three categories of assets must be protected: buildings/facilities, and infrastructure

______________ is the amount of time in which you think you can feasibly recover the function in the event of a disruption

Recovery time objective (RTO). The goal of the BCP process is to ensure that your RTOs are less than your MTDs.

Setting priorities, providing staff and financial resources, and arbitrating disputes about criticality (i.e. relative importance) of services are roles of ________________ in the BCP process

Senior management

The ____________ is the monetary loss that is expected each time the risk materializes

Single Loss Expectancy (SLE) Asset Value x Exposure Factor = SLE

The ______________ expresses the criticality of implementing the BCP and outlines the implementation timetable decided on by the BCP team and agreed to by upper management

Statement of Urgency and Timing

The ______________________ reflects the criticality of the BCP to the organization's continued viability

Statement of importance

The __________________ comes from a senior-level executive and can be incorporated into the same letter as the statement of importance. It echoes the sentiment that business continuity is everyone's responsibility.

Statement of organizational responsibility

The _____________________ involves listing the functions considered critical to continued business operations in a prioritized order

Statement of priorities

Which task of BCP bridges the gap between the business impact assessment and the continuity planning phases?

Strategy development. It analyzes the prioritized list of risks developed during the BIA and determines which risks will be addressed by the BCP.

How is the business organization analysis performed?

The individuals responsible for leading the BCP process determine which departments and individuals have a stake in the business continuity plan. It is used as the foundation for BCP team selection, and after validation by the BCP team, is used to guide the next stages of BCP development.

True or False: The final step of the BIA (as part of BCP) is to prioritize the allocation of business continuity resources to the various risks identified and assessed in the preceding tasks of the BIA.

True

True or False: The final step of the BCP plan is documentation

True. After obtaining approval from senior management.

A ___________ program states where critical business records will be stored and the procedures for making and storing backup copies of those records

Vital records program Should be included as part of BCP documentation

Should risk acceptance decisions be documented?

Yes


Set pelajaran terkait

EASA ATPL HPL Chapter 6 "Visual Systems"

View Set

Transforming and distorting objects

View Set

Chapter 1 = Chemistry: The Science of Change

View Set

Training and Development: Chapter 8

View Set

Econ 211 vocab and definition review (test 2)

View Set

UNIT 1: GET READY TO USE TECHNOLOGY IN THE CLASSROOM

View Set

Topic 10: Muscular System Gross Anatomy

View Set

Missed Questions - Health Guarantee Exam

View Set

AFI's 100 Greatest Movie Quotes of All Time

View Set

Other Health Insurance Concepts QUIZ

View Set