Upgrade to remove ads Show Only ₩37,125/year
Review terms and definitions
Focus your studying with a path
Take a practice test
Get faster at matching terms Terms in this set (61)B. The business organization analysis helps the initial planners select appropriate BCP team members and then guides the overall BCP process. What is the first step that individuals responsible for the development of a business continuity plan should perform? A. BCP team selection B. The first task of the BCP team should be the review and validation of the business organization analysis initially performed by those individuals responsible for spearheading the BCP effort. This ensures that the initial effort, undertaken by a small group of individuals, reflects the beliefs of the entire BCP team. Once the BCP team is selected, what should be the first item placed on the team's agenda? A. Business impact assessment C. A firm's officers and directors are legally bound to exercise due diligence in conducting their activities. This concept creates a fiduciary responsibility on their part to ensure that adequate business continuity plans are in place. What is the term used to describe the responsibility of a firm's officers and directors to ensure that adequate measures are in place to minimize the effect of a disaster on the organization's continued viability? A. Corporate responsibility D. During the planning phase, the most significant resource utilization will be the time dedicated by members of the BCP team to the planning process. This represents a significant use of business resources and is another reason that buy-in from senior management is essential. What will be the major resource consumed by the BCP process during the BCP phase? A. Hardware A. The quantitative portion of the priority identification should assign asset values in monetary units. What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the business impact assessment? A. Monetary C. The annualized loss expectancy (ALE) represents the amount of money a business expects to lose to a given risk each year. This figure is quite useful when performing a quantitative prioritization of business continuity resource allocation. Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year? A. ARO C. The maximum tolerable downtime (MTD) represents the longest period a business function can be unavailable before causing irreparable harm to the business. This figure is useful when determining the level of business continuity resources to assign to a particular function. What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization? A. SLE B. The SLE is the product of the AV and the EF. From the scenario, you know that the AV is $3,000,000 and the EF is 90 percent, based on the fact that the same land can be used to rebuild the facility. This yields an SLE of $2,700,000. You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches? A. $3,000,000 D. This problem requires you to compute the ALE, which is the product of the SLE and the ARO. From the scenario, you know that the ARO is 0.05 (or 5 percent). From question 8, you know that the SLE is $2,700,000. This yields an SLE of $135,000. Referring to the scenario in question 8, what is the annualized loss expectancy? A. $3,000,000 A. This problem requires you to compute the ALE, which is the product of the SLE and ARO. From the scenario, you know that the ARO is 0.10 (or 10 percent). From the scenario presented, you know that the SLE is $7.5 million. This yields an SLE of $750,000. You are concerned about the risk that a hurricane poses to your corporate headquarters in South Florida. The building itself is valued at $15 million. After consulting with the National Weather Service, you determine that there is a 10 percent likelihood that a hurricane will strike over the course of a year. You hired a team of architects and engineers who determined that the average hurricane would destroy approximately 50 percent of the building. What is the annualized loss expectancy (ALE)? A. $750,000 C. The strategy development task bridges the gap between business impact assessment and continuity planning by analyzing the prioritized list of risks developed during the BIA and determining which risks will be addressed by the BCP. Which task of BCP bridges the gap between the business impact assessment and the continuity planning phases? A. Resource prioritization D. The safety of human life must always be the paramount concern in business continuity planning. Be sure that your plan reflects this priority, especially in the written documentation that is disseminated to your organization's employees! Which resource should you protect first when designing continuity plan provisions and processes? A. Physical plant C. It is difficult to put a dollar figure on the business lost because of negative publicity. Therefore, this type of concern is better evaluated through a qualitative analysis. Which one of the following concerns is not suitable for quantitative measurement during the business impact assessment? A. Loss of a plant B. The single loss expectancy (SLE) is the amount of damage that would be caused by a single occurrence of the risk. In this case, the SLE is $10 million, the expected damage from one tornado. The fact that a tornado occurs only once every 100 years is not reflected in the SLE but would be reflected in the annualized loss expectancy (ALE). Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years. What is the single loss expectancy for this scenario? A. 0.01 C. The annualized loss expectancy (ALE) is computed by taking the product of the single loss expectancy (SLE), which was $10 million in this scenario, and the annualized rate of occurrence (ARO), which was 0.01 in this example. These figures yield an ALE of $100,000. Referring to the scenario in question 14, what is the annualized loss expectancy? A. 0.01 C. In the provisions and processes phase, the BCP team actually designs the procedures and mechanisms to mitigate risks that were deemed unacceptable during the strategy development phase. In which business continuity planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team? A. Strategy development D. This is an example of alternative systems. Redundant communications circuits provide backup links that may be used when the primary circuits are unavailable. What type of mitigation provision is utilized when redundant communications links are installed? A. Hardening systems C. Disaster recovery plans pick up where business continuity plans leave off. After a disaster strikes and the business is interrupted, the disaster recovery plan guides response teams in their efforts to quickly restore business operations to normal levels. What type of plan addresses the technical controls associated with alternate processing facilities, backups, and fault tolerance? A. Business continuity plan A. The single loss expectancy (SLE) is computed as the product of the asset value (AV) and the exposure factor (EF). The other formulas displayed here do not accurately reflect this calculation. What is the formula used to compute the single loss expectancy for a risk scenario? A. SLE = AV × EF C. You should strive to have the highest-ranking person possible sign the BCP's statement of importance. Of the choices given, the chief executive officer is the highest ranking. Of the individuals listed, who would provide the best endorsement for a business continuity plan's statement of importance? A. Vice
president of business operations Business Continuity Planning These activities are typically strategically focused at a high level and center themselves on business processes and operations. Disaster Recovery Plan These tend to be more tactical in nature and describe technical activities such as recovery sites, backups, and fault tolerance. 1. Project scope and planning The four main elements to the Business Continuity Planning Process: people The top priority of BCP and DRP is always _________. analysis One of the first responsibilities of the individuals responsible for business continuity planning is to perform a(n) ___________ of the business organization to identify all departments and individuals who have a stake in the BCP process. 1. BCP Development The three distinct BCP phases: Business Impact Analysis (BIA) This identifies the resources that are critical to an organization's ongoing viability and the threats posed to those resources. It also assesses the likelihood that each threat will actually occur and the impact those occurrences will have on the business. Quantitative This type of decision-making involves the use of numbers and formulas to reach a decision. This type of data often expresses options in terms of the dollar value to the business. Qualitative This type of decision-making takes non-numerical factors, such as reputation, investor/customer confidence, workforce stability, and other concerns, into account. This type of data often results in categories of prioritization (such as high, medium, and low). Priority Identification Task or Criticality Prioritization This involves creating a comprehensive list of business processes and ranking them in order of importance. Although this task may seem somewhat daunting, it's not as hard as it seems. Identifying business priorities What is the first BIA task facing the BCP Team? Maximum Tolerable Downtime (MTD) The second quantitative measure that the team must develop is what? Maximum Tolerable Downtime (MTD) This is the maximum length of time a business function can be inoperable without causing irreparable harm to the business. It provides valuable information when you're performing both BCP and DRP planning. Recovery Time Objective (RTO) This is the amount of time in which you think you can feasibly recover the function in the event of a disruption. Risk Identification Third phase of the BIA is what? Natural
Risks What are the two forms of risk? Qualitative Is the risk identification portion of the process quantitative or qualitative in nature? likelihood The fourth phase of the BIA process. Annualized Rate of Occurrence (ARO) This reflects the number of times a business expects to experience a given disaster each year. Exposure Factor (EF) This is the amount of damage that the risk poses to the asset, expressed as a percentage of the asset's value. Single Loss Expectancy (SLE) This is the monetary loss that is expected each time the risk materializes. SLE = AV (Asset Value) x EF (Exposure Factor) What is the formula for Single Loss Expectancy (SLE)? Annualized Loss Expectancy (ALE) This is the monetary loss that the business expects to occur as a result of the risk harming the asset over the course of a year. ALE = SLE x ARO What is the formula for Annualized Loss Expectancy (ALE)? Prioritize the allocation of business continuity resources The final phase of the BIA is what? Continuity Planning This phase of the BCP focuses on developing and implementing a continuity strategy to minimize the impact realized risks might have on protected assets. 1. Strategy Development What are the five sub-tasks involved in continuity planning? Strategy Development This phase bridges the gap between the business impact assessment and the continuity planning phases of BCP development. Provisions and Processes In this task, the BCP team designs the specific procedures and mechanisms that will mitigate the risks deemed unacceptable during the strategy development stage. 1. People What are the three categories of assets that must be protected through BCP provisions and processes? Senior Management Endorsement What's the next step of the BCP process after completing the design phase? Statement of Importance This document reflects the criticality of the BCP to the organization's continued viability. This document commonly takes the form of a letter to the organization's employees stating the reason that the organization devoted significant resources to the BCP development process and requesting the cooperation of all personnel in the BCP implementation phase. Continuity Planning Goals This plan should describe the goals of continuity planning as set forth by the BCP team and senior management. These goals should be decided on at or before the first BCP team meeting and will most likely remain unchanged throughout the life of the BCP. Statement of Priorities This flows directly from the identify priorities phase of the business impact assessment. It simply involves listing the functions considered critical to continued business operations in a prioritized order. Statement of Organizational Responsibility This also comes from a senior-level executive and can be incorporated into the same letter as the statement of importance. It basically echoes the sentiment that "business continuity is everyone's responsibility!" This restates the organization's commitment to business continuity planning and informs employees, vendors, and affiliates that they are individually expected to do everything they can to assist with the BCP process. Statement of Urgency and Timing This expresses the criticality of implementing the BCP and outlines the implementation timetable decided on by the BCP team and agreed to by upper management. Risk Assessment This portion of the BCP documentation essentially recaps the decision-making process undertaken during the business impact assessment. It should include a discussion of all the risks considered during the BIA as well as the quantitative and qualitative analyses performed to assess these risks Risk Acceptance/Mitigation This section of the BCP documentation contains the outcome of the strategy development portion of the BCP process. It should cover each risk identified in the risk analysis portion of the document and outline one of two thought processes. Vital Records Program This document states where critical business records will be stored and the procedures for making and storing backup copies of those records. Emergency-Response Guidelines This outlines the organizational and individual responsibilities for immediate response to an emergency situation. This document provides the first employees to detect an emergency with the steps they should take to activate provisions of the BCP that do not automatically activate. True T or F: It is a good practice to include BCP components in job descriptions to ensure the BCP remains fresh and is performed correctly. Sets with similar termsChapter 320 terms therealestever_3 Chap 3 Questions9 terms wnan42 Ch 3: Planning for Contingencies10 terms anb201 CISA Questions 201 - 300100 terms Brandon_Wanlass Sets found in the same folderCh. 6- Cryptography and Symmetric Key Algorithms20 terms emitc68 Ch. 7- PKI and Cryptographic Applications20 terms emitc68 CISSP Chapter 1 Review Questions78 terms wsabatierPLUS Ch. 8- Principles of Security Models, Design, and…20 terms emitc68 Other sets by this creatorCH 8 and 428 terms emitc68 CH 2 and 718 terms emitc68 Ch. 281 terms emitc68 CH. 1120 terms emitc68 Other Quizlet setsexam 3 study guide55 terms mollyelizabeth0603 Health 100: Chapters 1-4 (Study Guide)26 terms Beatboxing_sky21 PSYC 331 Final - Review49 terms soskan Essentials of Understanding Psychology Chapter 322 terms emerly10 Related questionsQUESTION A signal that would not warn challengers that strong retaliation is likely is 9 answers QUESTION for business documents, which guideline about headings helps improve the ease of reading? 9 answers QUESTION Bioplus Inc. has introduced a new anti-aging cream in the market with a price that is higher than those of similar products from its competitors. At which position should Bioplus Inc. include the price in its sales message? 4 answers QUESTION Select all that are true about the transferability of interest of a limited liability company: 2 answers What is the first step that individuals responsible for the development of a business continuity plan?1. Business Impact Analysis (BIA) The first step to building your company's BCP is to consider the potential impact of each type of disaster or risk event that your company may face.
What is the first step in business continuity quizlet?The first task of the BCP team should be the review and validation of the business organization analysis initially performed by those individuals responsible for spearheading the BCP effort. This ensures that the initial effort, undertaken by a small group of individuals, reflects the beliefs of the entire BCP team.
What is the first step of BCP implementation?Step 1: Assemble a Business Continuity Management Team
A good BCP should detail what your staff needs to do in the event of a disaster, what communication methods are required, and the timeframe in which critical IT services need to be available.
What is the first phase of a BCP?Phase 1: Identify the risks
The first phase is to conduct a risk assessment, identifying any potential hazards that could disrupt your business. Consider any type of risk your team can imagine, including natural threats, human threats and technical threats.
|