Showing posts with label BCP. Show all posts
Showing posts with label BCP. Show all posts

Tuesday, January 15, 2019

BCP and DRP - CISSP Quiz


Q. 1     What is the first step that individuals responsible for the development of a business continuity plan should perform?

  • A.    BCP team selection
  • B.    Business organization analysis
  • C.    Resource requirements analysis
  • D.    Legal and regulatory assessment
Q. 2     Once the BCP team is selected, what should be the first item placed on the team’s agenda?

  • A.    Business impact assessment
  • B.    Business organization analysis
  • C.    Resource requirements analysis
  • D.    Legal and regulatory assessment

Q. 3     What is the term used to describe the responsibility of a firm’s officers and directors to ensure that adequate measures are in place to minimize the effect of a disaster on the organization’s continued viability?

  • A.    Corporate responsibility
  • B.    Review and validation of the business organization analysis
  • C.    Due diligence
  • D.    Going concern responsibility

Q. 4     What will be the major resource consumed by the BCP process during the BCP phase?

  • A.    Hardware
  • B.    Software
  • C.    Processing time
  • D.    Personnel

Q. 5     What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the business impact assessment?

  • A.    Monetary
  • B.    Utility
  • C.    Importance
  • D.    Time

Q. 6     Which one of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?

  • A.    ARO
  • B.    SLE
  • C.    ALE
  • D.    EF

Q. 7     What BIA metric can be used to express the longest time a business function can be unavailable without causing irreparable harm to the organization?

  • A.    SLE
  • B.    EF
  • C.    MTD
  • D.    ARO

Q. 8     You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the single loss expectancy of your shipping facility to avalanches?

  • A.    $3,000,000
  • B.    $2,700,000
  • C.    $270,000
  • D.    $135,000

Q. 9     You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the annualized loss expectancy?

  • A.    $3,000,000
  • B.    $2,700,000
  • C.    $270,000
  • D.    $135,000

Q. 10     You are concerned about the risk that a hurricane poses to your corporate headquarters in South Florida. The building itself is valued at $15 million. After consulting with the National Weather Service, you determine that there is a 10 percent likelihood that a hurricane will strike over the course of a year. You hired a team of architects and engineers who determined that the average hurricane would destroy approximately 50 percent of the building. What is the annualized loss expectancy (ALE)?

  • A.    $750,000
  • B.    $1.5 million
  • C.    $7.5 million
  • D.    $15 million

Q. 11     Martin recently completed a thorough quantitative risk assessment for his organization. Which one of the following risks is least likely to be adequately addressed by his assessment?

  • A.    Downtime from data center flooding
  • B.    Cost of recovery from denial of service attack
  • C.    Reputational damage from data breach
  • D.    Remediation costs from ransomware attack

Q. 12     Which resource should you protect first when designing continuity plan provisions and processes?

  • A.    Physical plant
  • B.    Infrastructure
  • C.    Financial resources
  • D.    People

Q. 13     Which one of the following concerns is not suitable for quantitative measurement during the business impact assessment?

  • A.    Loss of a plant
  • B.    Damage to a vehicle
  • C.    Negative publicity
  • D.    Power outage

Q. 14     Lighter Than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years. What is the single loss expectancy for this scenario?

  • A.    0.01
  • B.    $10,000,000
  • C.    $100,000
  • D.    0.10

Q. 15     Referring to the scenario in question 14, what is the annualized loss expectancy?

  • A.    0.01
  • B.    $10,000,000
  • C.    $100,000
  • D.    0.10

Q. 16     In which business continuity planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team?

  • A.    Strategy development
  • B.    Business impact assessment
  • C.    Provisions and processes
  • D.    Resource prioritization

Q. 17     What type of mitigation provision is utilized when redundant communications links are installed?

  • A.    Hardening systems
  • B.    Defining systems
  • C.    Reducing systems
  • D.    Alternative systems

Q. 18     What type of plan addresses the technical controls associated with alternate processing facilities, backups, and fault tolerance?

  • A.    Business continuity plan
  • B.    Business impact assessment
  • C.    Disaster recovery plan
  • D.    Vulnerability assessment

Q. 19     What is the formula used to compute the single loss expectancy for a risk scenario?

  • A.    SLE = AV × EF
  • B.    SLE = RO × EF
  • C.    SLE = AV × ARO
  • D.    SLE = EF × ARO

Q. 20     Of the individuals listed, who would provide the best endorsement for a business continuity plan’s statement of importance?

  • A.    Vice president of business operations
  • B.    Chief information officer
  • C.    Chief executive officer
  • D.    Business continuity manager
at No comments:
Labels: , , , , ,

Friday, December 21, 2018

Business Continuity Planning

Any organization will encounter events that affects or threatens their operation. Events such as earthquake, hurricane, or man-made problem like fire. In order to mitigate the effects such events has on organization's continuous operation, resilient organization have plans and procedure to speed the return to normal operation.

Business continuity planning (BCP) is, therefore, a process of assessing the risks to organizational processes such that potentially disruptive event has very little impact on the business. To achieve such organization creates policies, plans, and procedures to minimize the impact those risks might have. In the happening of such events, the goal of BCP is to provide a quick and efficient response and enhance organization's ability to recover quickly. The BCP process has four main steps.

  • Project scope and planning
  • Business impact assessment
  • Continuity planning
  • Approval and implementation


at No comments:
Labels: , ,

Friday, May 22, 2015

Preserve critical business function in the face of disaster... BCP and DR

Suppose you run a business and have a world-wide based customer. You have promised your customer 99.9% uptime. This means 45min downtime/month equals 9 hr/hour Incident: Disaster occurs Anything that destroys normal processing capabilities Natural: Fire, flood, hurricance, tornado, earthquake, volcanoes Man-made: Plane crashes, vandalism, terrorism, sabotage, loss of personnel etc. And you don't have systems in place, you might not even notice that disaster happened, causing the downtime number to go much higher than promised. Result: Not only you could lose potential customers trying to access your systems, you may suffer lost revenue, lost customers or lost sales. What is the solution to this? The answer: BCP and DR. Business Continuity Planning (BCP) and Disaster Recovery (DR are integral parts of the overall risk management for an organization. BCP is the process and methodology by which an organization prepares for and handles situations that are outside normal operations. It allows a company to analyze and then mitigate risks that would otherwise affect an organization's ability to maintain stable, normal operations. BCP addresses: a. Continuation of critical business processes b. Preparation, testing and maintenance of process to recover  Disaster recovery (DR) is the process, policies and procedures of restoring operations critical to the resumption of business, including regaining access to data (records, hardware, software, etc.), communications (incoming, outgoing, tollfree, fax, etc.), workspace, and other business processes after a natural or human induced disaster.


Statistics have shown that Of companies that had a major loss of computerized data without a disaster recovery plan: - 43% never reopen - 51% close within two years - only 6% will survive long-term The difference of using BCP and DR? Take this real scenario - The 1993 World Trade Center bombing,150 businesses out of 350 affected failed to survive the event - The firms affected by the Sept. 11 attacks with well-developed and tested BCP and DR manuals were back in business within days
at 5 comments:
Labels: , , ,
Subscribe to: Posts (Atom)