CHAPTER SUMMARY
This chapter covered the details on BCPs. The primary purpose of a BCP is to ensure that an organization can continue to operate after a disruption or disaster. The BCP includes details on the CBFs, including what needs to be done to keep them operating. Many individuals and teams share responsibilities. The BCP program manager oversees all BCPs, and the BCP coordinator manages one or more BCPs. Multiple teams with individual team leads also provide support to the BCP coordinator during development and implementation of a BCP.
A BCP has three primary phases. In the notification and activation phase, the BCP coordinator initiates the activity; in the recovery phase, critical systems are recovered and restored; and in the reconstitution phase, normal operations are restored when the disaster has passed. All BCP team members and leads should be trained on the BCP, and it should be tested and exercises done to ensure its completeness. The BCP coordinator is responsible for regularly updating the BCP, which includes regular updates and additional ones when warranted.
KEY CONCEPTS AND TERMS
CHAPTER 13 ASSESSMENT
- A(n) ________ is a plan that helps an organization continue to operate during and after a disruption or disaster.
- Business continuity and disaster recovery are the same thing.
- True
- False
- A BCP includes specific locations, systems, employees, and vendors, and these requirements are identified in the ________ statement.
- What is the purpose of a BCP?
- To identify CBFs
- To reduce or eliminate threats
- To ensure mission-critical elements of an organization continue to operate after a disruption
- All of the above
- What does a BCP help to protect during and after a disruption or disaster?
- Confidentiality, information, and authentication
- Certifications, identities, and accreditations
- Mission-critical and non–mission-critical CBFs
- Confidentiality, integrity, and availability
- The ________ is responsible for declaring an emergency and activating the BCP.
- After a BCP has been activated, who has overall authority for the recovery of systems?
- EMT
- DAT
- TRT
- CAT
- After a BCP has been activated, who will assess the damages?
- BCP coordinator
- EMT
- DAT
- TRT
- After a BCP has been activated, who will recover and restore critical IT services?
- BCP coordinator
- EMT
- DAT
- TRT
- What are the three phases of a BCP?
- Notification and activation, transfer, and recovery
- Notification and activation, recovery, and reconstitution
- Recovery, renewal, and reconstitution
- Transfer, recovery, and notification
- A major disruption has forced a company to move operations to an alternate location. The disruption is over, and now the process of normalizing operations needs to begin. What operations should be moved back to the original location first?
- Least CBFs
- Most CBFs
- Non–mission-critical personnel
- Mission-critical personnel
- A major disruption has forced a company to move operations to an alternate location. The disruption is over, and now the process of normalizing operations needs to begin. Several servers have been rebuilt at the primary location. What should be done?
- Test the servers and then turn off the servers at the alternate location.
- Bring the servers online and turn off the alternate location servers.
- Run the servers concurrently with the alternate location for three to five days.
- Test the servers for three to five days before bringing them online.
- What can be done to show that the BCP will work as planned?
- BCP planning
- BCP training
- BCP testing
- BCP exercises
- What types of exercises can demonstrate a BCP in action? (Select three.)
- Tabletop exercises
- Functional exercises
- Pull-the-plug exercises
- Full-scale exercises
- Once a BCP has been developed, it should be reviewed and updated on a regular basis, such as annually.
- True
- False