1.How does a BCP help mitigate risk?
2. What kind of risk does a BCP help mitigate?
3. If you have business liability insurance, asset replacement insurance, and natural disaster insurance, do you still need a BCP or disaster recovery plan (DRP)? Why or why not?
4. From your scenario and BIA from the Performing a Business Impact Analysis for a Mock IT Infrastructure lab in this lab manual, what were the mission-critical business functions and
operations you identified? Are these the focus of your BCP?
5. What does a BIA help define for a BCP?
6. Who should develop and participate in an organization's BCP?
7. Why do disaster planning and disaster recovery belong in a BCP?
8. What is the purpose of having documented IT system, application, and data recovery procedures and steps?
9. Why must you include testing of the plan in your BCP?
10. How often should you update your BCP document?
11. In your BCP outline, where will you find a list of prioritized business operations, functions, and processes?
12. In your BCP outline, where will you find detailed backup and system recovery information?
13. In your BCP outline, where will you find a policy definition defining how to engage your BCP
due to a major outage or disaster?
14. In your BCP outline, where will you find a policy definition defining the resources that are
needed to perform the tasks associated with business continuity or disaster recovery?
15. What is the purpose of testing your BCP and DRP procedures, backups, and recovery steps?
1. What is the goal and purpose of a business impact analysis (BIA)?
2. Why is a business impact analysis (BIA) an important first step in defining a business continuity plan (BCP)?
3. What is the definition of recovery time objective (RTO)? Why is this important to define in an IT Security Policy Definition as part of the business impact analysis (BIA) or business continuity plan (BCP)?
4. How do risk management and risk assessment relate to a business impact analysis (BIA) for an IT infrastructure?
Performing a Business Impact Analysis for a Mock IT Infrastructure
5. True or false: If the recovery point objective (RPO) metric does not equal the recovery time objective (RTO), you can potentially lose data that might not be backed up. This represents a gap in potential lost or unrecoverable data.
6. If you have an RPO of 0 hours, what does that mean?
7. What must you explain to executive management when defining RTO and RPO objectives for the BIA?
8. What questions do you have for executive management in order to finalize your BIA?
9. Why do customer service business functions typically have a short RTO and RPO maximum allowable time objective?
10. To write backup and recovery procedures, you need to review the IT systems, hardware, software, and communications infrastructure that supports business operations and functions, and you need to define how to maximize availability. This alignment of IT systems and components must be based on business operations, functions, and prioritizations. This prioritization is usually the result of a risk assessment and how those risks, threats, and vulnerabilities impact business operations and functions. What is the proper sequence of development and implementation for the following plans?:
Business Continuity Plan:
Disaster Recovery Plan:
Risk Management Plan:
Business Impact Analysis: