Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our business continuity planning module. Our business continuity planning is very important for the success of our business. A business continuity plan is a long term plan for continuing our operations as a business in case of an incident. We want to make sure that we can maintain our business operation during and after an incident, a disaster, or other emergency.
It is important to make sure that we are managing the threats that could occur to our business. And we need to plan for all of the threats that can occur, not just threats and risks to our IT systems. We'll have to develop a unique plan for each business.
We can use a standard to get started but we will have to customize a plan for each individual organization. First, we'll have to identify our critical resources. And then develop a policy in order to avoid serious disruption of the business operations. We can attempt to prevent disasters through planning and controls, and providing training.
We can attempt to ensure our reliability and resiliency by avoiding single points of failure. But we must also make sure that we have enough resources in case a disaster does occur. We will most likely need a significant amount of resources. And we should also make sure we have insurance in place to provide funding in the event of a disaster.
Proper planning will help us to make sure that we protect our confidentiality, integrity and availability. Resilience is a term which just means our ability to quickly adapt and recover from any changes in our environment. You should keep in mind that your company will be more vulnerable after a disaster occurs.
You'll still need to protect your confidential information and you may need help identifying resources protecting them. And here, we're talking about more than just a redundant server or backing up your data. Your employees really need to be prepared for a disaster and know what to do if a disaster occurs.
You can use redundant components, like power supplies, to increase your reliability. Another thing that most people don't think about is documenting your configurations. So how are you going to rebuild and restore your systems in case of a disaster? These configurations need to be available so that you can rebuild the systems in case of a complete destruction of your facility, and you need to rebuild in another location.
Your disaster recovery and business continuity planning should be part of your business decisions. Should be part of your security program in order to mitigate the effects of any disasters that might occur. NIST, the National Institute of Standards and Technology provides definitions in their special publication 800-34 revision 1.
They provide us with these definitions if they can help us with planing to make sure our business succeeds after a disaster. Your cyber incident response plan is a plan that focuses on detecting, responding and recovering from cyber attacks, computer security incidents, or events. Our business contingency planning typically applies to our information systems.
And this will provide the steps needed to recover our information systems operations at our existing location or at a new location after an emergency occurs. Our continuity of operations plan or COOP plan, focuses on making sure that we can transfer our essential IT functions to an alternate location for up to 30 days.
And our business continuity planning applies to our entire business, not just our information systems. This plan is concerned with continuing your critical business functions during an emergency and after an emergency. And continuing these options even in the face of adversity. It is critical to have your senior management staff involved in this process and on board with the planning.
If you attempt to perform contingency planning without the approval and involvement of the senior management, you will most likely not be successful. Your management should know how important it is to align your information security objectives with your business priorities. And they have to approve the resources that you will need in order to get this process going and make sure that you have all the resources in place in case a disaster does occur.
Your management staff is gonna wanna hear about the return on investment, or ROI. Here, you're going to show them that it is better to plan in advance and be prepared because it will be much less expensive than trying to plan after a disaster occurs. The management employees should announce the start and end of your process.
If you have support from your senior level management, this will help you to gain support from your steak holders and get them involved in the process as well. NIST provides a seven-step business continuity planning model. The first step is to develop the contingency planning policy statement. And you should always have a lot of advanced planning before conducting any type of business continuity planning.
The second step is to conduct our business impact analysis to determine the impact to our business of different types of disasters. We then need to identify any preventative controls that we have in place, create our contingency strategies, such as what we will do if there's a fire or other type of emergency.
We should have detailed information system contingency plans and recovery procedures. And we should keep these procedures off site in case something happens to our facility, such as a fire, and those documents are destroyed. We should make sure that we are testing the plan, providing training to our employees and conducting exercises to simulate a disaster.
And then we must make sure our plan is being maintained and updated appropriately as our threats change or as our technology changes. For the CISSP exam, you want to be familiar with the first step of this process. Which is to develop your contingency planning policy statement. You would not want to perform any of the other steps on this list before you did that.
This concludes our business continuity planning module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!