Effective CISSP Questions

As the World Health Organization (WHO) declared the novel coronavirus as a Public Health Emergency of International Concern (PHEIC) and officially renamed it to COVID 19, you are reviewing your contingent and continuity plans to prepare for the world-wide outbreak. Which of the following may least concern your organization when responding to the PHEIC in terms of business continuity?
A. Disruption of supply chain
B. The convenience of remote access solutions
C. Effectiveness of system redundant sites
D. Shortage of financial cash flow

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Effectiveness of redundant sites.

Architectural and Design Principles

Business Continuity is the capability of an organization to continue the delivery of products and services within acceptable time frames at predefined capacity during a disruption. (ISO 22301, 2019)

Redundant sites are identified and determined in ISCP (Information System Contingency Plan) and DRP (Disaster Recovery Plan). Both address system and technical issues. The virus may not destroy information systems or data centers. Relocating systems to hot sites or cold sites are not directly related to the virus outbreak.

Moreover, when the virus goes pandemic, relocating people and systems to alternative locations may not be effective. Working at home or remotely is more effective. Security professionals should address security needs as well as psychological concerns. Convenience is part of psychological concerns. Psychological Acceptability (Saltzer and Schroeder) and Human Factored Security (NIST SP 800-160 V1) are well-known security engineering principles that relate to convenience.

The supply chain is one of the typical business continuity concerns. For example,

Financial cash flow is the blood of a business. It matters to business continuity or even survival.



當世界衛生組織(WHO)將這種新型冠狀病毒宣佈為”國際關注的突發公共衛生事件”(PHEIC),並正式將其命名為COVID 19時,您開始審查組織的應變和持續計畫,以為全球爆發做好準備。 回應此PHEIC事件時,您的組織最不用擔心以下哪一項?

2 thoughts on “CISSP PRACTICE QUESTIONS – 20200218

Leave a Reply