Effective CISSP Questions

As the newly hired CISO for a global company selling toys all over the world, you are reviewing the company’s mission statement and organizational structure and processes, identifying applicable legal and regulatory requirements, and interviewing stakeholders to implement the business continuity management system (BCMS). Which of the following is the most likely activity you will do next?
A. Conduct business impact analysis
B. Determine the scope
C. Assess risk
D. Develop the business continuity plan

Wentz’s Book, The Effective CISSP: Security and Risk Management

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Determine the scope.

ISO Generic Management Model

The business continuity management system (BCMS) implies the ISO 22301. Business continuity in ISO 22301 focuses on the continual delivery of products and services provided by organizational units across different locations.

For a global company, there are a variety of products and services provided by branches across the world. So, the scope of the business continuity program should be defined first. It’s not easy for most of the enterprises to implement an enterprise-wide BCMS that covers all branches and units across the world at once because of limited resources and other factors.

Please refer to The Effective CISSP: Security and Risk Management for more information.



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

1 thought on “CISSP PRACTICE QUESTIONS – 20200629

Leave a Reply