As the newly hired CISO for a global company selling toys all over the world, you are reviewing the company’s mission statement and organizational structure and processes, identifying applicable legal and regulatory requirements, and interviewing stakeholders to implement the business continuity management system (BCMS). Which of the following is the most likely activity you will do next?
A. Conduct business impact analysis
B. Determine the scope
C. Assess risk
D. Develop the business continuity plan
Wentz’s Book, The Effective CISSP: Security and Risk Management https://www.amazon.com/dp/B087JL6BXR
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Determine the scope.
The business continuity management system (BCMS) implies the ISO 22301. Business continuity in ISO 22301 focuses on the continual delivery of products and services provided by organizational units across different locations.
For a global company, there are a variety of products and services provided by branches across the world. So, the scope of the business continuity program should be defined first. It’s not easy for most of the enterprises to implement an enterprise-wide BCMS that covers all branches and units across the world at once because of limited resources and other factors.
Please refer to The Effective CISSP: Security and Risk Management for more information.
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.