Effective CISSP Questions

To identify, analyze, and prioritize business continuity requirements is crucial to initiate the business continuity management (BCM) program. Which of the following should be conducted first?
A. Determining the scope of the BCM program
B. Understanding the organization and its context
C. Understanding the needs and expectations of stakeholders
D. Develop project plans

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Understanding the organization and its context.

Stakeholders are identified after the context is determined and analyzed. Their needs and expectations are solicited, collected, analyzed, and managed as requirements, and become the basis of the scope. Alternatives are then proposed to meet stakeholders’ requirements. A business case evaluates the alternatives, selects one as the solution, and supports a program or project to be sponsored and initiated.

That said, a program or project is initiated with a charter supported by a business case that evaluates alternatives and determines the solution to meet stakeholders’ needs and expectations identified from the organization and its context, typically through internal and external analysis or environment scanning. 

The scope of the BCM program is approved, baselined, and documented in the program plan after the program is initiated.

PMI OPM and Project Management



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

識別、分析和確定業務連續性需求的優先順序對於啟動業務連續性管理(BCM)計畫至關重要。 以下哪項操作應該最先進行?
A. 確定BCM計畫的範圍(scope)
B. 了解組織及環境(context)
C. 了解利害關係人(stakeholder)的需求和期望
D. 發展各項專案計畫(plan)


Leave a Reply