CISSP PRACTICE QUESTIONS – 20210426

Effective CISSP Questions

Your company is publicly traded. A ransomware attack has materialized and is threatening to publish confidential customer data unless a ransom is paid. The board of directors is concerned that the ransomware attack will compromise shareholders’ confidence and stock price. Which of the following is the best plan that addresses the concern? (Wentz QOTD)
A. Disaster recovery plan
B. Business continuity plan
C. Crisis communication plan
D. Information system contingency plan

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Crisis communication plan.

NIST SP 800-34 R1 provides awesome introduction to organizational resiliency and business continuity. ISO 22303 provides guidelines for implementing business continuity management system. This question is based on NIST SP 800-34 R1.

Continuity and contingency planning are critical components of emergency management and organizational resilience but are often confused in their use.
Continuity planning normally applies to the mission/business itself; it concerns the ability to continue critical functions and processes during and after an emergency event.
Contingency planning normally applies to information systems, and provides the steps needed to recover the operation of all or part of designated information systems at an existing or new location in an emergency.
Cyber Incident Response Planning is a type of plan that normally focuses on detection, response, and recovery to a computer security incident or event.

Source: NIST SP 800-34 R1

Crisis Communications Plan

Organizations should document standard procedures for internal and external communications in the event of a disruption using a crisis communications plan. A crisis communications plan is often developed by the organization responsible for public outreach. The plan provides various formats for communications appropriate to the incident. The crisis communications plan typically designates specific individuals as the only authority for answering questions from or providing information to the public regarding emergency response. It may also include procedures for disseminating reports to personnel on the status of the incident and templates for public press releases.

Source: NIST SP 800-34 R1

Business Continuity Plan (BCP)

The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption. An example of a mission/business process may be an organization’s payroll process or customer service process. A BCP may be written for mission/business processes within a single business unit or may address the entire organization’s processes. The BCP may also be scoped to address only the functions deemed to be priorities. A BCP may be used for long-term recovery in conjunction with the COOP plan, allowing for additional functions to come online as resources or time allow. Because mission/business processes use information systems (ISs), the business continuity planner must coordinate with information system owners to ensure that the BCP expectations and IS capabilities are matched.

Source: NIST SP 800-34 R1

Disaster Recovery Plan (DRP)

The DRP applies to major, usually physical disruptions to service that deny access to the primary facility infrastructure for an extended period. A DRP is an information system-focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency. The DRP may be supported by multiple information system contingency plans to address recovery of impacted individual systems once the alternate facility has been established. A DRP may support a BCP or COOP plan by recovering supporting systems for mission/business processes or mission essential functions at an alternate location. The DRP only addresses information system disruptions that require relocation.

Source: NIST SP 800-34 R1

Information System Contingency Plan (ISCP)

An ISCP provides established procedures for the assessment and recovery of a system following a system disruption. The ISCP provides key information needed for system recovery, including roles and responsibilities, inventory information, assessment procedures, detailed recovery procedures, and testing of a system.
The ISCP differs from a DRP primarily in that the information system contingency plan procedures are developed for recovery of the system regardless of site or location. An ISCP can be activated at the system’s current location or at an alternate site. In contrast, a DRP is primarily a site-specific plan developed with procedures to move operations of one or more information systems from a damaged or uninhabitable location to a temporary alternate location. Once the DRP has successfully transferred an information system site to an alternate site, each affected system would then use its respective ISCP to restore, recover, and test systems, and put them into operation.

Source: NIST SP 800-34 R1

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

您的公司是公開交易的。 勒索軟件攻擊已經實現,並且威脅要發布機密的客戶數據,除非支付了贖金。 董事會擔心勒索軟件攻擊將損害股東的信心和股價。 以下哪項是解決該疑慮的最佳計劃?(Wentz QOTD)
A. Disaster recovery plan
B. Business continuity plan
C. Crisis communication plan
D. Information system contingency plan

Leave a Reply