Your company manufactures sports shoes for a worldwide big label and initiates a business continuity program to support the continuous delivery of products and services. Which of the following should be done first? (Wentz QOTD)
A. Identify critical activities and their maximum tolerable downtime
B. Identify, analyze, and evaluate risk relevant to business continuity
C. Determine the list of products and services to be protected from disruption
D. Define RTO and RPO for critical IT services subject to business requirements
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Determine the list of products and services to be protected from disruption.
The following demonstrates a general business continuity planning process:
- Define the scope of the business continuity program
– Determine the list of products and services to be protected from disruption
- Conduct business impact analysis (BIA)
– Identify critical activities and their maximum tolerable downtime (MTD)
– Define RTO and RPO for critical IT services subject to business requirements
- Conduct risk assessment (this can be done before BIA and conducted iteratively)
– Identify, analyze, and evaluate risk relevant to business continuity
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
您的公司為全球大品牌生產運動鞋，並啟動業務持續計畫(business continuity program)以支持產品和服務的持續交付。 以下哪項應該先做？(Wentz QOTD)
D. 根據業務需求為關鍵 IT 服務定義 RTO 和 RPO