1. What is the goal and purpose of a business impact analysis (BIA)?
2. Why is a business impact analysis (BIA) an important first step in defining a business continuity
plan (BCP)?
3. What is the definition of recovery time objective (RTO)? Why is this important to define in an IT
Security Policy Definition as part of the business impact analysis (BIA) or business continuity
plan (BCP)?
4. How do risk management and risk assessment relate to a business impact analysis (BIA) for an IT
infrastructure?
Performing a Business Impact Analysis for a Mock IT Infrastructure
5. True or false: If the recovery point objective (RPO) metric does not equal the recovery time
objective (RTO), you can potentially lose data that might not be backed up. This represents a gap
in potential lost or unrecoverable data.
6. If you have an RPO of 0 hours, what does that mean?
7. What must you explain to executive management when defining RTO and RPO objectives for the
BIA?
8. What questions do you have for executive management in order to finalize your BIA?
9. Why do customer service business functions typically have a short RTO and RPO maximum
allowable time objective?
10. To write backup and recovery procedures, you need to review the IT systems, hardware, software,
and communications infrastructure that supports business operations and functions, and you need
to define how to maximize availability. This alignment of IT systems and components must be
based on business operations, functions, and prioritizations. This prioritization is usually the
result of a risk assessment and how those risks, threats, and vulnerabilities impact business
operations and functions. What is the proper sequence of development and implementation for the
following plans?:
Business Continuity Plan:
Disaster Recovery Plan:
Risk Management Plan:
Business Impact Analysis:
11. How does a BCP help mitigate risk?
12. What kind of risk does a BCP help mitigate?
13. If you have business liability insurance, asset replacement insurance, and natural disaster
insurance, do you still need a BCP or disaster recovery plan (DRP)? Why or why not?
14. From your scenario and BIA from the Performing a Business Impact Analysis for a Mock IT
Infrastructure lab in this lab manual, what were the mission-critical business functions and
operations you identified? Are these the focus of your BCP?
15. What does a BIA help define for a BCP?
16. Who should develop and participate in an organization’s BCP?
17. Why do disaster planning and disaster recovery belong in a BCP?
18. What is the purpose of having documented IT system, application, and data recovery procedures
and steps?
19. Why must you include testing of the plan in your BCP?
20. How often should you update your BCP document?
21. In your BCP outline, where will you find a list of prioritized business operations, functions, and
processes?
22. In your BCP outline, where will you find detailed backup and system recovery information?
23. In your BCP outline, where will you find a policy definition defining how to engage your BCP
due to a major outage or disaster?
24. In your BCP outline, where will you find a policy definition defining the resources that are
needed to perform the tasks associated with business continuity or disaster recovery?
25. What is the purpose of testing your BCP and DRP procedures, backups, and recovery steps?
"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"
