Page 1513 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1513
Chapter 3: Business Continuity Planning
1. B. The business organization analysis helps the initial planners
select appropriate BCP team members and then guides the overall
BCP process.
2. B. The first task of the BCP team should be the review and
validation of the business organization analysis initially performed
by those individuals responsible for spearheading the BCP effort.
This ensures that the initial effort, undertaken by a small group of
individuals, reflects the beliefs of the entire BCP team.
3. C. A firm’s officers and directors are legally bound to exercise due
diligence in conducting their activities. This concept creates a
fiduciary responsibility on their part to ensure that adequate
business continuity plans are in place.
4. D. During the planning phase, the most significant resource
utilization will be the time dedicated by members of the BCP team
to the planning process. This represents a significant use of
business resources and is another reason that buy-in from senior
management is essential.
5. A. The quantitative portion of the priority identification should
assign asset values in monetary units.
6. C. The annualized loss expectancy (ALE) represents the amount of
money a business expects to lose to a given risk each year. This
figure is quite useful when performing a quantitative prioritization
of business continuity resource allocation.
7. C. The maximum tolerable downtime (MTD) represents the longest
period a business function can be unavailable before causing
irreparable harm to the business. This figure is useful when
determining the level of business continuity resources to assign to
a particular function.
8. B. The SLE is the product of the AV and the EF. From the scenario,
