Hi, I'm Mike Chapple and this is the audio review of the study essentials for chapter 3 of the official CISSP study guide. Here are the top things that you need to know from this chapter on business continuity planning.
Understand the four steps of the business continuity planning process. Business continuity planning involves four distinct elements, project scope and planning, business impact analysis, continuity planning and approval and implementation. Each element contributes to the overall goal of ensuring that business operations continue uninterrupted in the face of an emergency.
Describe how to perform the business organization analysis. In the business organization analysis, the individuals responsible for leading the BCP process determine which departments and individuals have a stake in the business continuity plan. This analysis serves as the foundation for BCP team selection and after validation by the BCP team is used to guide the next stages of BCP development.
List the necessary members of the business continuity planning team. The BCP team should contain at a minimum representatives from each of the operational and support departments, technical experts from the IT department, physical and IT security personnel with BCP skills, legal representatives familiar with corporate, legal, regulatory and contractual responsibilities, human resources team members, public relations team members and representatives from senior management. Additional team members depend on the structure and nature of the organization.
Know the legal and regulatory requirements that face business continuity planners. Business leaders must exercise due diligence to ensure that shareholder interests are protected in the event that disaster strikes. Some industries are also subject to federal, state and local regulations that mandate specific BCP procedures. Many businesses also have contractual obligations to their clients that they must meet before, during and after a disaster.
Explain the stages of the business impact analysis process. The five stages of the business impact analysis process are identifying priorities, risk identification, likelihood assessment, impact analysis and resource prioritization.
Describe the process used to develop a continuity strategy. During the strategy development subtask, the BCP team determines which risks they will mitigate. In the provisions and processes subtask, the team designs mechanisms and procedures that will mitigate identified risks. The plan must then be approved by senior management and implemented. Personnel must also receive training on their roles in the BCP process.
Explain the importance of comprehensively documenting an organization's business continuity plan. Committing the plan to writing provides the organization with a written record of the procedures to follow when disaster strikes. It prevents the it's in my head syndrome and ensures the orderly progress of events in an emergency. Those are the study essentials that you need to know for Chapter 3, business continuity planning.