Which of the following should identify critical systems and components?
A.
MOU
B.
BPA
C.
ITCP
D.
BCP
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
Most forums give D as an answer:
Yet, I would go with C.
Before we proceed, lets elimininate the obvious answers:
A. A memorandum of understanding (MoU) is a type of agreement between two (bilateral) or more (multilateral) parties. It expresses a convergence of will between the parties, indicating an intended common line of action.
B. A business partners agreement (BPA) is a written agreement for business partners.
And the not so obvious:
D.Business continuity planning (BCP) is the creation of a strategy through the recognition of threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster
Yet, I will go with C. “Information Technology Contingency Plan”, for the following reasons:
A contingency plan is a course of action designed to help an organization respond effectively to a significant future event or situation that may or may not happen.
There are 7 steps for a sound Contingency plan, and it is during step 2- BIA that we “identify and prioritize information systems and components critical to supporting the organization’s mission/business functions.”
A contingency plan is sometimes referred to as “Plan B,” because it can be also used as an alternative for action if expected results fail to materialize. Contingency planning is a component of business continuity, disaster recovery and risk management.
The seven-steps outlined for an IT contingency plan in the NIST 800-34 Rev. 1 publication are:
1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.
2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission/business functions.
3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.
4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.
5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the system’s security impact level and recovery requirements.
6. Ensure plan testing, training and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.
7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.
0
2