Out of the following steps in the development of a disaster recovery plan, which
is the second step?

A.
Develop an information system contingency plan

B.
Create contingency strategies

C.
Conduct the business impact analysis (BIA)

D.
Ensure plan testing, training, and exercises

Explanation:
The seven progressive steps are designed to be integrated into each
stage of the system development life cycle.
. Develop the contingency planning policy statement. A formal policy provides the
authority and guidance necessary to develop an effective contingency plan.
. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize
information systems and components critical to supporting the organization’s
mission/business functions. A template for developing the BIA is provided to assist
the user.
. Identify preventive controls. Measures taken to reduce the effects of system
disruptions can increase system availability and reduce contingency life cycle
costs.
. Create contingency strategies. Thorough recovery strategies ensure that the
system may be recovered quickly and effectively following a disruption.
. Develop an information system contingency plan. The contingency plan should
contain detailed guidance and procedures for restoring a damaged system unique to
the system’s security impact level and recovery requirements.
. Ensure plan testing, training, and exercises. Testing validates recovery
capabilities, whereas training prepares recovery personnel for plan activation and
exercising the plan identifies planning gaps; combined, the activities improve plan
effectiveness and overall organization preparedness.
. Ensure plan maintenance. The plan should be a living document that is updated
regularly.