PrepAway - Latest Free Exam Questions & Answers

Which of the following phases deals with identifying and prioritizing critical functions and systems?

The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems?

PrepAway - Latest Free Exam Questions & Answers

A.
Identify preventive controls.

B.
Develop the continuity planning policy statement.

C.
Develop recovery strategies.

D.
Conduct the business impact analysis.

Explanation:
D: Although no specific scientific equation must be followed to create continuity plans, certain best practices have proven themselves over time. The National Institute of Standards
and Technology (NIST) organization is responsible for developing many of these best practices and documenting them so that they are easily available to all. NIST outlines seven
steps in its Special Publication 800-34, Continuity Planning Guide for Information Technology Systems: develop the continuity planning statement; conduct the business impact
analysis; identify preventive controls; develop recovery strategies; develop the contingency plan; test the plan and conduct training and exercises; and maintain the plan. Conducting a
business impact analysis involves identifying critical functions and systems, and allowing the organization to prioritize them based on necessity. It also includes identifying
vulnerabilities and threats, and calculating risks.
A is incorrect because identifying preventive controls must be done after critical functions and systems have been prioritized, and their vulnerabilities, threats, and risks identified
which is all part of the business impact analysis. Conducting a business impact analysis is step two of creating a continuity plan, and identifying preventive controls is step three.
B is incorrect because developing the continuity planning policy statement involves writing a policy that provides the guidance necessary to develop a business continuity plan and
that assigns authority to the necessary roles to carry out these tasks. It is the first step in creating a business continuity plan and thus comes before identifying and prioritizing critical
systems and functions, which is part of the business impact analysis.
C is incorrect because developing recovery strategies involves formulating methods to ensure systems and critical functions can be brought online quickly. Before this can be done,
a business impact analysis must be carried out to determine which systems and functions are critical and should be given priority during recovery.

One Comment on “Which of the following phases deals with identifying and prioritizing critical functions and systems?


Leave a Reply