Incident & Contingency Planning

Flashcards for review

What is a contingency plan?

A plan designed to take account of a possible future event or circumstance, made for dealing with an emergency, or with something that might possibly happen and cause problems in the future.

What is the purpose of mitigation in relation to risk and contingency plans?

Mitigation avoids risk, while a contingency plan is what you do if risk occurs.

What does contingency planning involve?

Senior management deciding what the organization will do if something bad happens, like an incident or disaster.

What are the major components of contingency planning?

Business impact analysis, disaster recovery, incident response, business continuity, and business resumption planning.

What is a Business Impact Analysis (BIA)?

Understanding what could go wrong with important parts of a business, like losing money, upsetting customers, or getting in trouble with regulations.

What is the purpose of an Incident Response Plan (IRP)?

To have a step-by-step guide for dealing with problems like computer viruses or unauthorized access.

What is the purpose of a Disaster Recovery Plan (DRP)?

Knowing how to get things back to normal after a big problem, like a computer system crashing.

What is the purpose of a Business Continuity Plan (BCP)?

Making sure essential tasks can keep going, even if something bad happens, like a cyber-attack.

What is a Backup Plan?

Making copies of important data and knowing how to bring them back if they're lost or damaged.

What is a Vendor Safety Plan?

Making sure other companies you work with keep your information safe.

What is the purpose of Training for Employees in contingency planning?

Teaching staff how to keep computers and data safe, and what to do if something goes wrong.

Who is the Champion in a Contingency Planning Management Team (CPMT)?

A high-level manager, like the CIO or CEO, who supports, promotes, and endorses the project findings.

Who is the Project Manager in a Contingency Planning Management Team (CPMT)?

A mid-level manager or the CISO who leads the project, ensuring a thorough planning process, developing a comprehensive project plan, and managing resources efficiently to achieve project goals.

What is the first step in the Contingency Planning Process?

Develop a Policy Statement: Create a formal policy to guide the development of a contingency plan, giving the necessary authority and direction.

What is the second step in the Contingency Planning Process?

Conduct a Business Impact Analysis (BIA): Identify and prioritize critical information systems and components essential for the organization's mission. Use a template to help with this process.

What is the third step in the Contingency Planning Process?

Identify Preventive Measures: Find ways to reduce the impact of system disruptions, increasing availability and lowering costs.

What is the fourth step in the Contingency Planning Process?

Create Recovery Strategies: Develop thorough strategies to ensure quick and effective system recovery after a disruption.

What is the fifth step in the Contingency Planning Process?

Develop a Contingency Plan: Detail procedures for restoring damaged facilities specific to each business unit's impact level and recovery needs.

What is the sixth step in the Contingency Planning Process?

Test, Train, and Exercise the Plan: Test recovery capabilities, train personnel for plan activation, and exercise the plan to identify any gaps in planning. These activities improve overall preparedness.

What is the seventh step in the Contingency Planning Process?

Maintain the Plan: Regularly update the contingency plan to reflect system changes and organizational updates, ensuring it remains effective over time.

What is the philosophical perspective of the CP Policy?

Senior management emphasizes the importance of contingency planning for long-term organizational operations.

What is the scope and purpose of the CP Policy?

Highlight the necessity for contingency planning to cover all critical business functions and activities.

What is the emphasis of Risk Assessment and Impact Analysis in the CP Policy?

The need for periodic assessment and prioritization of critical business functions by the Contingency Planning Management Team (CPMT).

What is the investigation and assessment of various adverse events that can affect the organization?

Business Impact Analysis (BIA)

What should be considered when determining the scope of a Business Impact Analysis?

Carefully decide which parts of the organization to include, including the business units, systems, and understanding the nature of the risks being evaluated.