System Availability: BIA and Metrics

ISC 2 Mod 3

What is the first step in the BIA Process?

Establish the BIA Approach

What is the second step in the BIA Process?

Identify Critical Resources

What is the third step in the BIA Process?

Define Disruption Impacts

What is the fourth step in the BIA Process?

Estimate Losses

What is the fifth step in the BIA Process?

Establish Recovery Priorities

What is the sixth step in the BIA Process?

Create the BIA Report

What is the seventh step in the BIA Process?

Implement the BIA Recommendations

What trust services criteria does the BIA aid in?

Availability

What best describes step one of the BIA?

Agreement on the necessary approach to performing the BIA is critical and must first be clearly outlined by the organization.

What best describes step two of the BIA?

Management must clearly define critical functions in the organization and delineate which IT resources are required to perform them.

What best describes step three of the BIA?

The organization must identify and evaluate the impact of a service disruption by understanding its effects over time and the resources negatively affected or required to deal with the disruption.

What best describes step four of the BIA?

This step involves the management team outlining an exhaustive list of potential risks and events that could occur that would disrupt operations and assigning each of those threats a probability of likelihood.

What best describes step five of the BIA?

Management must prioritize recovery strategies to decide which tasks personnel should address first.

What best describes step six of the BIA?

These reports may be completed at the department level, business unit level, product level, or by any other appropriate means of segregating a business to evaluate risk, as long as all known risks have been addressed. These individual reports can then be combined to form a company-wide BIA.

What best describes step seven of the BIA?

This phase involves senior management evaluating the comprehensive BIA report, determining which risks pose the greatest threat, and implementing preventative or corrective actions to remediate those threats.

During which steps of the BIA process is the Annualized Rate of Occurrence (ARO) and Annualized Loss Expectancy (ALE) calculated?

Estimate Losses

During which step of the BIA process is the optimal Maximum Tolerable Downtime (MTD) and Mean Time to Repair (MTTR) calculated?

Establish Recovery Priorities

What is the Maximum Tolerable Downtime (MTD)?

The amount of time a business can tolerate an outage without causing long-term significant damage.

What is the Recovery Point Objective (RPO)?

The maximum threshold for acceptable data lost after an unplanned negative event. It defines the "age" of the data that must be recovered to resume normal operations.

What is the Recovery Time Objective (RTO)?

The maximum amount of time it should take to restore business operations to a target state following a system failure.

What is the Mean Time to Repair (MTTR)?

Average length of time it takes to repair a damaged or inoperable device.

What is the Recovery Time Actual (RTA)?

The actual time it takes to restore business operations to its target state after a system failure.

What is the Recovery Point Actual (RPA)?

The actual point in time to which data can be recovered.

What best describes high-impact in terms of BIA?

Cannot operate without the resource, high recovery cost, and may fail to meet the organizations objectives or maintain its reputation.

What best describes moderate/medium - impact in terms of BIA?

Can partially function temporarily, experience some cost of recovery, and may fail to meet the organizations objectives or maintain its reputation.

What best describes low-impact in terms of BIA?

Can operate for an extended period of time, and may notice an effect on achieving the organizations objectives or maintaining its reputation.