Domain 2: Business Continuity, Disaster Recovery & Incident Response

What is Business Continuity Planning (BCP)?

A process that ensures critical business functions continue during and after a disaster.

What is Disaster Recovery Planning (DRP)?

A process that focuses on restoring IT systems and data after a disaster.

What is an Incident Response Plan (IRP)?

A plan that outlines the steps to take during and after a security incident.

What are the key components of a BCP?

Risk assessment, business impact analysis, recovery strategies, plan development, testing and exercises.

What is a Business Impact Analysis (BIA)?

A process that identifies and evaluates the potential effects of disruptions to business operations.

What is the difference between RTO and RPO?

RTO (Recovery Time Objective) is the target time to restore a service after a disruption. RPO (Recovery Point Objective) is the maximum acceptable amount of data loss after a disruption.

What is the purpose of an Incident Response Team (IRT)?

To coordinate and manage the response to a security incident.

What are the phases of the Incident Response Lifecycle?

Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity.

What is the role of communication in BCP and DRP?

Effective communication ensures that all stakeholders are informed and coordinated during and after a disaster.

What is a tabletop exercise?

A discussion-based exercise where team members discuss their roles and responses during a simulated incident.

What is the purpose of testing and exercises in BCP and DRP?

To validate the effectiveness of the plans and identify areas for improvement.

What is the difference between hot, warm, and cold sites?

Hot sites are fully operational and ready for immediate use. Warm sites have some infrastructure in place but require setup. Cold sites are empty facilities that need to be equipped and configured.

What is the role of backup and recovery in DRP?

To ensure that data can be restored and systems can be recovered after a disaster.

What is the importance of documentation in BCP and DRP?

Documentation provides a clear and detailed plan for responding to and recovering from disasters.

What is the role of senior management in BCP and DRP?

Senior management provides support, resources, and oversight for the development and implementation of the plans.