Test Prep This preview shows page 48 - 50 out of 101 pages. 3.Identify recovery priorities for system resourcesDetermine Mission/Business Processes and Recovery Criticality:the first major BIA task is the analysis and prioritization ofbusiness processes within the organization, based on their relationship to the organization’s mission.Whenever you see the term: mission/business process, it’s essentially describing abusiness process (a task performed by anorganization or one of its units in support of the organization’s overall mission)NIST prefers this term, although the term BUSINESSPROCESS is just as accurate. It is important to collect critical information about each business unit before beginning the process ofprioritizing the business units.Aweighted table analysis (WTA),sometimes called aweighted factor analysis,can be useful in resolving the issue of whatbusiness function is the most critical. The CPMT can use this tool by first identifying the characteristics of each business function thatmatter most to the organization—the criteria. The team should then allocate relative weights to each of these criteria.A BIA questionnaire is an instrument used to collect relevant business impact information for the required analysis. It is useful as atool for identifying and collecting information about business functions for the analysis just described. It can also be used to allowfunctional managers to directly enter information about the business processes within their area of control, their impacts on thebusiness, and dependencies that exist for the functions from specific resources and outside service providers.NIST Business Process and Recovery Criticality:NIST’s SP 800-34, Rev. 1 recommends that organizations use categories like lowimpact, moderate impact, or high impact for the security objectives of confidentiality, integrity, and availability (NIST’s RiskManagement Framework [RMF] Step 1). When organizations consider recovery criticality, key recovery measures are usually We have textbook solutions for you! The document you are viewing contains questions related to this textbook. Illustrated Microsoft Office 365 & Office 2016: Fundamentals Beskeen/Parson Expert Verified INFOSEC CHAPTERS: 8,9,10,11,12described in terms of how much of the asset they must recover within a specified time frame. The terms most commonly used todescribe this value are:Recovery time objective (RTO):the maximum amount of time that a system resource can remain unavailable before there isan unacceptable impact on other system resources, supported business processes, and the MTDRecovery point objective (RPO):the point in time before a disruption or system outage to which business process data can berecovered after an outage, given the most recent backup copy of the dataMaximum tolerable downtime (MTD):the total amount of time the system owner or authorizing official is willing to acceptfor a business process outage or disruption. The MTD includes all impact considerations.Work recovery time (WRT):the amount of effort (expressed as elapsed time) needed to make business functions work againafter the technology element is recovered. This recovery time is identified by the RTO.(page 410) Information Asset Prioritization: Upload your study docs or become a Course Hero member to access this document Upload your study docs or become a Course Hero member to access this document End of preview. Want to read all 101 pages? Upload your study docs or become a Course Hero member to access this document We have textbook solutions for you!The document you are viewing contains questions related to this textbook. The document you are viewing contains questions related to this textbook. Illustrated Microsoft Office 365 & Office 2016: Fundamentals Beskeen/Parson Expert Verified Is the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources?Recovery Time Objective (RTO).
RTO defines the maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources, supported mission/business processes, and the MTD.
Is the total amount of time the system owner or authorizing official is willing to accept for a business process outage or disruption?According to NIST 800-34r12 Maximum Tolerable Downtime (MTD) represents the total amount of time the system owner/authorizing official is willing to accept for a mission/business process outage or disruption and includes all impact considerations.
Which of the following is the process of examining a possible incident and determining whether it constitutes an actual incident?The process of examining a possible incident and determining whether it constitutes an actual incident is called incident verification.
What is the final stage of the business impact analysis when using the NIST SP 800 34?What is the final stage of the business impact analysis when using the NIST SP 800-34 approach? Identify recovery priorities for system resources.
|
Is the amount of effort expressed as elapsed time needed to make business functions work again after the technology element is recovered?
zusammenhängende Posts
Urheberrechte © © 2024 decemle Inc.
