Business Continuity Basics
This document outlines how an organization maintains operations during a disruption.
What is a Business Continuity Plan (BCP)?
A DR site that offers building space but no equipment, requiring organizations to bring their own technology.
What is a cold site?
The simplest form of backup, storing all selected data regardless of changes.
What is a full backup?
This type of event triggers incident response procedures and may escalate to a continuity activation.
What is a security incident?
The process of identifying threats, vulnerabilities, and impacts to guide continuity planning.
What is risk assessment?
The process of identifying essential business functions and recovery requirements.
What is a Business Impact Analysis (BIA)?
This type of DR site has hardware ready but requires software and data restoration before operations resume.
What is a warm site?
This backup type saves only files that have changed since the last full backup.
hat is a differential backup?
: Teams use these predefined, actionable steps to follow during cyber incidents.
What are playbooks or runbooks?
This compliance standard requires organizations to maintain availability and resilience for financial reporting systems.
What is SOX (Sarbanes-Oxley Act)?
This term refers to the maximum time a process can be down before significant damage occurs.
What is the Recovery Time Objective (RTO)?
A fully equipped secondary location that can take over operations almost immediately.
What is a hot site?
This method saves only data that has changed since the last backup of any type.
What is an incremental backup?
2XP Answer
The process of restoring systems to normal operation after containment and eradication.
What is recovery?
This regulation requires strong continuity and DR protections for healthcare data.
What is HIPAA?
his is the maximum acceptable amount of data loss after a disruption.T
What is the Recovery Point Objective (RPO)?
The practice of distributing services across multiple data centers to ensure availability.
What is load balancing / geographic redundancy?
The approach of storing backups in multiple places, like local storage plus off-site or cloud.
What is the 3-2-1 backup rule?
This post-incident activity analyzes what went wrong and how to improve future responses.
What is a lessons-learned review?
A governance framework used globally for IT management, including continuity and security objectives.
What is COBIT?
The resilience strategy where organizations operate from geographically separated office locations.
What is site redundancy / multi-site operations?
A strategy where systems continuously replicate data to a backup environment to minimize downtime.
What is real-time failover / synchronous replication?
A tamper-resistant storage method often used for compliance, storing logs or backups in immutable form.
What is WORM (Write Once, Read Many) storage?
An advanced type of testing where teams simulate an actual outage or cyberattack without prior notice.
What is an unannounced drill / no-notice exercise?
The NIST publication that serves as the primary guide for developing IT contingency and DR plans.
2XP Answer.
What is NIST SP 800-34 Rev. 1?