Risk Identification
What is the first step in a business continuity risk assessment?
What is identifying potential threats and vulnerabilities?
This type of backup is taken at regular intervals and stored offsite.
What is an incremental backup?
This strategy involves spreading operations across multiple locations.
What is geographic diversification?
This federal law requires financial institutions to have continuity plans.
What is the Gramm-Leach-Bliley Act (GLBA)?
A snowstorm shuts down your main office. What’s your first step?
What is activating the business continuity plan?
This type of analysis helps determine the impact of disruptions.
What is a Business Impact Analysis (BIA)?
The maximum tolerable period a system can be down is called this.
What is Recovery Time Objective (RTO)?
Regularly testing your BCP is an example of this type of control.
What is a preventive control?
This international standard provides a framework for business continuity.
What is ISO 22301?
Your data center floods. What’s the best immediate action?
What is switching to a backup site or cloud environment?
Name one internal and one external risk to business continuity.
What are system failure (internal) and natural disasters (external)?
This plan outlines how to restore IT systems after a disaster.
What is a Disaster Recovery Plan (DRP)?
This strategy involves transferring risk to another party.
What is risk transfer (e.g., insurance)?
This agency provides guidelines for continuity in U.S. federal agencies.
What is FEMA (Federal Emergency Management Agency)?
A cyberattack locks your systems. What’s the first team to respond?
What is the incident response team?
This document lists all critical business functions and their dependencies.
What is a Business Continuity Plan (BCP)?
This term refers to the point in time to which data must be restored.
What is Recovery Point Objective (RPO)?
This type of analysis helps prioritize which risks to address first.
What is a risk prioritization matrix?
This act mandates data protection and breach notification in the EU.
What is the General Data Protection Regulation (GDPR)?
A supplier goes bankrupt. What continuity strategy helps here?
What is having alternate suppliers or vendor redundancy?
This risk assessment technique evaluates both likelihood and impact.
What is a risk matrix?
This type of site is fully equipped and can take over operations immediately.
What is a hot site?
This strategy involves accepting a risk when the cost of mitigation is too high.
What is risk acceptance?
This document outlines roles, responsibilities, and escalation procedures.
What is a governance framework?
A pandemic disrupts global operations. What long-term strategy is key?
What is remote work infrastructure and flexible supply chains?