Business Continuity Planning
Business continuity planning helps an organization predict and plan for potential outages of critical services or functions. The goal is to ensure that critical business operations continue and the organization can survive the outage. If you’re planning on taking the Security+ exam, you should have a basic understanding of relevant topics related to the process of business continuity planning.
Here’s a sample question:
Q. A BCP includes a chart listing roles within the organization along with their matching responsibilities during a disaster. It also includes a chain of command. What is the purpose of this chart?
A. IT contingency planning
B. Succession planning
C. COOP
D. RTO
Can you answer the question? More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Organizations often create a business continuity plan (BCP). This plan includes BIA, COOP and disaster recovery, IT contingency and succession planning. This post covers IT Contingency Planning and Succession Planning.
IT Contingency Planning
Information technology (IT) contingency planning is focused on recovery for IT systems only. From a broader perspective, a BCP looks at the entire organization and can include one or more DRPs. A DRP provides steps and procedures to return one or more systems to operation after a major disruption or outage and may involve moving operations to a different location. IT contingency planning works on a smaller scale and examines single systems only.
Notice there is a little overlap here. A DRP can document steps and procedures to return a single system to operation, just as an IT contingency plan can. For a small organization, there isn’t any real distinction between the two. However, for a large organization, the IT contingency plan provides a little more manageability for the process. Instead of creating a massive DRP that does everything, it can create a DRP with multiple IT contingency plans.
Succession Planning
Succession planning means different things depending on the context. From a purely business perspective, succession planning identifies people within the organization who can fill leadership positions. The goal is to ensure the business can continue to thrive even if key leaders within the organization become ill or leave unexpectedly.
Within the context of business continuity and disaster preparedness, succession planning is the process of identifying a hierarchical chain of command. For example, the cost to activate a warm site might be substantial, so a BCP may dictate that only the CEO can decide when to activate the warm site. However, what does the organization do if the CEO is vacationing in Las Vegas or is otherwise unreachable? The BCP can provide an order of succession used during a disaster to ensure that someone has the authority to make decisions.
Without clear succession planning, people might try to take control when they shouldn’t. Even when succession planning is clear, people might still try to take control in crisis situations. In 1981, after John Hinckley Jr. shot President Reagan, Secretary of State Alexander Haig infamously said, “I am in control here.” However, the U.S. constitution identifies the line of succession if the president is incapacitated. The succession order is the vice president, the Speaker of the House, the president pro tempore of the Senate, and then the secretary of state. Several people quickly pointed out the correct line of succession.
In contrast, if no one perceives they have any authority, they might be reluctant to make any decisions. To address this, a BCP or DRP might include a chart of roles and responsibilities organized by title, along with a hierarchical chain of command. This makes clear to personnel who can make certain decisions.
CompTIA Security+ Study Guide
The 501 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it. It includes the same elements readers raved about in the previous three versions.Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
Remember this
Succession planning ensures that an organization can continue to thrive even if key leaders unexpectedly leave or are unavailable. Some BCPs and DRPs include charts identifying roles and responsibilities, along with a clear chain of command.
Full Security+ Course
SY0-501 Full Security+ Course
Helping you Pass the First Time
Online access includes all of the content from the
CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
- Introduction
- About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
- 75 question pre-assessment exam
- Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
- Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
- Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
- Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
- Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
- Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
- Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
- Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
- Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
- Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
- Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
- 75 question post-assessment exam
- Glossary
Get the SY0-501 Full Security+ Course Here
Test your readiness with these quality materials
Random 75-question tests
Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.3 sets Performance-based Questions
Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.
Flashcard Set
- 494 Online Security+ Glossary Flashcards
- 222 Online Security+ Acronyms Flashcards
- 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
Audio - SY0-501 Security+ Remember This Audio Files
Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)Audio - SY0-501 Security+ Question and Answer Audio Files
Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)Bonus #1
Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
. Over one hour and 40 minutes of additional audio.Bonus #2
Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide
. This includes labs, extra practice test questions, and supplementary materialsBonus #3
Access the study materials for a total of 60 days because sometimes life happens.Q. A BCP includes a chart listing roles within the organization along with their matching responsibilities during a disaster. It also includes a chain of command. What is the purpose of this chart?
A. IT contingency planning
B. Succession planning
C. COOP
D. RTO
Answer is B. Succession planning clarifies who can make decisions during a disaster and can be documented in a chart listing roles and responsibilities along with a chain of command.
IT contingency planning focuses on recovery of IT systems.
Continuity of operations planning (COOP) identifies methods, such as alternate sites, that an organization can implement after a disaster.
Recovery time objective (RTO) identifies the maximum amount of time it should to take to restore a system after an outage.
