Business continuity planning helps an organization predict and plan for potential outages of critical services or functions. The goal is to ensure that critical business operations continue and the organization can survive the outage. If you’re planning on taking the Security+ exam, you should have a basic understanding of relevant topics related to the process of business continuity planning.
Here’s a sample question:
Q. A BCP includes a chart listing roles within the organization along with their matching responsibilities during a disaster. It also includes a chain of command. What is the purpose of this chart?
A. IT contingency planning
B. Succession planning
C. COOP
D. RTO
Can you answer the question? More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Organizations often create a business continuity plan (BCP). This plan includes BIA, COOP and disaster recovery, IT contingency and succession planning. This post covers IT Contingency Planning and Succession Planning.
IT Contingency Planning
Information technology (IT) contingency planning is focused on recovery for IT systems only. From a broader perspective, a BCP looks at the entire organization and can include one or more DRPs. A DRP provides steps and procedures to return one or more systems to operation after a major disruption or outage and may involve moving operations to a different location. IT contingency planning works on a smaller scale and examines single systems only.
Notice there is a little overlap here. A DRP can document steps and procedures to return a single system to operation, just as an IT contingency plan can. For a small organization, there isn’t any real distinction between the two. However, for a large organization, the IT contingency plan provides a little more manageability for the process. Instead of creating a massive DRP that does everything, it can create a DRP with multiple IT contingency plans.
Succession Planning
Succession planning means different things depending on the context. From a purely business perspective, succession planning identifies people within the organization who can fill leadership positions. The goal is to ensure the business can continue to thrive even if key leaders within the organization become ill or leave unexpectedly.
Within the context of business continuity and disaster preparedness, succession planning is the process of identifying a hierarchical chain of command. For example, the cost to activate a warm site might be substantial, so a BCP may dictate that only the CEO can decide when to activate the warm site. However, what does the organization do if the CEO is vacationing in Las Vegas or is otherwise unreachable? The BCP can provide an order of succession used during a disaster to ensure that someone has the authority to make decisions.
Without clear succession planning, people might try to take control when they shouldn’t. Even when succession planning is clear, people might still try to take control in crisis situations. In 1981, after John Hinckley Jr. shot President Reagan, Secretary of State Alexander Haig infamously said, “I am in control here.” However, the U.S. constitution identifies the line of succession if the president is incapacitated. The succession order is the vice president, the Speaker of the House, the president pro tempore of the Senate, and then the secretary of state. Several people quickly pointed out the correct line of succession.
In contrast, if no one perceives they have any authority, they might be reluctant to make any decisions. To address this, a BCP or DRP might include a chart of roles and responsibilities organized by title, along with a hierarchical chain of command. This makes clear to personnel who can make certain decisions.
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
Remember this
Succession planning ensures that an organization can continue to thrive even if key leaders unexpectedly leave or are unavailable. Some BCPs and DRPs include charts identifying roles and responsibilities, along with a clear chain of command.
Q. A BCP includes a chart listing roles within the organization along with their matching responsibilities during a disaster. It also includes a chain of command. What is the purpose of this chart?
A. IT contingency planning
B. Succession planning
C. COOP
D. RTO
Answer is B. Succession planning clarifies who can make decisions during a disaster and can be documented in a chart listing roles and responsibilities along with a chain of command.
IT contingency planning focuses on recovery of IT systems.
Continuity of operations planning (COOP) identifies methods, such as alternate sites, that an organization can implement after a disaster.
Recovery time objective (RTO) identifies the maximum amount of time it should to take to restore a system after an outage.
