CERTIFIED-IN-CYBERSECURITY Question #346: Real Exam Question with Answer & Explanation

Question

What is the primary objective of a Business Continuity Plan (BCP) in the context of incident response, business continuity, and disaster recovery concepts?

Options

• ATo focus solely on preventing incidents from occurring
• BTo ensure the organization can continue to operate during and after a disaster or major incident
• CTo avoid implementing any recovery strategies
• DTo disregard the need for a coordinated response to a major incident

Explanation

The primary objective of a business continuity plan (BCP) is to ensure that the organization can continue to operate during and after a disaster or major incident (see the ISC2 Study Guide, Module 2, under The Importance of Business Continuity). A BCP outlines the procedures and instructions an organization must follow in the face of such disasters. It covers business processes, assets, personnel, business partners, and more. For example, suppose a severe storm causes a power outage at a company's headquarters. In this case, a well-prepared BCP might include moving operations to a secondary site or having employees work from home to ensure that business operations are not disrupted. The other options are wrong. Focusing solely on preventing incidents is not the primary goal of a BCP. While prevention is part of risk management, it is unrealistic to assume that all incidents can be prevented. Then, ignoring the need for a coordinated response to a major incident is not a viable strategy, as it would leave the organization unprepared and vulnerable to disruption. Finally, avoiding the implementation of any recovery strategies is also incorrect, as recovery strategies are a critical part of a BCP, ensuring that the organization can quickly recover and resume operations after a disaster.

No community discussion yet for this question.