nerdexam
(ISC)2

CISSP · Question #1170

A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided that a formal committee is needed to establish a busines

The correct answer is A. Project Initiation and Management. Project Initiation and Management is the first stage of business continuity development, where the scope, objectives, and goals of the business continuity program are defined and the roles and responsibilities of the business continuity team are assigned. This stage also involves

Submitted by ngozi_ng· Mar 5, 2026Security and Risk Management

Question

A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided that a formal committee is needed to establish a business continuity policy. Which of the following BEST describes this stage of business continuity development?

Options

  • AProject Initiation and Management
  • BRisk Evaluation and Control
  • CDeveloping and Implementing business continuity plans (BCP)
  • DBusiness impact analysis (BIA)

How the community answered

(30 responses)
  • A
    87% (26)
  • B
    3% (1)
  • C
    3% (1)
  • D
    7% (2)

Explanation

Project Initiation and Management is the first stage of business continuity development, where the scope, objectives, and goals of the business continuity program are defined and the roles and responsibilities of the business continuity team are assigned. This stage also involves establishing a formal committee to oversee and approve the business continuity policy, which is a document that outlines the principles, standards, and guidelines for the business continuity program. The committee should consist of senior management and key stakeholders from different business units and functions, as well as external experts and consultants if needed. The committee should also ensure that the business continuity program is aligned with the organizational strategy, culture, and values, and that it complies with the relevant laws, regulations, and best practices. Risk Evaluation and Control is the second stage of business continuity development, where the potential threats, vulnerabilities, impacts, and likelihoods of the business processes and resources are identified and analyzed, and the appropriate controls and countermeasures are implemented and tested to reduce the risks to an acceptable level. Developing and Implementing Business Continuity Plans (BCP) is the third stage of business continuity development, where the specific plans and procedures for ensuring the continuity and recovery of the critical business functions and resources are developed and implemented, based on the results of the risk evaluation and control and the business impact analysis. Business Impact Analysis (BIA) is the fourth stage of business continuity development, where the criticality, dependencies, and recovery requirements of the business processes and resources are determined and prioritized, based on the criteria of maximum tolerable downtime, recovery time objective, recovery point objective, and minimum operating level.

Topics

#business continuity planning#disaster recovery#policy development

Community Discussion

No community discussion yet for this question.

Full CISSP Practice