BCP Process steps

Hi

The different books eventually confuse you instead of clearing your mind, get to the point and the comments are all yours.
The BCP process is analyzed totally different on three different books

Official ISC2 Guide
- Project Initiation and Management
- Develop and Document Project Scope and Plan
- Conducting the Business Impact Analysis (BIA)
- Identify and Prioritize
- Assess Exposure to Outages
- Recovery Point Objectives (RPO)

Sybex
- Project scope and planning
- Business impact assessment
- Continuity planning
- Approval and implementation

AIO
- Develop the continuity planning
- Conduct the BIA
- Identify preventive control
- develop recovery strategy
- Develop the contigency plan
- test the plan and conduct training
- Maintain the plan

Which one do you think to choose

Find more posts tagged with

Comments

Roxton

Hey

I have also noticed some differences beween the various books, and I would love to see the responses for this

Ty

mkohi

This is helpful but I would also like to hear user inputs.

https://www.cybrary.it/video/part-14-bcp-intro/

Roxton

I am no expert, but being doing some digging and i think(I stand under correction) the Nist 800-34 is the more or less correct steps. Will need to probably wait for someone that actually knows I guess.

coffeeisgood

there is another source

CISSP Study Guide 3rd edition by Eric Conrad
Chapter 8 : Domain 7 Security OPerations
page 394

DEVELOPING A BCP/DRP
points to
NIST SP800-34

* Project Initiation
* Scope the Project
* Business Impact Analysis
* Recovery Strategy
* Plan Design and Development
* Implementation, Training, and Testing
* BCP/DRP Maintenance

NIST SP800-34
Contingency Planning Guide for
Federal Information Systems

the link referenced in this book is
http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf

but the link above states the publication has been moved to:

http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf

& sadly, well... reviewing SP800-34 did not clear much up....
sorry if this just fueled the fire but wanted to source this question in my current book

webpriestess

I have to concur with my friend coffee...stick with the NIST.

I *just* got done listening to Kelly's take on BCP on Cybrary...how funny is that

Here is exactly what's on her slide (very similar to NIST):

:: Project Initiation
:: Business Impact Analysis
:: Recovery Strategy
:: Plan Design and Development
:: Implementation
:: Testing
:: Maintenance

Keep in mind that BIA always stands out when you talk Biz Con.

::Claudia

harrym1

Can anyone shed some light on this please?

When someone is performing disaster recovery means, recovery at the disaster site or bringing the business up at an alternate site?

p@r0tuXus

Remembering from my Sec+ training, there are hot/warm/cold backup sites. Just depends on the BCP to determine which site is used. Also, after reading these posts, I can see a lot of similarity in the list from start to finish. Some of it may arbitrarily come before other points, but the flow seems natural. Prepare, observe, plan, develop, implement, test, train, maintain.

chickenlicken09

i think kelly should write a cissp book

jt2929

harrym1 wrote: »

Can anyone shed some light on this please?

When someone is performing disaster recovery means, recovery at the disaster site or bringing the business up at an alternate site?

Most things happening at the disaster site is Disaster Recovery. If you are bringing the business up at an alternate site, regardless of what type of backup site it is, that is Business Continuity.

Business Continuity = enabling the business to run while recovering from a disaster.

harrym1

Thanks to all for the reply.

jt2929
This kind of explanation I was looking for. Thanks a lot for clarifying.

Sirkassad

For what its worth, I came across these flashcards:

Business Continuity Planning
· Created to prevent interruptions to normal business activity
· Protect critical business process from man made and natural disasters
· Minimize the effect and all resumption of business process

Key difference between BCP and DRP
· DRP addresses the procedures to be followed during and after the loss.

In addition, I remember hearing that DRP is more geared to getting I.T system up and running.