A business continuity plan is an example of which of the following?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Business Continuity Plans are designed to minimize the damage done by the event, and facilitate rapid restoration of the organization to its full operational capacity.
They are for use "after the fact", thus are examples of corrective controls.
Reference(s) used for this question: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 8: Business Continuity Planning and Disaster Recovery Planning (page 273)
and Conrad, Eric; Misenar, Seth; Feldman, Joshua (2012-09-01)
CISSP Study Guide (Kindle Location 8069)
Elsevier Science (reference)
Kindle Edition.
and.
A business continuity plan (BCP) is an example of a corrective control.
Corrective controls are put in place to address problems or incidents that have already occurred. In the case of a BCP, it is developed to ensure that a business can recover from a disruptive incident, such as a natural disaster or a cyberattack, and continue operations as soon as possible.
The BCP outlines the processes and procedures that must be followed in the event of a disruptive incident. It includes steps to minimize the impact of the incident and restore critical business functions. The BCP is typically developed before an incident occurs and is regularly reviewed and updated to ensure its effectiveness.
Detective controls, on the other hand, are put in place to detect and identify security incidents that have already occurred. Examples of detective controls include intrusion detection systems and log monitoring.
Preventive controls are put in place to prevent security incidents from occurring in the first place. Examples of preventive controls include firewalls, access controls, and security awareness training.
Compensating controls are put in place to provide an alternative to a primary control that is not possible or practical to implement. Examples of compensating controls include increased monitoring or the use of alternative authentication methods.
In summary, a business continuity plan is a type of corrective control that is designed to address disruptive incidents that have already occurred and help the business recover as quickly as possible.