CISSP: Business Continuity Planning and Exercises


Business continuity planning (BCP) is the process of ensuring the continuous operation of your business before, during, and after a disaster event. The focus of BCP is totally on business continuation and it ensures that all services that the business provides or critical functions that the business performs are still carried out in the wake of the disaster. To ensure that the critical business services and functions are still operable, the organization needs to take into account the most common threats to their critical functions and also consider any associated vulnerabilities.

The Business Continuity Planning Process

The purpose of business continuity planning is to respond to disruption, activate recovery teams, handle tactical disaster status communication, assess damage caused by disruption, and recover critical assets and processes.

Cloud Native Now

Developing a BCP plan is vital for an organization. It helps to minimize an interruption in normal business functions for any event, from small to catastrophic. BCP has a specific set of requirements for review and implementation to insure that all planning has been considered.

Following are the steps for BCP:

  • Project initiation
  • Scope
  • Business impact analysis
  • Identify preventive control
  • Recovery strategy
  • Designing and development
  • Implementation, training, and testing
  • BCP maintenance

NIST SP800-34 provides a guideline for developing a logical BCP. It can be found at:

Project Initiation

The scope of the project must be defined and agreed upon before developing a BCP. There are seven milestones involved:

  1. Develop a contingency planning policy statement.
  2. Conduct business impact analysis (BIA).
  3. Identify preventive control.
  4. Develop strategies for recovery.
  5. Develop an IT contingency plan.
  6. Plan testing, training, and exercises.
  7. Maintenance planning.

Project requirements

Management Support

Upper-level management support is very important in BCP planning and implementation. C-level management must agree to the plan set forth and must also support the plan’s action (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by InfoSec Resources. Read the original post at:

Cloud Capabilities Poll