Certified Information Systems Security Professional (CISSP) — Question 369

A security practitioner has been asked to model best practices for disaster recovery (DR) and business continuity. The practitioner has decided that a formal committee is needed to establish a business continuity policy. Which of the following BEST describes this stage of business continuity development?

Answer options

• A. Developing and Implementing business continuity plans (BCP)
• B. Project Initiation and Management
• C. Risk Evaluation and Control
• D. Business impact analysis (BIA)

Correct answer: B

Explanation

The correct answer is B, as project initiation and management involves forming a committee to guide the establishment of policies. The other options refer to later stages or specific actions within the business continuity framework, such as developing plans or conducting risk assessments, which occur after the initiation phase.