| π Back to Exam Syllabus | πΊ RooCloud on YouTube | π RooCloud Practice Exams |
CISSP 3.2 - Project Scope & Planning (Part 1 of 2)
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series continues the business continuity coverage in Domain 1, looking at how a continuity effort gets off the ground β how the setup phase is structured, how you discover who has a stake in the outcome, and why the makeup and backing of the planning team decide whether the whole effort succeeds.
What this episode covers
- The scope and planning phase β a setup phase built on a proven methodology, tailored to your size, culture, and business.
- Four guiding goals β organizational review, team selection, resource assessment, and the legal and regulatory landscape.
- Business organization analysis β mapping operational units, critical support groups, corporate security, and executives.
- Team validation β the full team must revisit the analysis, because the first pass often misses functions.
- The continuity team roster β operations, IT and cybersecurity, facilities, legal, human resources, public relations, and senior management.
- Senior leadership support β visible backing that brings authority, resources, dispute resolution, and legal grounding.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What is the project scope and planning phase, and what goals guide it?
This is the setup phase of the business continuity effort, and it rests on a proven methodology rather than guesswork. Four goals steer it: a structured review of the organization through a crisis-planning lens, forming a continuity team with senior managementβs blessing, assessing the resources available for the work, and studying the legal and regulatory landscape that shapes your response. There is no single template that fits every company, so you tailor the approach to your size, culture, and business.
How do you review the organization to find who has a stake?
You perform a business organization analysis, a structured look at every department and person with skin in the game. You map the operational units that deliver core services, capture critical support groups like IT and facilities, include corporate security, and loop in senior executives whose leadership keeps the organization viable. Whoever starts the analysis, the full team must revisit and validate it, because the first pass often misses functions that only insiders from other units would recognize.
Who belongs on the continuity team?
You build a broad team on purpose: representatives from the core service departments, IT and cybersecurity experts, physical security and facilities staff, attorneys who understand your legal, regulatory, and contractual duties, human resources, public relations, and senior management to set the vision and free up resources. Every member carries a bias toward their own department, and that is a feature, not a flaw β handled well, those competing voices balance the final plan.
Why does senior leadership involvement make or break the effort?
Visible support from the top signals to everyone that the work is real, not a box-checking exercise, and leaders do things no one else can: set priorities, allocate staff and budget, and settle disputes over which services truly matter most. There is legal weight too β at a publicly traded firm, officers and directors can be held personally accountable when they neglect reasonable preparation and a disaster then devastates the business. Continuity spending is not optional; their fiduciary duty to shareholders demands that adequate measures exist.
π Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 3.2 - Project Scope & Planning (Part 1 of 2).