🏠 Back to Exam Syllabus πŸ“Ί RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 3.4 - Continuity Planning

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series moves the Domain 1 business continuity process from analysis to action β€” how a ranked list of risks becomes real protection, and how organizations decide what to defend, what to accept, and how to shield the assets that keep them alive through a disruption.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What is continuity planning, and what does it produce?

This phase takes the prioritized risks from your impact analysis and builds strategies to shield your protected assets from harm, through two subtasks: strategy development and provisions and processes. The output is a continuity of operations plan, which spells out how you keep critical functions running from the moment a disruption hits through up to a month of sustained operation.

How do you develop a strategy that decides which risks to fight?

Strategy development is the bridge from analysis to action. You take the prioritized list and decide which risks the plan will actually address, because a zero-downtime posture against every possible threat is simply impossible to fund. You return to your maximum tolerable downtime estimates and sort each risk into acceptable or must-mitigate, and cost always frames the decision β€” it only makes sense to mitigate when the mitigation costs less than the expected damage.

What are provisions and processes, and which assets do they protect?

This subtask is the meat of the entire plan, where you design the concrete procedures and mechanisms that mitigate the risks you deemed unacceptable. Everything you build protects one of three categories of assets: people, buildings and facilities, and infrastructure. Each category needs its own kind of defense.

How do you safeguard people during an emergency?

People come first, always, ahead of every business goal. Your first duty is to keep everyone safe before, during, and after an emergency, and only then help them carry out their tasks as normally as circumstances allow. That means giving teams the resources to do their jobs, and if people must stay on-site for long stretches, arranging shelter and food β€” a serious plan maintains rotated stockpiles of provisions sized to feed operational and support staff for an extended time.

How do you safeguard your infrastructure?

Your plan protects infrastructure two ways, mirroring how you protect buildings. Physically hardening systems adds protective measures like clean fire suppression and uninterruptible power supplies, while alternative systems build in redundancy, either duplicate components or fully redundant systems running from different facilities. Moving to the cloud does not remove this concern β€” you still depend on your provider’s physical infrastructure, so you must confirm you are comfortable with their continuity planning.

πŸ“š Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 3.4 - Continuity Planning.