| π Back to Exam Syllabus | πΊ RooCloud on YouTube | π RooCloud Practice Exams |
CISSP 18.6 - Testing & Maintenance
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series covers how you prove a recovery plan works and keep it working over time, within Domain 7, Security Operations. It walks the ladder of test types and the maintenance habits that keep the plan on paper matched to the organization that actually exists today.
What this episode covers
- Why test at all β a plan proves itself only under exercise, confirming provisions still work and still fit the organization.
- The six test types β a ladder from zero disruption up to full shutdown, and the examβs favorite comparisons.
- Paper and discussion tests β read-through, tabletop, and walk-through, none of which interrupt real business.
- Hands-on tests β simulation, parallel, and the riskiest full-interruption test that shifts everything to the recovery site.
- Lessons learned β a neutral facilitator turning each event into concrete process improvements while memories are fresh.
- Maintenance and communications β updates folded into change management, with stakeholders and regulators kept informed.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
Why must you test a recovery plan at all?
Because a plan only proves itself under exercise. Testing confirms the provisions still work and that the plan still fits an organization that never stops changing. Which test you choose depends on your recovery facilities, your culture, and who is available. There are six main types, and they form a ladder from zero disruption to full shutdown. Learn them as a progression, because the exam loves to ask which test does what and how much it disturbs normal operations.
How do the paper and discussion tests work?
These are the low-impact rungs of the ladder. A read-through simply distributes the plan to team members for review, quietly catching obsolete details and revealing when someone has left with no replacement named. A tabletop gathers the team to role-play a scenario the moderator reveals on the spot, talking through the right responses. A walk-through goes further, sometimes adding physical actions like having people leave the building. None of these interrupt real business, which makes them safe, frequent, and easy to justify.
How do the hands-on tests raise the stakes?
Here the ladder gets real. A simulation test presents a scenario and actually carries out some of the response, which may pause noncritical activities and pull in operational staff. A parallel test goes further, relocating people to the alternate site and activating it for real, while the main facility keeps running normal business untouched. A full-interruption test is the top rung and the riskiest, actually shutting down the primary site and shifting everything to the recovery facility, then reversing it, so it is hard to schedule and often meets resistance from management.
What does a lessons learned session accomplish?
It turns an incident into improvement. After any recovery effort, you gather everyone involved to reflect honestly on their role and the teamβs overall response, so the process and technology get better for next time. A neutral facilitator who played no part in the response leads it, keeping the conversation open and free of defensiveness. Speed matters because memories fade fast, so you hold it soon after the event, guided by structured questions, and it produces a report mapping out concrete process improvements.
How do maintenance and test communications keep the plan alive?
Maintenance treats the plan as a living document that changes as the organization changes: minor tweaks may travel by a few emails or calls, while major shifts need full team meetings, and regular testing is what surfaces the needed changes. Fold updates into your formal change management, so every infrastructure change refreshes the documentation. Communication wraps around every test, telling stakeholders the timing, impact, and goals beforehand, giving progress updates during a disruptive test, running a debrief afterward, and keeping regulators informed where the rules demand it.
π Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 18.6 - Testing & Maintenance.