Exam CISSP topic 1 question 21 discussion

Plan = Plan Do = Perform Act = Improve Check = Monitor PLAN - D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established. DO - C. Ensure the business continuity policy, controls, processes, and procedures have been implemented. ACT - A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review. Check - B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement.

PLAN: • D. Ensure that business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity have been established. Do • B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement. Check • C. Ensure the business continuity policy, controls, processes, and procedures have been implemented. Act • A. Maintain and improve the Business Continuity Management (BCM) system by taking corrective action, based on the results of management review. Plan This is the ONLY sensical flow of these steps giving "B" as the Do step/answer

C is very correct. Monitoring is same check or analyze or examine.

option C. It focuses on the implementation of the plans and processes that were developed, which is the core purpose of this phase in the model. Layer 0: The most trusted layer, where the operating system kernel resides Layer 1: Contains nonprivileged parts of the operating system Layer 2: Contains I/O drivers, low-level operations, and utilities Layer 3: Contains applications and processes

Plan: This phase involves defining the problem, setting goals, and creating a plan to address the issue. Do: This phase is where the plan is implemented and executed. In the context of business continuity management, this involves ensuring that the established policies, controls, processes, and procedures are put into action. Check: This phase involves monitoring and reviewing the results of the implementation to determine if the plan is working as intended. Act: This phase involves taking corrective action based on the findings of the check phase, and making improvements to the plan.

1. **Plan.** Decide what needs to be done, establish the objectives, and determine the processes needed to implement the change. 2. **Do.** Execute the plan. 3. **Check.** Evaluate the results of the plan. This may happen through the use of statistical measures of performance, observations, or evaluations. 4. **Act (or Adjust).** Based on the information generated in the **Do** and **Check** phases (i.e., root causes of failure identified), risk is re-evaluated — and the baseline is determined to measure performance of future changes (adjust).

Do: Implementing the ISMS This phase is where an organisation implements the ISMS policy, controls, processes, and procedures. In the Do phase, an organisation conducts a risk assessment and evaluates the reasons behind each structure. They must prepare procedures indicating the risks and their treatment. Ensuring that the procedure and policy documents are available, adequately protected, distributed, and stored in a managed system is crucial. Documents of external origin must also fall under the scope of ISMS 27001. This is how the Do phase is accomplished.

C is correct

Plan -> D Do -> C Act -> A Check -> B

Implement following the Security Policies is "DO"

Is this even in the OSG?

B is the correct answer. See https://www.mindtools.com/as2l5i1/pdca-plan-do-check-act 2. Do Once you've identified a potential solution, test it safely with a small-scale pilot project. This will show whether your proposed changes achieve the desired outcome – with minimal disruption to the rest of your operation if they don't. For example, you could organize a trial within a department, in a limited geographical area, or with a particular demographic. As you run the pilot project, gather data to show whether the change has worked or not. You'll use this in the next stage.

B is the correct answer. The next step is to test your hypothesis (i.e., your proposed solution). The PDCA cycle focuses on smaller, incremental changes that help improve processes with minimal disruption. Test your hypothesis with a small-scale project, preferably in a controlled environment, so you can evaluate the results without interrupting the rest of your operation. You might want to test the solution on one team or within a certain demographic.

1 The answer is B. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorize actions for remediation and improvement. The Do phase of the Plan-Do-Check-Act model is the second phase of the cycle. In this phase, the plan is implemented and the results are monitored. The goal of the Do phase is to ensure that the plan is working as expected and that it is meeting the organization's objectives.

in the "Do" phase of the PDCA model, option C is performed, which focuses on the implementation of business continuity policies, controls, processes, and procedures.

C is correct

Look at the verbs: Plan - Established DO - IMPLEMENTED Act - Maintain and improve Check - Monitor and review