CompTIA Security+ Exam Prep

Answer: C - Creating a financial plan is not one of the best practices set by the National Institute of Standards and Technology. The seven best practices include: 1) Develop the continuity planning policy statement and write a policy that provides the guidance necessary to develop a BCP and the assigns authority to the necessary roles to carry out these tasks. 2) Conduct the business impact analysis. Identify critical functions and systems and allow the organization to prioritize them based on necessity. Identify vulnerabilities, threats, and calculate risks. 3) Identify preventive controls. Once threats are recognized, identify and implement controls and countermeasures to rescue the organization’s risk level in an economical manner. 4) Develop recovery strategies. Formulate methods to ensure systems and critical functions can be brought online quickly. 5) Develop the contingency plan. Write procedures and guidelines for how the organization can still stay functional in a crippled state. 6) Test the plan and conduct training and exercise. Test the plan to identify deficiencies in the BCP and conduct training to properly prepare individuals on their expected tasks. 7) Maintain the plan. Put in place steps to ensure the BCP is a living document that is updated regularly.