Domain 2: Business Continuity (BC), Disaster Recovery (DR) and Incident Response Concepts
Business continuity planning, disaster recovery strategies, and incident response fundamentals.
This domain covers 10% of the exam. It tests understanding of business continuity concepts including components, importance, and purpose of BC planning; disaster recovery concepts including DR components, strategies, and objectives; and incident response concepts including the IR lifecycle, detection, reporting, containment, eradication, and post-incident review. Candidates must understand how these three disciplines work together to maintain organizational resilience.
5 minutes
5 Questions
Domain 2 of the ISC2 Certified in Cybersecurity (CC) certification focuses on Business Continuity (BC), Disaster Recovery (DR), and Incident Response (IR) concepts, which are critical frameworks for organizational resilience against disruptions.
**Business Continuity (BC)** ensures that essential business functions continue operating during and after a disaster. It involves identifying critical processes, assessing risks, and developing a Business Continuity Plan (BCP). Key components include Business Impact Analysis (BIA), which determines the potential effects of disruptions on operations, identifying Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). RTO defines the maximum acceptable downtime, while RPO specifies the maximum tolerable data loss measured in time.
**Disaster Recovery (DR)** is a subset of business continuity focused specifically on restoring IT systems, data, and infrastructure after a disaster. The Disaster Recovery Plan (DRP) outlines procedures for recovering critical technology resources. It includes strategies such as backup sites (hot, warm, and cold sites), data replication, and regular backup testing. DR planning ensures organizations can resume technology operations within acceptable timeframes.
**Incident Response (IR)** is the structured approach to handling security incidents, breaches, and cyber threats. The IR process typically follows phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. An Incident Response Plan (IRP) defines roles, responsibilities, communication protocols, and escalation procedures. The Incident Response Team (IRT) is responsible for detecting, analyzing, and responding to security events promptly to minimize damage.
Key concepts across all three areas include regular testing and exercises (tabletop exercises, simulations), documentation and plan maintenance, communication strategies, and training employees on their roles during disruptions. Organizations must regularly review and update these plans to address evolving threats and changing business requirements.
Understanding these concepts demonstrates the ability to support organizational resilience, minimize operational downtime, protect critical assets, and ensure a systematic approach to managing incidents and disasters effectively.Domain 2 of the ISC2 Certified in Cybersecurity (CC) certification focuses on Business Continuity (BC), Disaster Recovery (DR), and Incident Response (IR) concepts, which are critical frameworks for organizational resilience against disruptions.
**Business Continuity (BC)** ensures that essential …
