Business Continuity Plan (BCP) Correct Answer:  A plan for maintaining minimal operations until the business can return to full normal operations.

Disaster Recovery Plan (DRP) Correct Answer:  A plan for returning the business to full normal operations.

International Organization for Standardization (ISO) 27001 standard Correct Answer:  It is a code of practice for implementing an information security management system, against which organizations can be certified.

National Institute of Standards and Technology (NIST) 800-34 standard Correct Answer:  It is entitled Contingency Planning Guide for Information Technology Systems—thus it is clearly related to business continuity and disaster recovery.

Business Impact Analysis (BIA) Correct Answer:  An analysis of how specific incidents might impact the business operations.

U.S. National Fire Protection Association (NFPA) 1600 Standard Correct Answer:  This is formally titled Standard on Disaster/Emergency Management and Business Continuity Programs focused on responding to fire-related incidents.

Maximum Tolerable Downtime (MTD) Correct Answer:  The length of time a system can be down before the business cannot recover.

Mean Time to Repair (MTTR) Correct Answer:  The average time needed to repair a given piece of equipment.

Mean time to failure (MTTF) Correct Answer:  How long, on average, before a given piece of equipment will fail through normal use.

Recovery Point Objective (RPO) Correct Answer:  The amount of work that might need to be redone, or data lost.

Recovery Time Objective (RTO) Correct Answer:  The time that the system is expected to be back up. This must be less than MTD.

Single Loss Expectancy (SLE) Correct Answer:  The expected monetary loss every time a risk occurs.

Single Loss Expectancy (SLE) formula Correct Answer:  Asset Value (AV) x Exposure Factor (EF)

Annualized Loss Expectancy (ALE) Correct Answer:  Expected monetary loss for an asset due to a risk over a one-year period calculated by multiplying single loss expectancy by annualized rate of occurrence.

Annualized Loss Expectancy (ALE) formula Correct Answer:  Single Loss Expectancy (SLE) * Annual Rate of Occurrence (ARO)

Annual Rate of Occurrence (ARO) Correct Answer:  The number of times an incident is expected to occur in a year

Damage Potential, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD) Correct Answer:  It is a mnemonic for risk rating using five categories and an effective model for evaluating the impact of an attack.

Remote Network MONitoring (RMON) Correct Answer:  Developed by the Internet Engineering Task Force (IETF) in order to support network monitoring and protocol analysis.