Change management procedures to ensure that disaster recovery/business continuity plans are
kept up-to- date can be BEST achieved through which of the following?
A.
Reconciliation of the annual systems inventory to the disaster recovery, business continuity
plans
B.
Periodic audits of the disaster recovery/business continuity plans
C.
Comprehensive walk-through testing
D.
Inclusion as a required step in the system life cycle process
Explanation:
Information security should be an integral component of the development cycle; thus, it should be
included at the process level. Choices A, B and C are good mechanisms to ensure compliance,
but would not be nearly as timely in ensuring that the plans are always up-to-date. Choice D is a
preventive control, while choices A, B and C are detective controls.