Change management procedures to ensure that disaster recovery/business continuity plans are kept up-to-date
can be BEST achieved through which of the following?
A.
Reconciliation of the annual systems inventory to the disaster recovery, business continuity plans
B.
Periodic audits of the disaster recovery/business continuity plans
C.
Comprehensive walk-through testing
D.
Inclusion as a required step in the system life cycle process
Explanation:
Information security should be an integral component of the development cycle; thus, it should be included atthe process level. Choices A, B and C are good mechanisms to ensure compliance, but would not be nearly as timely in ensuring that the plans are always up-to-date. Choice D is a preventive control, while choices A, B and C are detective controls.