Which of the following should be of MOST concern to an …

Which of the following should be of MOST concern to an IS auditor reviewing the BCP?

Which of the following should be of MOST concern to an IS auditor reviewing the BCP?

A.
The disaster levels are based on scopes of damaged functions, but not on duration.

B.
The difference between low-level disaster and software incidents is not clear.

C.
The overall BCP is documented, but detailed recovery steps are not specified.

D.
The responsibility for declaring a disaster is not identified.

Explanation:
If nobody declares the disaster, the response and recovery plan would not be invoked, making all other
concerns mute. Although failure to consider duration could be a problem, it is not as significant as scope, and
neither is as critical as the need to have someone invoke the plan. The difference between incidents and lowlevel disasters is always unclear and frequently revolves around the amount of time required to correct the
damage. The lack of detailed steps should be documented, but their absence does not mean a lack ofrecovery, if in fact someone has invoked the plan.



Leave a Reply 0

Your email address will not be published. Required fields are marked *