PrepAway - Latest Free Exam Questions & Answers

The IS auditor should recommend that the plan be modif…

During an audit, an IS auditor notes that an organization’s business continuity plan (BCP) does not
adequately address information confidentiality during a recovery process. The IS auditor should

recommend that the plan be modified to include:

PrepAway - Latest Free Exam Questions & Answers

A.
the level of information security required when business recovery procedures are invoked.

B.
information security roles and responsibilities in the crisis management structure.

C.
information security resource requirements.

D.
change management procedures for information security that could affect business continuity
arrangements.

Explanation:
Business should consider whether information security levels required during recovery should be
the same, lower or higher than when business is operating normally. In particular, any special rules
for access to confidential data during a crisis needto be identified. The other choices do not directly
address the information confidentiality issue.


Leave a Reply