While observing a full simulation of the business continuity plan, an IS auditor notices that the
notification systems within the organizational facilities could be severely impacted by infra structural
damage. The BEST recommendation the IS auditor can provide to the organization is to ensure:

The activation of an enterprise’s business continuity plan should be based on predetermined criteria
that address the:

An organization has outsourced its wide area network (WAN) to a third-party service provider.
Under these circumstances, which of the following is the PRIMARY task the IS auditor should
perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

An IS auditor can verify that an organization’s business continuity plan (BCP) is effective by reviewing
the:

To optimize an organization’s business contingency plan (BCP), an IS auditor should
recommend conducting a business impact analysis (BlA) in order to determine:

A financial services organization is developing and documenting business continuity measures. In
which of the following cases would an IS auditor MOST likely raise an issue?

A medium-sized organization, whose IT disaster recovery measures have been in place and regularly
tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop
exercise has been performed successfully. Which testing should an IS auditor recommend be
performed NEXT to verify the adequacy of the new BCP?

Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?

Default permit is only a good approach in an environment where:

Talking about the different approaches to security in computing, the principle of regarding the
computer system itself as largely an untrusted system emphasizes: