A medium-sized organization, whose IT disaster recovery measures have been in place and
regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP
tabletop exercise has been performed successfully. Which testing should an IS auditor recommend
be performed NEXT to verify the adequacy of the new BCP?

A financial services organization is developing and documenting business continuity measures. In
which of the following cases would an IS auditor MOST likely raise an issue?

To optimize an organization’s business contingency plan (BCP), an IS auditor should recommend
conducting a business impact analysis (BlA) in order to determine:

An IS auditor can verify that an organization’s business continuity plan (BCP) is effective by
reviewing the:

An organization has outsourced its wide area network (WAN) to a third-party service provider.

Under these circumstances, which of the following is the PRIMARY task the IS auditor should
perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?

While observing a full simulation of the business continuity plan, an IS auditor notices that the
notification systems within the organizational facilities could be severely impacted by infra structural
damage. The BEST recommendation the IS auditor can provide to the organization is to ensure:

The activation of an enterprise’s business continuity plan should be based on predetermined criteria
that address the:

An organization has just completed their annual risk assessment. Regarding the business
continuity plan, what should an IS auditor recommend as the next step for the organization?

Integrating business continuity planning (BCP) into an IT project aids in:

During a review of a business continuity plan, an IS auditor noticed that the point at which a situation
is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: