While reviewing the business continuity plan of an organization, an IS auditor observed that the
organization’s data and software files are backed up on a periodic basis. Which characteristic of an
effective plan does this demonstrate?

A.
Deterrence

B.
Mitigation

C.
Recovery

D.
Response

Explanation:
An effective business continuity plan includes steps to mitigate the effects of a disaster. Files must
be restored on a timely basis for a backup plan to be effective. An example of deterrence is when a
plan includes installation of firewalls for information systems. An example of recovery is when a plan
includes an organization’s hot site to restore normal business operations.