During an IT audit of a large bank, an IS auditor observes
that no formal risk assessment exercise has been carried out
for the various business applications to arrive at their
relative importance and recovery time requirements. The risk
that the bank is exposed to is that the:
A. business continuity plan may not have been calibrated to
the relative risk that disruption of each application poses
to the organization.
B. business continuity plan may not include all relevant
applications and therefore may lack completeness in terms of
its coverage.
C. business impact of a disaster may not have been
accurately understood by the management.
D. business continuity plan may lack an effective ownership
by the business owners of such applications.
- 1 Answers
- 6225 Views
- I also Faced
- E-Mail Answers
Answer Posted / guest
Answer: A
The first and key step in developing a business continuity
plan is a risk assessment exercise that analyzes the various
risks that an organization faces and the impact of
non-availability of individual applications. Section 4.9.1.2
of BS 7799 (Standard on Information Security Management )
states that ?a strategy plan, based on appropriate risk
assessment, shall be developed for overall approach to
business continuity.?
| Is This Answer Correct ? | 3 Yes | 0 No |
Post New Answer View All Answers
