CISA Certified Information Systems Auditor – Question1725 - CISA Certified Information Systems Auditor

Of the following alternatives, the FIRST approach to developing a disaster recovery strategy would be to assess whether:

A. all threats can be completely removed.
B. a cost-effective, built-in resilience can be implemented.
C. the recovery time objective can be optimized.
D. the cost of recovery can be minimized.

Correct Answer: B

Explanation:

Explanation:
It is critical to initially identify information assets that can be made more resilient to disasters, e.g., diverse routing, alternate paths or multiple communication carriers. It is impossible to remove all existing and future threats. The optimization of the recovery time objective and efforts to minimize the cost of recovery come later in the development of the disaster recovery strategy.