CISM Certified Information Security Manager – Question0516

When developing an incident response plan, the information security manager should:

A.
include response scenarios that have been approved previously by business management.
B. determine recovery time objectives (RTOs).
C. allow IT to decide which systems can be removed from the infrastructure.
D. require IT to invoke the business continuity plan.

Correct Answer: B