CISM Certified Information Security Manager – Question1402

The PRIMARY consideration when defining recovery time objectives (RTOs) for information assets is:

A.
regulatory' requirements.
B. business requirements.
C. financial value.
D. IT resource availability.

Correct Answer: B

Explanation:

Explanation:
The criticality to business should always drive the decision. Regulatory requirements could be more flexible than business needs. The financial value of an asset could not correspond to its business value. While a consideration, IT resource availability is not a primary factor.