CRISC Certified in Risk and Information Systems Control – Question431

A program manager has completed an unsuccessful disaster recovery test. Which of the following should the risk practitioner recommend as the NEXT course of action?

A.
Identify what additional controls are needed
B. Update the business impact analysis (BIA)
C. Prioritize issues noted during the testing window
D. Communicate test results to management

Correct Answer: B