Which of the following would be MOST useful in developing a series of recovery time objectives (RTOs)?
Correct Answer: D
Section: INFORMATION RISK MANAGEMENT Explanation: Recovery time objectives (RTOs) are a primary deliverable of a business impact analysis. RTOs relate to the financial impact of a system not being available. A gap analysis is useful in addressing the differences between the current state and an ideal future state. Regression analysis is used to test changes to program modules. Risk analysis is a component of the business impact analysis.
Question 122
Which of the following is the BEST type of access control for an organization with employees who move between departments?
Correct Answer: D
Question 123
Information security controls should be designed PRIMARILY based on:
Correct Answer: C
Question 124
Which of the following is the BIST course of action for the information security manager when residual risk is above the acceptable level of risk?
Correct Answer: A
Question 125
Which of the following BEST determines the allocation of resources during a security incident response?
Correct Answer: D
Explanation = The allocation of resources during a security incident response depends on the defined levels of severity, which indicate the potential impact and urgency of the incident. The levels of severity help prioritize the response activities and assign the appropriate roles and responsibilities. Senior management commitment, a business continuity plan (BCP), and an established escalation process are important factors for an effective incident response, but they do not directly determine the allocation of resources. References = CISM Review Manual, 16th Edition, page 3011; CISM Review Questions, Answers & Explanations Manual, 10th Edition, page 1462 Learn more: 1. isaca.org2. amazon.com3. gov.uk Defined levels of severity is the best determinant of the allocation of resources during a security incident response. Having defined levels of severity allows organizations to plan for and allocate resources for each level of incident, depending on the severity of the incident. This ensures that the right resources are allocated in a timely manner and that incidents are addressed appropriately.
