Last Updated on December 21, 2021 by Admin 3
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172
During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that:
- assessment of the situation may be delayed.
- execution of the disaster recovery plan could be impacted.
- notification of the teams might not occur.
- potential crisis recognition might be ineffective.
Explanation:
Execution of the business continuity plan would be impacted if the organization does not know when to declare a crisis. Choices A, C and D are steps that must be performed to know whether to declare a crisis. Problem and severity assessment would provide information necessary in declaring a disaster. Once a potential crisis is recognized, the teams responsible for crisis management need to be notified. Delaying this step until a disaster has been declared would negate the effect of having response teams. Potential crisis recognition is the first step in responding to a disaster.
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172