Discover the most critical concern for a risk practitioner reviewing an organization’s disaster recovery plan. Learn about risk scenarios, call lists, hot sites, and application recovery priorities.
Table of Contents
Question
Which of the following should be of GREATEST concern to a risk practitioner reviewing an organization’s disaster recovery plan (DRP)?
A. Risk scenarios used for the plan were last tested two years ago.
B. The call list in the plan was last updated a year ago.
C. The disaster recovery plan (DRP) does not identify a hot site.
D. The IT steering committee determined the application recovery priorities.
Answer
A risk practitioner should be most concerned about the risk scenarios used for the disaster recovery plan (DRP) being last tested two years ago (Option A).
Explanation
A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect an organization’s IT infrastructure in the event of a disaster. The effectiveness of a DRP heavily relies on the accuracy and relevance of the risk scenarios used to develop and test the plan.
Risk scenarios are hypothetical events that could potentially disrupt an organization’s operations. These scenarios form the foundation for developing and testing a DRP. If the risk scenarios are outdated or have not been tested for an extended period (in this case, two years), the DRP may not adequately address the organization’s current risks and vulnerabilities.
Here’s why the other options are less concerning:
B. The call list being last updated a year ago is less critical than outdated risk scenarios. While having an up-to-date call list is important for effective communication during a disaster, it can be easily updated and does not directly impact the DRP’s effectiveness in addressing current risks.
C. The absence of a hot site in the DRP is not as concerning as outdated risk scenarios. A hot site is a backup facility that allows an organization to quickly resume operations after a disaster. While having a hot site is beneficial, alternative recovery strategies can be employed, such as using a warm site or a cold site.
D. The IT steering committee determining the application recovery priorities is not a significant concern. In fact, it is a good practice for the IT steering committee to be involved in prioritizing the recovery of critical applications based on the organization’s business needs.
In conclusion, a risk practitioner should be most concerned about the outdated risk scenarios used in the DRP. Regularly updating and testing risk scenarios ensures that the DRP remains effective in addressing the organization’s current risks and vulnerabilities, ultimately minimizing the impact of a disaster on the organization’s operations.
ISACA CRISC certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CRISC exam and earn ISACA CRISC certification.