CompTIA CASP+ (CAS-003) — Question 75

A Chief Information Security Officer (CISO) is developing a new BIA for the organization. The CISO wants to gather requirements to determine the appropriate
RTO and RPO for the organization's ERP. Which of the following should the CISO interview as MOST qualified to provide RTO/RPO metrics?

Answer options

• A. Data custodian
• B. Data owner
• C. Security analyst
• D. Business unit director
• E. Chief Executive Officer (CEO)

Correct answer: D

Explanation

The Business Unit Director is most qualified to provide RTO/RPO metrics as they have a comprehensive understanding of the business processes and the criticality of the ERP system to operational continuity. The other roles, such as Data Custodian and Security Analyst, may have technical knowledge but lack the strategic insight needed to define recovery objectives effectively.