Certified Chief Information Security Officer (CCISO) — Question 187

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

Answer options

• A. Conduct a Disaster Recovery (DR) exercise every year to test the plan
• B. Conduct periodic tabletop exercises to refine the BC plan
• C. Test every three years to ensure that the BC plan is valid
• D. Define the Recovery Point Objective (RPO)

Correct answer: B

Explanation

Option B is correct because conducting periodic tabletop exercises allows the organization to refine and improve the BC plan through simulated scenarios. Option A is less effective as it focuses solely on Disaster Recovery rather than overall Business Continuity. Option C's three-year testing interval may not be frequent enough to ensure the BC plan remains relevant. Option D is important, but it does not encompass the comprehensive testing and refinement needed for a robust BC plan.