Certified Chief Information Security Officer (CCISO) — Question 25

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.
Which of the following standards and guidelines can BEST address this organization's need?

Answer options

• A. International Organization for Standardizations ג€" 22301 (ISO-22301)
• B. Information Technology Infrastructure Library (ITIL)
• C. Payment Card Industry Data Security Standards (PCI-DSS)
• D. International Organization for Standardizations ג€" 27005 (ISO-27005)

Correct answer: A

Explanation

ISO-22301 is specifically designed for establishing, implementing, and managing effective business continuity and disaster recovery processes, making it the best fit for the organization's needs. ITIL focuses on IT service management, while PCI-DSS is concerned with payment data security, and ISO-27005 deals with information security risk management, none of which directly address business continuity and disaster recovery.