Certified Information Systems Auditor (CISA) — Question 219

A bank’s transactional services are exclusively conducted online via Internet and mobile banking. Both its primary and disaster recovery sites are supported by the same Internet service provider (ISP). Which of the following is the BEST way for the bank to minimize risk in this situation?

Answer options

• A. Conduct incremental backups of transactional data every two hours.
• B. Conduct real-time data synchronization between the primary and disaster recovery sites.
• C. Revise the current contract to require 99.99% connection availability with the current ISP.
• D. Establish a contractual agreement with a second ISP to cover connection to the disaster recovery site

Correct answer: D

Explanation

The best option is D because having a second ISP provides redundancy and ensures that the disaster recovery site can remain operational even if the primary ISP fails. Options A and B do not directly address the ISP dependency issue, while option C may not sufficiently mitigate the risk of a single point of failure.