Certified Information Systems Auditor (CISA) — Question 284

Which of the following is the PRIMARY objective of cyber resiliency?

Answer options

• A. To efficiently and effectively recover from an incident with limited operational impact
• B. To prevent potential attacks or disruptions in operations
• C. To limit the severity of security breaches and maintain continuous operations
• D. To resume normal operations after service disruptions

Correct answer: C

Explanation

The correct answer, C, focuses on minimizing the impact of security incidents while ensuring that operations can continue, which is the core of cyber resiliency. Option A is more about recovery rather than ongoing operational continuity, B emphasizes prevention which is not the primary objective of resiliency, and D pertains to restoration rather than the ongoing maintenance of operations during an incident.