Certified Information Security Manager (CISM) — Question 1194

Which of the following is MOST important for an information security manager to consider when developing a business continuity plan (BCP) for ransomware attacks?

Answer options

• A. Backups are maintained on multiple sites and regularly reviewed.
• B. Impacted networks can be detached at the network switch level.
• C. Backups are maintained offline and regularly tested.
• D. Production data is continuously replicated between primary and secondary sites.

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of keeping backups offline and ensuring they are regularly tested, which is crucial in safeguarding against ransomware. Option A, while important, does not address the necessity of being offline, and options B and D focus on network isolation and data replication, which do not directly mitigate the effects of ransomware. Having offline backups is essential for recovery without risking further infection.