Certified Information Security Manager (CISM) — Question 140

Which of the following should be the GREATEST consideration when determining the recovery time objective (RTO) for an in-house critical application, database, or server?

Answer options

• A. Direction from senior management
• B. Results of recovery testing
• C. Determination of recovery point objective (RPO)
• D. Impact of service interruption

Correct answer: D

Explanation

The correct answer is D, as the impact of service interruption directly influences how quickly a system must be restored to minimize damage. While direction from management, recovery testing results, and RPO are important, they are secondary to understanding the consequences of downtime on the business.