Certified Information Security Manager (CISM) — Question 210

Which of the following defines the triggers within a business continuity plan (BCP)?

Answer options

• A. Disaster recovery plan (DRP)
• B. Needs of the organization
• C. Information security policy
• D. Gap analysis

Correct answer: B

Explanation

The needs of the organization are essential in defining the triggers for a BCP, as they determine what scenarios require a response. The Disaster Recovery Plan (DRP), while important, focuses more on recovery strategies rather than identifying triggers. The information security policy and gap analysis are related to overall security and performance assessments but do not specifically define BCP triggers.