Certified Information Security Manager (CISM) — Question 211

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

Answer options

• A. Incident response plan
• B. Disaster recovery plan (DRP)
• C. Business contingency plan
• D. Business continuity plan (BCP)

Correct answer: D

Explanation

The Business Continuity Plan (BCP) is designed specifically to maintain operations during and after a disaster, making it the correct choice. The Incident Response Plan focuses on immediate responses to incidents, while the Disaster Recovery Plan (DRP) is concerned with restoring systems after a disruption. The Business Contingency Plan is less comprehensive than a BCP in terms of maintaining ongoing operations.