Certified Information Security Manager (CISM) — Question 259

Recovery time objectives (RTOs) are an output of which of the following?

Answer options

• A. Business continuity plan (BCP)
• B. Business impact analysis (BIA)
• C. Service level agreement (SLA)
• D. Disaster recovery plan (DRP)

Correct answer: B

Explanation

The correct answer is B, as recovery time objectives (RTOs) are determined during a Business Impact Analysis (BIA) to assess the potential impact of disruptions. Options A, C, and D do not specifically focus on identifying RTOs; rather, they address broader aspects of business continuity and service agreements.