Certified Information Security Manager (CISM) — Question 329

Which of the following should be of MOST concern to an information security manager reviewing the organization’s disaster recovery plan (DRP)?

Answer options

• A. Organization wide training for disaster recovery has not occurred.
• B. The response team has contracted with an external consultant to support testing activities.
• C. Six months have elapsed since the most recent test of the response plan.
• D. The response plan document has not been updated with the latest notification list details.

Correct answer: D

Explanation

The correct answer, D, is crucial because an updated notification list is essential for effective communication during a disaster. If the list is outdated, it could lead to delays or failures in response efforts. While options A, B, and C are important, they do not directly impact the immediate effectiveness and clarity of the response plan as much as the notification list does.