Certified Information Security Manager (CISM) — Question 726

The MOST appropriate time to conduct a disaster recovery test would be after:

Answer options

• A. the security risk profile has been reviewed.
• B. major business processes have been redesigned.
• C. the business continuity plan (BCP) has been updated.
• D. noncompliance incidents have been filed.

Correct answer: C

Explanation

Conducting a disaster recovery test is most effective after updating the business continuity plan (BCP) because the test should reflect the latest strategies and protocols. Options A, B, and D do not directly relate to the readiness and currency of the BCP, which is critical for an effective disaster recovery test.