Certified Information Security Manager (CISM) — Question 733

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

Answer options

• A. Legal and regulatory requirements
• B. Likelihood of a disaster
• C. Organizational tolerance to service interruption
• D. Geographical location of the backup site

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of understanding how much service interruption an organization can endure, which directly influences recovery strategies. While legal requirements and disaster likelihood are important, they do not outweigh the necessity of aligning recovery efforts with the organization's tolerance for downtime. The geographical location of the backup site, although relevant, is less critical than the organization's overall service continuity priorities.