Certified Information Systems Security Professional (CISSP) — Question 127

During a disruptive event, which security continuity objectives will maintain an organization’s information security to a predetermined level?

Answer options

• A. Disaster recovery plan (DRP)
• B. Impact assessment report
• C. Information security continuity plan
• D. Business continuity plan (BCP)

Correct answer: C

Explanation

The Information Security Continuity Plan (C) is specifically designed to ensure that information security measures are maintained during disruptions. While the Disaster Recovery Plan (A) and Business Continuity Plan (D) are important for overall recovery and continuity, they do not focus exclusively on information security. The Impact Assessment Report (B) helps in understanding risks but does not directly maintain security objectives.