Certified Information Systems Security Professional (CISSP) — Question 266

What is the MINIMUM standard for testing a disaster recovery plan (DRP)?

Answer options

• A. Quarterly or more frequently depending upon the advice of the information security manager
• B. As often as necessary depending upon the stability of the environment and business requirements
• C. Annually or less frequently depending upon audit department requirements
• D. Semi-annually and in alignment with a fiscal half-year business cycle

Correct answer: B

Explanation

Option B is correct because it emphasizes the need for testing based on the specific conditions of the environment and business needs, allowing for flexibility. The other options suggest fixed schedules which may not be appropriate for all organizations, potentially leading to inadequate testing in dynamic environments.