A DRP must be approved by senior management to remain valid. A major concern could be a DRP without necessary approval from management even though its well updated , Approval from designated authorities attests to the validity of the documents and its alignment to the organization objectives, policies and procedures.
The DRP has not been formally approved by senior management - Formal approval is important for ensuring that the DRP is supported at the highest levels of the organization. However, the lack of approval does not necessarily mean the plan is ineffective, whereas an outdated plan is inherently flawed.
While formal approval by senior management (option C) is also important for ensuring organizational support and commitment to the DRP, an outdated plan poses a more immediate risk as it may not accurately reflect the organization's current capabilities and requirements for disaster recovery. Therefore, ensuring that the DRP is updated following infrastructure changes should be of the greatest concern for an IS auditor.
While the formal approval of the DRP by senior management (option C) is important for governance and accountability, an outdated DRP poses a more immediate risk to the organization's ability to recover effectively from disasters. Senior management approval ensures commitment and support for the DRP, but an outdated plan undermines its operational effectiveness and reliability.
Therefore, ensuring that the DRP has been updated since an IT infrastructure upgrade should be of the GREATEST concern for an IS auditor reviewing an organization's disaster recovery plan.
I think its D. the GREATEST concern for an IS auditor reviewing an organization's disaster recovery plan is the absence of recovery procedures for critical systems other than just the critical servers. A comprehensive DRP should cover all critical systems and data to ensure effective business continuity and disaster recovery capabilities.
D means the DRP was never adapted and has gap in the scope.
A means DRP lost relevance over time, because the scope have not been adapted.
so D is worst, because it never worked, A worked, but not anymore
A DRP should cover not only critical servers but also critical business processes, applications, and data. Focusing only on critical servers may leave other important components of the organization vulnerable during a disaster. The adequacy of recovery procedures for critical business functions is crucial for business continuity.
It should be C as the DRP must be approved by senior management before it can be used to guide during a disaster.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
macksonj
1 month agoKAP2HURUF
4 months, 1 week agoSwallows
5 months, 3 weeks agoSwallows
4 months, 1 week ago001Yogesh
10 months, 3 weeks agoJONESKA
1 year, 4 months agoChaBum
8 months, 1 week agoSuperMax
1 year, 1 month agoPakawat
1 year, 6 months agoJag127
1 year, 9 months ago