第六章灾难恢复与业务连续性计划VIP专享VIP免费

第六章：灾难恢复与业务连续性计划 C6-1 During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include: A .the level of information security required when business recovery procedures are invoked. B. information security roles and responsibilities in the crisis management structure. C. information security resource requirements. D. change management procedures for information security that could affect business continuity arrangements. 6-1 在审计中，一个IS 审计师注意到一个组织的业务持续计划不能适当解决恢复过程中的信息机密性。这个IS 审计师应该推荐计划被修改： A.当业务恢复进程被启用时信息安全所需要的层次 B.在危机管理架构中的信息安全角色和责任 C.信息安全资源需求 D.信息安全的改变管理进程可能会影响业务持续安排 A Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis need to be identified. The other choices do not directly address the information confidentiality issue. 答案 A 解析：.业务应该考虑是否在恢复时需要相同的安全级别，或者比平时的低或者高。特别的是，一些在紧急时候访问加密数据的规则需要被辨识。其他选项并不直接解决信息机密性问题。 C6-2 During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site's server is slow. To find the root cause of this, the IS auditor should FIRST review the: A. event error log generated at the disaster recovery site. B. disaster recovery test plan. C. disaster recovery plan (DRP). D. configurations and alignment of the primary and...