Question

A Chief Information Security Officer (CISO) has created a survey that will be distributed to managers of mission-critical functions across the organization. The survey requires the managers to determine how long their respective units can operate in the event of an extended IT outage before the organization suffers monetary losses from the outage.

To which of the following is the survey question related? (Choose two.)

A. Risk avoidance
B. Business impact
C. Risk assessment
D. Recovery point objective
E. Recovery time objective
F. Mean time between failures

Answer 1

The CISO's survey is chiefly related to assessing Business impact and determining the Recovery Time Objective, which are essential in disaster recovery and business continuity planning.

Step-by-step explanation:

The survey question created by the Chief Information Security Officer (CISO) is related to the Business impact and Recovery Time Objective (RTO). Business impact refers to the consequences the organization would face, such as monetary losses, during an extended IT outage. Recovery Time Objective is a critical metric in disaster recovery and business continuity planning, indicating the maximum amount of time a system can be offline before severe impacts are felt by the business. The survey aims to assess the tolerance for downtime and align the necessary resources to mitigate potential risks.

The information obtained from the survey is instrumental in risk assessment as it provides valuable data on how business functions are affected by IT disruptions. Having a clear understanding of the RTO will guide the CISO and the organization in developing strategies to ensure timely recovery of mission-critical functions, hence minimizing the business impact and potentially avoiding catastrophic financial losses.