During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization.
Which of the following should be recommended as the PRIMARY factor to determine system criticality?
A . Key performance indicators (KPIs)
B . Maximum allowable downtime (MAD)
C . Recovery point objective (RPO)
D . Mean time to restore (MTTR)
Answer: B
Explanation:
The primary factor to determine system criticality within an organization is the maximum allowable downtime (MAD). MAD is the maximum time frame during which recovery must become effective before an outage compromises the ability of an organization to achieve its business objectives and/or survival. MAD reflects the business impact of a system outage on the organization’s operations, reputation, compliance, and finances. MAD can help to prioritize system recovery efforts, allocate resources, and establish recovery objectives.
Latest CISA Dumps Valid Version with 2694 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund