During an exit meeting, an IS auditor highlights that backup cycles are being missed due to operator error and that these exceptions are not being managed.
Which of the following is the BEST way to help management understand the associated risk?
During an exit meeting, an IS auditor highlights that backup cycles are being missed due to operator error and that these exceptions are not being managed.
Which of the following is the BEST way to help management understand the associated risk?
If backups are missed due to operator error and the exceptions are not being managed, the primary risk is to disaster recovery. Backups are a critical part of the disaster recovery plan, as they ensure data can be restored in case of a catastrophic event. Explaining the impact to disaster recovery will help management understand that missed backups could lead to loss of critical data, severely affecting the organization's ability to recover from severe disruptions.
B. Explain the impact to disaster recovery.
While incident management (option D) is also important, it typically focuses on responding to and resolving security incidents or operational disruptions as they occur. In this scenario, the focus is on preventing incidents by ensuring proper backup procedures are followed to maintain data integrity and availability, which aligns more closely with disaster recovery concerns.