第六章 灾难恢复及业务连续性计划.docVIP

第六章：灾难恢复与业务连续性计划 C6-1 During an audit, an IS auditor notes that an organizations business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include: A .the level of information security required when business recovery procedures are invoked. B. information security roles and responsibilities in the crisis management structure. C. information security resource requirements. D. change management procedures for information security that could affect business continuity arrangem