CERTIFIED-IN-CYBERSECURITY Question #442: Real Exam Question with Answer & Explanation

Question

In the context of business continuity planning (BCP), which of the following is an effective strategy for mitigating the risk of data loss?

Options

• APeriodic training on emergency procedures
• BEnforcing a robust cyber insurance policy
• CRestricting employee access to business premises
• DRegular backup of data and systems in multiple dispersed geographical locations

Explanation

Regularly backing up data and systems to multiple, geographically dispersed locations is an effective strategy for mitigating the risk of data loss (see ISC2 Study Guide Chapter 2, Module 2). This strategy ensures that data is stored in multiple locations, providing a safety net in the event that one location is compromised. For example, an organization may store its data on servers located in different countries. Then, when a natural disaster destroys the data center where that server is located, the data is still safe and accessible from the servers in the other countries. As for the remaining options, while they can be part of a comprehensive cybersecurity plan, they do not directly mitigate the risk of data loss. Implementing a robust cyber insurance policy, while beneficial in covering the financial losses associated with a data breach, does not directly prevent data loss. It is a reactive measure, not a proactive one. On the other hand, regular training on emergency procedures prepares employees to respond to data loss incidents, but does not prevent the incidents from occurring. Finally, restricting employee access to business premises can reduce the risk of unauthorized access to sensitive data. However, it does not protect against data loss from other sources, such as system failures or cyber-attacks

No community discussion yet for this question.