IT Examiner School

Common Exam Themes, Findings & Weaknesses

Internally developed applications are not subject to periodic audit or penetration testing.

Data classification, handling, and destruction standards are not formally defined.

No formal plans for addressing End-of-Life (EOL) assets.

Common Exam Themes, Findings & Weaknesses Disaster Recovery & Business Continuity Plans • Are not based on a comprehensive BIA & risk assessment • Are IT-Centric & do not address enterprise-wide recovery strategies • Do not establish reasonable & measurable recovery metrics to prioritize process recovery • Place considerable reliance on third-party providers to ensure timely recovery • Not tested at least annually to ensure key recovery metrics can be achieved; may be limited to “table-top” testing • DR/BCP training not provided to employees / plans are not reviewed at least annually for required updates