Explanation
The recovery point objective (RPO) defines the maximum loss of data (in terms of time) acceptable by the business (i.e., age of data to be restored). It will directly determine the basic elements of the backup strategy frequency of the backups and what kind of backup is the most appropriate (disk-to-disk, on tape, mirroring).
The volume of data will be used to determine the capacity of the backup solution. The recovery time objective (RTO) - the time between disaster and return to normal operation - will not have any impact on the backup strategy. The availability to restore backups in a time frame consistent with the interruption window will have to be checked and will influence the strategy (e.g., full backup vs. incremental), but this will not be the primary factor.

The most useful source when planning a business-aligned information security program is a Business Impact Analysis (BIA). A BIA is a process of identifying and evaluating the potential effects of disruptions to an organization's operations, and helps to identify the security controls and measures that should be implemented to reduce the impact of those disruptions. The BIA should include an assessment of the organization's information security posture, including its security policies, risk register, and enterprise architecture. With this information, organizations can develop an information security program that is aligned to the organization's business objectives.

Explanation
The most appropriate information to communicate to senior management regarding information risk is the risk profile changes, which reflect the current level and nature of the risks that the organization faces. The risk profile changes can help senior management to understand the impact of the risks on the business objectives, the effectiveness of the risk management strategy, and the need for any adjustments or improvements. The risk profile changes can also help senior management to prioritize the allocation of resources and to make informed decisions.
References = CISM Review Manual, 16th Edition eBook1, Chapter 2: Information Risk Management, Section:
Risk Communication, Subsection: Risk Reporting, Page 97.