CERTIFIED-IN-CYBERSECURITY Question #526: Real Exam Question with Answer & Explanation

Question

What is a Business Impact Analysis (BIA)?

Options

• AA checklist used by managers before a critical intervention
• BA systematic process to evaluate the potential effects of an interruption to critical business
• CA proactive development of procedures to restore critical business operations after a disaster
• DA document that systematizes the disturbance in the business caused by a critical security event

Explanation

A Business Impact Analysis (BIA) is a systematic process for identifying and evaluating the potential impact of an interruption to critical business operations as part of business continuity planning (see ISC2 Study Guide, Chapter 2, Module 2). A BIA helps identify and prioritize the critical business functions affected by a disaster, facilitating recovery and maintaining business operations. For example, suppose an IT company conducts a BIA and determines that the loss of data center operations could disrupt its business for an extended period of time. Based on this conclusion from the BIA, the company would then plan for an alternate data center and create processes to restore operations should the primary data center fail. The remaining options do not define exactly what a business impact analysis is. One option defines BIA as the development of recovery procedures, which is part of disaster recovery, not BIA. Another option refers to the disruption caused by a disruptive event, not a BIA. Disruptive events are what BIA prepares for, not the analysis itself. Finally, another option describes a checklist before a critical intervention, which may be part of incident response planning or crisis management, but is different from the

No community discussion yet for this question.