CISSP-ISSMP Question #222: Real Exam Question with Answer & Explanation

Question

Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a document to be used to help understand what impact a disruptive event would have on the business. The impact might be financial or operational. Which of the following are the objectives related to the above phase in which Mark is involved? Each correct answer represents a part of the solution. Choose three.

Options

• AResource requirements identification
• BCriticality prioritization
• CDown-time estimation
• DPerforming vulnerability assessment

Explanation

The main objectives of Business Impact Assessment (BIA) are as follows: Criticality prioritization: the entire critical business unit processes must be identified and prioritized, and the impact of a disruptive event must be evaluated. The non-time-critical business processes will need a lower priority rating for recovery than time-critical business processes. Down-time estimation: The Maximum Tolerable Downtime (MTD) is estimated with the help of BIA, which the business can tolerate and still remain a viable company. For this reason, the longest period of time a critical process can remain interrupted before the company can never recover. It is often found that this time period is much shorter than estimated during the BIA process. This means that the company can tolerate only a much briefer period of interruption than was previously thought. Resource requirements identification: The identification of the required resources for the critical processes is also performed at this time, with the most time sensitive processes receiving the most resource allocation. Answer option D is incorrect. This is the invalid answer because performing vulnerability assessment is a step taken by BIA to achieve the above mentioned goals.

No community discussion yet for this question.