CISSP Question #1311: Real Exam Question with Answer & Explanation

Question

All of the following items should be included in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Options

• Adetermine the risk of a business interruption occurring
• Bdetermine the technological dependence of the business processes
• CIdentify the operational impacts of a business interruption
• DIdentify the financial impacts of a business interruption

Explanation

A Business Impact Analysis (BIA) focuses on the consequences and effects of a disruption, not on the likelihood of one occurring. Risk probability assessment is a separate function belonging to risk analysis, not the BIA.

Common mistakes.

• B. Identifying technological dependencies of business processes is a standard BIA component, as it helps determine which IT systems and infrastructure are critical to operations and must be recovered to restore business functions.
• C. Identifying operational impacts - such as loss of productivity, inability to deliver services, or staffing disruptions - is a core purpose of the BIA questionnaire and directly informs recovery priorities.
• D. Quantifying financial impacts, such as lost revenue, contractual penalties, or increased costs resulting from a disruption, is a fundamental objective of the BIA and is used to justify recovery investments and set recovery time objectives.

Concept tested. Business Impact Analysis scope versus risk assessment

Reference. https://www.ready.gov/business-impact-analysis

No community discussion yet for this question.