A business impact assessment is one element in business continuity planning. What are the three primary
goals of a BIA?
A.
Data processing continuity planning, data recovery plan maintenance, and testing the disaster recovery
plan.
B.
Scope and plan initiation, business continuity plan development, and plan approval and implementation.
C.
Facility requirements planning, facility security management, and administrative personnel controls.
D.
Criticality prioritization, downtime estimation, and resource requirements.
Explanation:
The first business impact assessment (BIA) task facing the BCP team is identifying business priorities. The
second quantitative measure that the team must develop is the maximum tolerable downtime (MTD). The final
step of the BIA is to prioritize the allocation of business continuity resources to the various risks that you
identified and assessed in the preceding tasks of the BIA.
Incorrect Answers:
A: Continuity planning and data recovery planning are not part of the BIA.
B: Business continuity plan development is not part of the BIA.
C: Facility planning is not part of the BIA.Stewart, James M., Ed Tittel, and Mike Chapple, CISSP: Certified Information Systems Security Professional
Study Guide, 5th Edition, Sybex, Indianapolis, 2011, p. 623-624