Mark works as a security manager for SoftTech Inc. He is involved in the BIA phase to create a
document to be used to help understand what impact a disruptive event would have on the
business. The impact might be financial or operational. Which of the following are the objectives
related to the above phase in which Mark is involved?
Each correct answer represents a part of the solution. Choose three.
A.
Resource requirements identification
B.
Criticality prioritization
C.
Down-time estimation
D.
Performing vulnerability assessment
Explanation:
The main objectives of Business Impact Assessment (BIA) are as follows:
Criticality prioritization: the entire critical business unit processes must be identified and prioritized,
and the impact of a disruptive event must be evaluated. The non-time-critical business processes will
need a lower priority rating for recovery than time-critical business processes.
Down-time estimation: The Maximum Tolerable Downtime (MTD) is estimated with the help of BIA,
which the business can tolerate and still remain a viable company. For this reason, the longest
period of time a critical process can remain interrupted before the company can never recover. It is
often found that this time period is much shorter than estimated during the BIA process. This means
that the company can tolerate only a much briefer period of interruption than was previously
thought.
Resource requirements identification: The identification of the required resources for the critical
processes is also performed at this time, with the most time sensitive processes receiving the most
resource allocation.Answer option D is incorrect. This is the invalid answer because performing vulnerability assessment
is a step taken by BIA to achieve the above mentioned goals.