Certified Information Security Manager (CISM) — Question 1009

The resilience requirements of an application are BEST determined by:

Answer options

• A. a cost-benefit analysis.
• B. a threat assessment.
• C. a business impact analysis (BIA).
• D. a risk assessment.

Correct answer: C

Explanation

A business impact analysis (BIA) effectively identifies the potential effects of disruptions on business operations, making it the ideal method for determining resilience requirements. While a cost-benefit analysis, threat assessment, and risk assessment provide important insights, they do not specifically focus on the impact of disruptions like a BIA does.