Certified Information Security Manager (CISM) — Question 1034

At which stage of business continuity planning is risk identification performed?

Answer options

• A. Impact analysis
• B. Stakeholder meeting
• C. Development
• D. Project planning

Correct answer: A

Explanation

Risk identification is a critical component of the impact analysis phase, where potential threats and vulnerabilities are assessed to understand their implications on business operations. The other options, such as stakeholder meetings, development, and project planning, are focused on different aspects of the business continuity process and do not specifically emphasize risk identification.