Certified Information Security Manager (CISM) — Question 1191

A business impact analysis (BIA) should be periodically executed PRIMARILY to:

Answer options

• A. verify the effectiveness of controls.
• B. check compliance with regulations.
• C. validate vulnerabilities on environmental changes.
• D. analyze the importance of assets.

Correct answer: D

Explanation

The primary purpose of a business impact analysis (BIA) is to analyze the importance of assets to the organization. While verifying controls, ensuring regulatory compliance, and assessing vulnerabilities are important tasks, they are not the main focus of a BIA, which is centered on understanding asset significance.