Certified Information Security Manager (CISM) — Question 181

When building support for an information security program, which of the following elements is MOST important?

Answer options

• A. Business impact analysis (BIA)
• B. Identification of existing vulnerabilities
• C. Threat analysis
• D. Information risk assessment

Correct answer: A

Explanation

The Business Impact Analysis (BIA) is crucial as it helps in understanding the potential effects of disruptions on business operations, allowing for better prioritization of security efforts. While identifying vulnerabilities, conducting threat analysis, and performing risk assessments are all important, they are secondary to understanding the business impact, which informs the entire security strategy.