Certified Information Security Manager (CISM) — Question 191

Which of the following would BEST provide stakeholders with information to determine the appropriate response to a disaster?

Answer options

• A. Vulnerability assessment
• B. SWOT analysis
• C. Business impact analysis (BIA)
• D. Risk assessment

Correct answer: C

Explanation

The correct answer, Business impact analysis (BIA), is crucial as it helps stakeholders understand the potential effects of a disaster on business operations, allowing for informed decision-making. While vulnerability assessments identify weaknesses, SWOT analysis focuses on strengths and weaknesses without specific disaster context, and risk assessments evaluate potential risks but do not provide the detailed impact analysis necessary for response planning.