Certified Information Security Manager (CISM) — Question 404

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Answer options

• A. Confirm control effectiveness.
• B. Determine recovery priorities.
• C. Define the recovery point objective (RPO).
• D. Analyze vulnerabilities.

Correct answer: B

Explanation

The primary objective of a business impact analysis (BIA) is to determine recovery priorities, which helps organizations understand which functions are critical and need to be restored first after a disruption. The other options, while important, are secondary goals; confirming control effectiveness, defining RPO, and analyzing vulnerabilities are part of a comprehensive risk management strategy but do not focus on recovery priorities.