Certified Information Security Manager (CISM) — Question 576

An organization is developing a disaster recovery strategy and needs to identify each application's criticality so that the recovery sequence can be established.
Which of the following is the BEST course of action?

Answer options

• A. Restore the applications with the shortest recovery times first
• B. Document the data flow and review the dependencies
• C. Perform a business impact analysis (BIA) on each application
• D. Identify which applications contribute the most cash flow

Correct answer: C

Explanation

The best approach to understand the criticality of applications is to conduct a business impact analysis (BIA), as this provides insight into how each application affects the organization. Options A and D focus on recovery times and cash flow, which are important but do not directly assess the overall impact of application failure. Option B is useful for understanding dependencies but does not prioritize applications based on their criticality.