Certified Information Systems Security Professional (CISSP) — Question 371

What is the MAIN purpose of conducting a business impact analysis (BIA)?

Answer options

• A. To determine the cost for restoration of damaged information system
• B. To determine the controls required to return to business critical operations
• C. To determine the critical resources required to recover from an incident within a specified time period
• D. To determine the effect of mission-critical information system failures on core business processes

Correct answer: D

Explanation

The correct answer, D, highlights the importance of understanding how failures in crucial systems affect core business operations. Options A, B, and C focus on restoration costs, required controls, and recovery resources, which are important but do not address the primary goal of a BIA, which is to assess the broader impact on business processes.