What is the primary purpose of a Business Impact Analysis (BIA)?

  1. Identify all known vulnerabilities in the organization
  2. Evaluate vendor security controls
  3. Create a comprehensive security awareness training plan
  4. Determine the impact of disruptions on critical business functions ✓

Correct answer: Determine the impact of disruptions on critical business functions

Option D is correct because a Business Impact Analysis identifies and quantifies the effects that disruptions to critical business functions would have on the organization, informing recovery time objectives, recovery point objectives, and continuity priorities. Option A is wrong because identifying vulnerabilities is the goal of vulnerability assessments and threat modeling, not a BIA. Option B is wrong because evaluating vendor security controls falls under third-party risk management or supply chain security reviews. Option C is wrong because creating security awareness training plans is a function of security education and training programs, which are separate from business continuity planning.

Topic: · business impact analysis, business continuity, cissp, risk management

Practice CISSP Questions Free