CISA Certified Information Systems Auditor – Question1741

As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis?

A.
Organizational risks, such as single point-of-failure and infrastructure risk
B. Threats to critical business processes
C. Critical business processes for ascertaining the priority for recovery
D. Resources required for resumption of business

Correct Answer: C

Explanation:

Explanation:
The identification of the priority for recovering critical business processes should be addressed first. Organizational risks should be identified next, followed by the identification of threats to critical business processes. Identification of resources for business resumption will occur after the tasks mentioned.