CISM Certified Information Security Manager – Question0307

To ensure that payroll systems continue on in an event of a hurricane hitting a data center, what would be the FIRS T crucial step an information security manager would take in ensuring business continuity planning?

A.
Conducting a qualitative and quantitative risk analysis.
B. Assigning value to the assets.
C. Weighing the cost of implementing the plan vs. financial loss.
D. Conducting a business impact analysis (BIA).

Correct Answer: D

Explanation:

Explanation:
BIA is an essential component of an organization’s business continuity plan; it includes an exploratory component to reveal any vulnerabilities and a planning component to develop strategies for minimizing risk. It is the first crucial step in business continuity planning. Qualitative and quantitative risk analysis will have been completed to define the dangers to individuals, businesses and government agencies posed by potential natural and human-caused adverse events. Assigning value to assets is part of the BIA process. Weighing the cost of implementing the plan vs. financial loss is another part of the BIA.