Certified Cloud Security Professional – CCSP – Question406
The BIA can be used to provide information about all the following, except: A. BC/DR planning B. Risk analysis C. Secure acquisition D. Selection of security controls
Correct Answer: C
Explanation:
Explanation: The business impact analysis gathers asset valuation information that is beneficial for risk analysis and selection of security controls (it helps avoid putting the ten-dollar lock on the five-dollar bicycle), and criticality information that helps in BC/DR planning by letting the organization understand which systems, data, and personnel are necessary to continuously maintain. However, it does not aid secure acquisition efforts, since the assets examined by the BIA have already been acquired.
Please disable your adblocker or whitelist this site!