Systems Security Certified Practitioner – SSCP – Question0507
Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA): A. Notifying senior management of the start of the assessment. B. Creating data gathering techniques. C. Identifying critical business functions. D. Calculating the risk for each different business function.
Correct Answer: A
Explanation:
Source: HARRIS, S., CISSP All-In-One Exam Guide, 3rd. Edition, 2005, Chapter 9, Page 701.
There have been much discussion about the steps of the BIA and I struggled with this before deciding to scrape the question about “the four steps,” and re-write the question using the AIO for a reference. This question should be easy…. if you know all eight steps.
The eight detailed and granular steps of the BIA are:
1. Select Individuals to interview for the data gathering.
2. Create data gathering techniques (surveys, questionnaires, qualitative and quantitative approaches).
3. Identify the company’s critical business functions.
4. Identify the resources that these functions depend upon.
5. Calculate how long these functions can survive without these resources.
6. Identify vulnerabilities and the threats to these functions.
7. Calculate risk for each of the different business functions. 8. Document findings and report them to management.
Shon goes on to cover each step in Chapter 9.
Please disable your adblocker or whitelist this site!