A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach
could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?

A.
Succession plan

B.
Continuity of operation plan

C.
Disaster recovery plan

D.
Business impact analysis

Explanation:
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned
with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical

functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.
Incorrect Answers:
A: Succession planning outlines those internal to the organization who have the ability to step into positions when they open.
B: Continuity of operation plan refers to policies, processes and methods that an organization has to follow to minimize the impact of failure of the key components
needed for operations.
C: Disaster recovery plan usually deals with site relocation in the event of an emergency, natural disaster, or service outage.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 29, 432