A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s
database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum.
Which of the following documents is the CIO MOST likely updating?
Continuity of operation plan
Disaster recovery plan
Business impact analysis
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to
define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis
focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical
functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating
the tangible impact on the organization.