In the case of a major outage or business interruption, the security office has documented the expected loss of
earnings, potential fines and potential consequence to customer service. Which of the following would include
the MOST detail on these objectives?
Business Impact Analysis
IT Contingency Plan
Disaster Recovery Plan
Continuity of Operations
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to
define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis
focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical
functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating
the tangible impact on the organization.