In the case of a major outage or business interruption, the security office has documented the expected
loss of earnings, potential fines and potential consequence to customer service. Which of the following
would include the MOST detail on these objectives?

A.
Business Impact Analysis

B.
IT Contingency Plan

C.
Disaster Recovery Plan

D.
Continuity of Operations

Explanation:
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to
define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysisfocuses on the impact a loss would have on the organization. A BIA comprises the following: identifying
critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss,
and estimating the tangible impact on the organization.
Incorrect Answers:
B: IT Contingency plan is usually part of the disaster recovery plan.
C: Disaster recovery plan usually deals with site relocation in the event of an emergency, natural disaster,
or service outage.
D: Continuity of operation plan refers to policies, processes and methods that an organization has to
follow to minimize the impact of failure of the key components needed for operations.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 29, 432