Exam CISSP topic 1 question 337 discussion

A business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency. A business impact analysis (BIA) predicts the consequences of a disruption or outage of a business function, system or process and gathers information needed to develop recovery strategies.

Conducting the Business Impact Analysis (BIA) The next step in the planning process is to have the planning team perform a BIA. The BIA will help the company decide what needs to be recovered, and how quickly. Mission functions are typically designated with terms such as critical, essential, supporting, and nonessential to help determine the appropriate prioritization. I will go with C

BIA is not made for infosec systems. answer is D

Interesting everyone went with D. The problem I have with answer d is that it mentions Information systems when a bia is about all business processes. I honestly think C is a better answer. Why do you identify critical processes? its for part 2(identify resource requirements) and 3(identify recovery priorities) of the BIA process. Ultimately, part 1 feeds into part 2. Everyone can claim their system is the most critical but once faced with how much recovery costs would be, this often changes. The critical outcomes of BIA will be a series of time measurements: MTD, RTO, RPO, WRT. None of the other BCP planing steps can be done without these values. Infact the MTD is what escalates incident to being a disaster

Failures on core business processes sounds like it could have a huge impact on the business.

Going with "D" on this one. Option "C" falls more towards the DR aspect of BIA.