Which of the following would BEST provide stakeholders with information to determine the appropriate response to a disaster?
Which of the following would BEST provide stakeholders with information to determine the appropriate response to a disaster?
A Business Impact Analysis (BIA) is crucial for determining the appropriate response to a disaster as it identifies critical business processes, the interdependencies between them, the resources required for their operation, and the impacts of their disruption on the organization. This information is essential for stakeholders to prioritize recovery efforts and allocate resources effectively to minimize downtime and maintain business continuity. Although risk assessment and vulnerability assessment are important, the BIA directly addresses the impact and response planning, making it the best choice for disaster response information.
I think the question is intentionally tricky here. There is no question that BIA is big part of the DR/BCP plan. But it's used to identify Criticality of systems and RTOs based on that. The question is particular is asking what will help to decide the "response". To know how to act you need to know what the threat is or what the risk is. So for me it's Risk assessment.
I usually agree with you , but IMO you're reading into question too much. :) BIA is used to determine what's critical for business to operate and costs associated with it (downtime costs and recovery costs such as activating BCP). So BIA (C) should be the answer here.
Answer is C IMO too.
BIA is used for BCP.
A business impact analysis (BIA) is used to identify an organization’s business processes, the interdependencies between processes, the resources required for process operation, and the impact on the organization if any business process is incapacitated for a time. A BIA is a cornerstone of a business continuity and disaster recovery Gregory, Peter H.; Gregory, Peter H.. CISM Certified Information Security Manager Bundle (p. 124). McGraw Hill LLC. Kindle Edition.
In summary, while both the BIA and risk assessment have their significance in disaster preparedness and response, the BIA is particularly useful for determining the appropriate response to a disaster by providing stakeholders with essential information about critical processes, recovery priorities, and resource allocation.
Agree that this should be C. See Carl's comments below.
C. Business impact analysis (BIA)
Which of the following would BEST provide stakeholders with information to determine the appropriate RESPONSE to a disaster? 1. Vulnerability or threat by themselves cannot provide the complete picture of the risk (rules out A) 2. Impact or likelihood by themselves cannot provide the complete picture of the risk (rules out C) 3. B has no place in this discussion Risk management output is "cost-effective response to risk such that residual risk is within acceptable limits". This cannot be done without the complete picture of the risk profile, only possible through risk assessment.
Key word is " response" .