Notable Step in Business Impact Analysis (BIA)

A.

Selecting and Alternate Site would not be done within the initial BIA.It would be done at a later stage of the BCP and DRP recovery effort.All of the other choices were steps that would be conducted during the BIA.See below the list of steps that would be done during the BIA.

A BIA (business impact analysis ) is considered a functional analysis, in which a team collects data through interviews and documentary sources; documents business functions, activities, and transactions ; develops a hierarchy of business functions; and finally applies a classification scheme to indicate each individual functions criticality level.

BIA Steps - 1

Select individuals to interview for data gathering.

2

Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches)

3

Identify the companys critical business functions.

4

Identify the resources these functions depend upon.

5

Calculate how long these functions can survive without these resources.

6

Identify vulnerabilities and threats to these functions.

7

Calculate the risk for each different business function.

8

Document findings and report them to management.

Reference(s) used for this question: Harris, Shon (2012-10-18)

CISSP All-in-One Exam Guide, 6th Edition (p.

905-909)

McGraw-Hill.

Kindle Edition.

The Business Impact Analysis (BIA) is a critical step in the development of a comprehensive Business Continuity Plan (BCP). It is a process that identifies and evaluates the potential effects (financial, operational, and/or reputational) of a disruption to an organization's critical business functions. The BIA helps an organization determine the criticality of various business functions, prioritize recovery efforts, and determine the resources required for business continuity.

Out of the options provided, the step that is not conducted during the Business Impact Analysis (BIA) is A. Alternate site selection. Alternate site selection is a step that is part of the Disaster Recovery Plan (DRP) process, not the BIA process. The DRP is a subset of the overall BCP, and it involves the selection of an alternate site to resume critical business functions in the event of a disruption to the primary site.

The other options, B, C, and D, are all steps that are conducted during the BIA process:

B. Create data-gathering techniques: This step involves developing a set of tools and methods to collect the necessary data to perform the BIA. Data-gathering techniques can include surveys, interviews, questionnaires, and observations.

C. Identify the company's critical business functions: This step involves identifying the critical business functions of the organization, which are the functions that are essential to the continued operation of the organization. This includes identifying the dependencies between various business functions.

D. Select individuals to interview for data gathering: This step involves identifying the individuals within the organization who have the knowledge and expertise to provide the necessary information to perform the BIA. These individuals can include managers, employees, and subject matter experts.

In summary, the step that is not conducted during the Business Impact Analysis (BIA) is A. Alternate site selection, as it is part of the Disaster Recovery Plan (DRP) process, not the BIA process. The other steps conducted during the BIA process include creating data-gathering techniques, identifying the company's critical business functions, and selecting individuals to interview for data gathering.