The BIA is a valuable tool that can help identify critical systems and resources. Once they have been identified, the MAO time for resources can then be identified. The impact of the outage and the MAO is then used to determine recovery priorities. Some systems may need to be up and operational almost immediately after a disaster, whereas other systems can be down for days at a time.
Two important terms related to the BIA are the recovery time objective (RTO) and recovery point objective (RPO). The RTO helps identify systems that are time critical, and the RPO helps identify systems that hold data that is mission critical.
The ________ identifies the maximum acceptable downtime for a system.
Which of the following can determine what functions are considered critical business functions?
Clients
Stakeholders
Project team
Chief technology officer
The BIA is a part of the ________.
What defines the boundaries of a business impact analysis?
MAO
BCP
Recovery objectives
Scope
What are two objectives of a BIA? (Select two.)
Identifying minimum acceptable outage
Documenting new policy
Identifying critical resources
Identifying critical business functions
In developing a BIA, when calculating the costs to determine the impact of an outage for a specific system, both the direct and ________ costs should be calculated.
In a BIA, the maximum amount of data loss an organization can accept is called what?
BIA time
Maximum acceptable outage
Recovery time objectives
Recovery point objectives
What is the time required for a system to be recovered called?
BIA time
Maximum acceptable outage
Recovery time objectives
Recovery point objectives
Which of the following statements is true?
The RPO applies to any systems or functions, whereas the RTO refers only to data housed in databases.
The RTO applies to any systems or functions, whereas the RPO refers only to data housed in databases.
Both the RTO and RPO apply to any systems or functions.
Both the RTO and RPO apply to data housed in databases.
In a BIA, which one of the following is a direct cost of the impact of an outage for a specific system?
Loss of customers
Loss of public goodwill
Loss of sales
Lost opportunities
What type of approach does a BIA use?
Bottom-up approach in which servers or services are examined first
Top-down approach in which CBFs are examined first
Middle-tier approach
Best-guess approach
Mission-critical business functions are considered vital to an organization. What are they derived from?
Critical success factors
Critical IT resources
Executive leadership
Employees
In developing a BIA, what should the critical business functions be mapped to?
Personnel
Revenue
Replacement costs
IT systems
Of the following choices, which is (are) considered best practice(s) related to a BIA?
Starting with clear objectives
Using different data collection methods
Mitigating identified risks
A and B only
All of the above
A cost-benefit analysis is an important part of a BIA.