CompTIA Security Plus Mock Test Q380

In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?

A. Business Impact Analysis
B. IT Contingency Plan
C. Disaster Recovery Plan
D. Continuity of Operations

Correct Answer: A
Section: Compliance and Operational Security

Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.

Incorrect Answers:
B: IT Contingency plan is usually part of the disaster recovery plan.
C: Disaster recovery plan usually deals with site relocation in the event of an emergency, natural disaster, or service outage.
D: Continuity of operation plan refers to policies, processes and methods that an organization has to follow to minimize the impact of failure of the key components needed for operations.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 29, 432