Business impact analysis bia policy definition

Lab Assessment Questions & Answers

Use this website---------file:///C:/Users/Jamie/Downloads/Lab07_SLMx_Risk20%20(1).pdf

1. What is the goal and purpose of a business impact analysis (BIA)?

2. Why is a business impact analysis (BIA) an important first step in defining a business continuity

­plan (BCP)?

3. What is the definition of recovery time objective (RTO)? Why is this important to define in an IT

Security Policy Definition as part of the business impact analysis (BIA) or business continuity

plan (BCP)?

4. How do risk management and risk assessment relate to a business impact analysis (BIA) for an IT

infrastructure?

Performing a Business Impact Analysis for a Mock IT Infrastructure

5. True or false: If the recovery point objective (RPO) metric does not equal the recovery time

objective (RTO), you can potentially lose data that might not be backed up. This represents a gap

in potential lost or unrecoverable data.

6. If you have an RPO of 0 hours, what does that mean?

7. What must you explain to executive management when defining RTO and RPO objectives for the

BIA?

8. What questions do you have for executive management in order to finalize your BIA?

9. Why do customer service business functions typically have a short RTO and RPO maximum

allowable time objective?

10. To write backup and recovery procedures, you need to review the IT systems, hardware, software,

and communications infrastructure that supports business operations and functions, and you need

to define how to maximize availability. This alignment of IT systems and components must be

based on business operations, functions, and prioritizations. This prioritization is usually the

result of a risk assessment and how those risks, threats, and vulnerabilities impact business

operations and functions. What is the proper sequence of development and implementation for the