On performing a risk assessment, you need to determine the potential impacts when some of the critical business processes of the company interrupt its service.
What is the name of the process by which you can determine those critical businesses?
In CEH v13 Module 01: Introduction to Ethical Hacking, Business Impact Analysis (BIA) is defined as a core component of the risk management process that helps identify and evaluate critical business functions, their dependencies, and the impact of downtime.
BIA is performed to:
Identify critical services and resources.
Determine the impact of their failure.
Define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO).
Prioritize systems for business continuity planning.
Option Clarification:
A. EPR: Emergency Plan Response – not a formal phase in BIA or risk analysis.
C. Risk Mitigation: Involves taking actions to reduce risks, but doesn't identify business-critical services.
D. DRP: Disaster Recovery Planning focuses on restoration, not impact assessment.
[Reference:, Module 01 – Risk Management Concepts: Business Impact Analysis (BIA), CEH v13 eBook: Risk Assessment and Business Continuity Planning, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit