Question

A chief Information Security Officer (CISO) is performing a BIA for the organization in case of a natural disaster. Which of the following should be at the top of the CISO's list?
a. identify redundant and high-availability systems
b. identify mission-critical applications and systems
c. identify the single point of failure in the systems
d. identify the impact on safety of the property

Answer 1

Answer:

The correct answer is option (D) Identify the impact on safety of the property

Explanation:

Solution

In every Business Impact Analysis, the first and the most important step is for the CISO is to identify and estimate the impact of the aftereffects on the business and property of an organization that may be occurred from the disaster.

Physical security is very important, but it is not noticed by most organizations. It is important if you do not want anyone to take  away your information or destroy it, in case of natural calamity. the reason could be that, the intruder is  doing it for his personal achievement, financial gain,or seeking revenge or when one is taken unaware and becomes a target. If this security is not maintained properly all the safety measures will not be useful once the attacker gets through by gaining physical access.

Example of property can be software, equipment, facilities, company’s assets.