Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA)?

A.

Source: HARRIS, S., CISSP All- In-One Exam Guide, 3rd.

Edition, 2005, Chapter 9, Page 701

There have been much discussion about the steps of the BIA and I struggled with this before deciding to scrape the question about "the four steps," and re-write the question using the AIO for a reference.This question should be easy...

if you know all eight steps.

The eight detailed and granular steps of the BIA are: 1.Select Individuals to interview for the data gathering.

2.Create data gathering techniques (surveys, questionnaires, qualitative and quantitative approaches)

3.Identify the company's critical business functions.

4.Identify the resources that these functions depend upon.

5.Calculate how long these functions can survive without these resources.

6.Identify vulnerabilities and the threats to these functions.

7.Calculate risk for each of the different business functions.

8.Document findings and report them to management.

Shon goes on to cover each step in Chapter 9.

The Business Impact Assessment (BIA) is a process that is conducted to determine the criticality of business functions and the impact of any disruption to those functions. The eight detailed steps of a BIA are as follows:

1. Initiate the BIA: Notify senior management of the start of the assessment.
2. Assemble the BIA team: Identify a team of stakeholders from across the organization to participate in the assessment.
3. Define critical business functions: Identify the organization's critical business functions, which are those that are essential to the organization's operations.
4. Identify resources: Identify the resources required to support the critical business functions.
5. Identify impacts: Determine the impact that a disruption to the critical business functions would have on the organization.
6. Develop recovery strategies: Develop strategies to recover the critical business functions in the event of a disruption.
7. Develop a plan: Develop a comprehensive plan to recover the critical business functions.
8. Implement the plan: Implement the plan and test it periodically to ensure it is effective.

Out of the options provided, the step that is not one of the eight detailed steps of a BIA is option D: Calculating the risk for each different business function. While risk assessment is an important component of business continuity planning, it is not a detailed step in the BIA process. Rather, the BIA process is focused on identifying the critical business functions and developing strategies to recover those functions in the event of a disruption. Risk assessment is typically conducted as a separate activity to determine the likelihood and potential impact of different types of disruptions.