Backup information that is critical to the organization is identified through a
A. Vulnerability Assessment (VA).
B. Business Continuity Plan (BCP).
C. Business Impact Analysis (BIA).
D. data recovery analysis.
|
Download Printable PDF. VALID exam to help you PASS. |
 |
C. BIA
C – Business Impact Analysis (BIA) – seems the right option:
“The BIA will have included an assessment of all databases, and the impact the loss of each will have. The degree of impact will determine what backup configurations and restore tools are appropriate for each individual database.
Which media type to use for backup, frequency of backups, where to store media, who has access to the media and reuse and rotation policies of media will all be decided based on a database’s impact to the business. Available budget will also play a role in developing the storage plan, so ISSMPs must be prepared to justify the costs of any technology or preventive measures used in the process.”
https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/security-operations/recovery-strategies/#gref
Answer D seems suspect. “Data recovery analysis” doesn’t come up in a search of the CISSP study materials. My guess would be C.