Skip to Content

ISACA CISM: Determine Application Resilience Requirements

By: Author Alex Lim

Posted on

Categories Exam

Discover the best approach to determine an application’s resilience requirements according to the ISACA CISM certification exam. Learn how a business impact analysis (BIA) plays a crucial role in ensuring the continuity and recovery of critical applications.

Table of Contents

Question

The resilience requirements of an application are BEST determined by:

A. a cost-benefit analysis.
B. a threat assessment.
C. a business impact analysis (BIA).
D. a risk assessment.

Answer

C. a business impact analysis (BIA).

Explanation

A business impact analysis (BIA) is the most effective way to determine the resilience requirements of an application. The BIA helps identify the critical business processes and the applications that support them, assessing the potential impact of disruptions on the organization’s operations, finances, and reputation.

By conducting a BIA, an organization can:

  1. Identify critical applications and their recovery time objectives (RTO) and recovery point objectives (RPO).
  2. Prioritize applications based on their importance to the business and the maximum tolerable downtime.
  3. Determine the resources required to maintain and recover critical applications during a disruption.
  4. Develop strategies to mitigate the impact of disruptions and ensure the continuity of critical applications.

While the other options mentioned – cost-benefit analysis, threat assessment, and risk assessment – are important components of an overall resilience strategy, they do not directly determine the resilience requirements of an application.

  • A cost-benefit analysis helps evaluate the financial feasibility of resilience measures but does not identify the specific requirements.
  • A threat assessment identifies potential threats to an application but does not determine the resilience requirements needed to mitigate those threats.
  • A risk assessment evaluates the likelihood and impact of risks to an application but does not directly establish the resilience requirements.

In summary, a business impact analysis (BIA) is the best approach to determine an application’s resilience requirements, as it identifies critical applications, their recovery objectives, and the resources needed to ensure their continuity during a disruption.

ISACA CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CISM exam and earn ISACA CISM certification.