Risk analysis and the security survey 3rd edition
1 / 17

Risk Analysis and the Security Survey 3rd edition - PowerPoint PPT Presentation

  • Uploaded on

Risk Analysis and the Security Survey 3rd edition. Chapter 15 Business Impact Analysis. Business Impact Analysis Introduction. Business Impact Analysis (BIA): Establish the value of each business unit Determines order of recovery Defines the impact of a disruption over time

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Risk Analysis and the Security Survey 3rd edition' - desiree-bowers

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Risk analysis and the security survey 3rd edition

Risk Analysis and the Security Survey 3rd edition

Chapter 15

Business Impact Analysis

Business impact analysis introduction
Business Impact AnalysisIntroduction

  • Business Impact Analysis (BIA):

    • Establish the value of each business unit

    • Determines order of recovery

    • Defines the impact of a disruption over time

    • Identifies interdependencies

Business impact analysis introduction1
Business Impact AnalysisIntroduction

  • BIA examines impacts over time on:

    • Service objectives

    • Financial position/cash flow

    • Regulatory issues/contractual issues

    • Market share/competitive issues

Business impact analysis introduction2
Business Impact AnalysisIntroduction

  • BIA will also:

    • Identify critical processes and applications

    • Establish the value of each business unit

    • Identify critical resources

    • Gain support for the recovery process

    • Increase management awareness

    • Reveal inefficiencies in normal operations

    • Justify recovery planning budgets

Business impact analysis introduction3
Business Impact AnalysisIntroduction

  • Determines Recovery Time Objectives;

    • Decides which functions are critical;

    • Establishes financial basis for strategies;

    • Provides understanding of the amount of risk to assume, transfer or mitigate

Business impact analysis introduction4
Business Impact AnalysisIntroduction

  • Establishes RTO and Recovery Point Objective (RPO)

    • Outage Tolerance vs. RTO

    • Shorter objective equates to most costly strategies

    • Result of BIA and management agreement

    • Can determine escalation point

    • RPO is amount of acceptable data loss

    • Often used to determine backup strategies

    • Timing considerations in RTO, RPO determination

Business impact analysis introduction5
Business Impact AnalysisIntroduction

  • Illustrates business cycle criticality

  • BIA is a separate planning element

  • Management time is minimized

  • Questions often included relate to:

    • Mitigation and Preparedness

    • Hazard identification

    • Resource requirements

    • Single points of failure

  • Initial strategy development

Business impact analysis bia vs risk analysis
Business Impact AnalysisBIA vs. Risk Analysis

  • BIA subset of Risk Analysis

  • Places ‘asset value’ on business processes

  • Focuses less on hazard identification

  • Cause of disruption not considered

  • Goal not to rank criticality of risks

Business impact analysis bia vs risk analysis1
Business Impact AnalysisBIA vs. Risk Analysis

  • BIA/RA projects managed in similar ways

  • BIA is a partnership with senior management

  • Data presented differently

Business impact analysis bia methodology
Business Impact AnalysisBIA Methodology

  • Project Planning

  • Data Collection

  • Data Analysis

  • Presentation of Data

Business impact analysis bia methodology1
Business Impact AnalysisBIA Methodology

  • Project planning

    • Management commitment:

      • Biggest single predictor of success or failure

      • Management sponsor

      • CFO

    • Top down approach

    • Credible data

    • Senior Management influence

    • Corporate wide view

Business impact analysis bia methodology2
Business Impact AnalysisBIA Methodology

  • Agree on scope of analysis

  • Determine who should participate

    • Highest level manager in each business unit

  • Prepare list of financial impacts

  • Decide on method to collect data

  • Schedule interviews

  • Include Risk Management, Information Technology

Business impact analysis data collection
Business Impact AnalysisData Collection

  • Examine all current business functions

  • Data collected through interviews

  • Interviews seek financial and subjective impact information

  • Formation of questions important

  • Software programs and questionnaires

  • Sample questions (Box 15.1)

Business impact analysis data collection1
Business Impact AnalysisData Collection

  • Resource Data Collection

    • Short vs. long term resources needed

    • Include:

      • Employees and consultants

      • Internal and External Contacts

      • Customers

      • Forms and Supplies

      • Equipment

      • Software and Applications

      • Vital Records

Business impact analysis data analysis
Business Impact AnalysisData Analysis

  • Review of goals of analysis

  • Criticality not determined solely upon numerical data

  • Avoid duplication

  • Do not deduct insurance reimbursement from loss calculations

  • Validate results

    • Verify results with the business unit manager and CFO

  • Establish outage tolerance during normal and critical business cycles

Business impact analysis data presentation
Business Impact AnalysisData Presentation

  • Results presented to senior management

  • Data must be credible

  • Presentation short and simple

  • Financial data best presented graphically

  • State data as fact where possible

  • Outline expectations of management

    • What management must do with the results of the analysis

Business impact analysis updates
Business Impact AnalysisUpdates

  • Reanalyze annually

  • Reanalyze when strategic direction of company changes