Risk analysis and the security survey 3rd edition
This presentation is the property of its rightful owner.
Sponsored Links
1 / 17

Risk Analysis and the Security Survey 3rd edition PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on
  • Presentation posted in: General

Risk Analysis and the Security Survey 3rd edition. Chapter 15 Business Impact Analysis. Business Impact Analysis Introduction. Business Impact Analysis (BIA): Establish the value of each business unit Determines order of recovery Defines the impact of a disruption over time

Download Presentation

Risk Analysis and the Security Survey 3rd edition

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Risk analysis and the security survey 3rd edition

Risk Analysis and the Security Survey 3rd edition

Chapter 15

Business Impact Analysis


Business impact analysis introduction

Business Impact AnalysisIntroduction

  • Business Impact Analysis (BIA):

    • Establish the value of each business unit

    • Determines order of recovery

    • Defines the impact of a disruption over time

    • Identifies interdependencies


Business impact analysis introduction1

Business Impact AnalysisIntroduction

  • BIA examines impacts over time on:

    • Service objectives

    • Financial position/cash flow

    • Regulatory issues/contractual issues

    • Market share/competitive issues


Business impact analysis introduction2

Business Impact AnalysisIntroduction

  • BIA will also:

    • Identify critical processes and applications

    • Establish the value of each business unit

    • Identify critical resources

    • Gain support for the recovery process

    • Increase management awareness

    • Reveal inefficiencies in normal operations

    • Justify recovery planning budgets


Business impact analysis introduction3

Business Impact AnalysisIntroduction

  • Determines Recovery Time Objectives;

    • Decides which functions are critical;

    • Establishes financial basis for strategies;

    • Provides understanding of the amount of risk to assume, transfer or mitigate


Business impact analysis introduction4

Business Impact AnalysisIntroduction

  • Establishes RTO and Recovery Point Objective (RPO)

    • Outage Tolerance vs. RTO

    • Shorter objective equates to most costly strategies

    • Result of BIA and management agreement

    • Can determine escalation point

    • RPO is amount of acceptable data loss

    • Often used to determine backup strategies

    • Timing considerations in RTO, RPO determination


Business impact analysis introduction5

Business Impact AnalysisIntroduction

  • Illustrates business cycle criticality

  • BIA is a separate planning element

  • Management time is minimized

  • Questions often included relate to:

    • Mitigation and Preparedness

    • Hazard identification

    • Resource requirements

    • Single points of failure

  • Initial strategy development


Business impact analysis bia vs risk analysis

Business Impact AnalysisBIA vs. Risk Analysis

  • BIA subset of Risk Analysis

  • Places ‘asset value’ on business processes

  • Focuses less on hazard identification

  • Cause of disruption not considered

  • Goal not to rank criticality of risks


Business impact analysis bia vs risk analysis1

Business Impact AnalysisBIA vs. Risk Analysis

  • BIA/RA projects managed in similar ways

  • BIA is a partnership with senior management

  • Data presented differently


Business impact analysis bia methodology

Business Impact AnalysisBIA Methodology

  • Project Planning

  • Data Collection

  • Data Analysis

  • Presentation of Data


Business impact analysis bia methodology1

Business Impact AnalysisBIA Methodology

  • Project planning

    • Management commitment:

      • Biggest single predictor of success or failure

      • Management sponsor

      • CFO

    • Top down approach

    • Credible data

    • Senior Management influence

    • Corporate wide view


Business impact analysis bia methodology2

Business Impact AnalysisBIA Methodology

  • Agree on scope of analysis

  • Determine who should participate

    • Highest level manager in each business unit

  • Prepare list of financial impacts

  • Decide on method to collect data

  • Schedule interviews

  • Include Risk Management, Information Technology


Business impact analysis data collection

Business Impact AnalysisData Collection

  • Examine all current business functions

  • Data collected through interviews

  • Interviews seek financial and subjective impact information

  • Formation of questions important

  • Software programs and questionnaires

  • Sample questions (Box 15.1)


Business impact analysis data collection1

Business Impact AnalysisData Collection

  • Resource Data Collection

    • Short vs. long term resources needed

    • Include:

      • Employees and consultants

      • Internal and External Contacts

      • Customers

      • Forms and Supplies

      • Equipment

      • Software and Applications

      • Vital Records


Business impact analysis data analysis

Business Impact AnalysisData Analysis

  • Review of goals of analysis

  • Criticality not determined solely upon numerical data

  • Avoid duplication

  • Do not deduct insurance reimbursement from loss calculations

  • Validate results

    • Verify results with the business unit manager and CFO

  • Establish outage tolerance during normal and critical business cycles


Business impact analysis data presentation

Business Impact AnalysisData Presentation

  • Results presented to senior management

  • Data must be credible

  • Presentation short and simple

  • Financial data best presented graphically

  • State data as fact where possible

  • Outline expectations of management

    • What management must do with the results of the analysis


Business impact analysis updates

Business Impact AnalysisUpdates

  • Reanalyze annually

  • Reanalyze when strategic direction of company changes


  • Login