Risk analysis and the security survey 3rd edition
Download
1 / 17

Risk Analysis and the Security Survey 3rd edition - PowerPoint PPT Presentation


  • 97 Views
  • Uploaded on
  • Presentation posted in: General

Risk Analysis and the Security Survey 3rd edition. Chapter 15 Business Impact Analysis. Business Impact Analysis Introduction. Business Impact Analysis (BIA): Establish the value of each business unit Determines order of recovery Defines the impact of a disruption over time

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Risk Analysis and the Security Survey 3rd edition

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Risk Analysis and the Security Survey 3rd edition

Chapter 15

Business Impact Analysis


Business Impact AnalysisIntroduction

  • Business Impact Analysis (BIA):

    • Establish the value of each business unit

    • Determines order of recovery

    • Defines the impact of a disruption over time

    • Identifies interdependencies


Business Impact AnalysisIntroduction

  • BIA examines impacts over time on:

    • Service objectives

    • Financial position/cash flow

    • Regulatory issues/contractual issues

    • Market share/competitive issues


Business Impact AnalysisIntroduction

  • BIA will also:

    • Identify critical processes and applications

    • Establish the value of each business unit

    • Identify critical resources

    • Gain support for the recovery process

    • Increase management awareness

    • Reveal inefficiencies in normal operations

    • Justify recovery planning budgets


Business Impact AnalysisIntroduction

  • Determines Recovery Time Objectives;

    • Decides which functions are critical;

    • Establishes financial basis for strategies;

    • Provides understanding of the amount of risk to assume, transfer or mitigate


Business Impact AnalysisIntroduction

  • Establishes RTO and Recovery Point Objective (RPO)

    • Outage Tolerance vs. RTO

    • Shorter objective equates to most costly strategies

    • Result of BIA and management agreement

    • Can determine escalation point

    • RPO is amount of acceptable data loss

    • Often used to determine backup strategies

    • Timing considerations in RTO, RPO determination


Business Impact AnalysisIntroduction

  • Illustrates business cycle criticality

  • BIA is a separate planning element

  • Management time is minimized

  • Questions often included relate to:

    • Mitigation and Preparedness

    • Hazard identification

    • Resource requirements

    • Single points of failure

  • Initial strategy development


Business Impact AnalysisBIA vs. Risk Analysis

  • BIA subset of Risk Analysis

  • Places ‘asset value’ on business processes

  • Focuses less on hazard identification

  • Cause of disruption not considered

  • Goal not to rank criticality of risks


Business Impact AnalysisBIA vs. Risk Analysis

  • BIA/RA projects managed in similar ways

  • BIA is a partnership with senior management

  • Data presented differently


Business Impact AnalysisBIA Methodology

  • Project Planning

  • Data Collection

  • Data Analysis

  • Presentation of Data


Business Impact AnalysisBIA Methodology

  • Project planning

    • Management commitment:

      • Biggest single predictor of success or failure

      • Management sponsor

      • CFO

    • Top down approach

    • Credible data

    • Senior Management influence

    • Corporate wide view


Business Impact AnalysisBIA Methodology

  • Agree on scope of analysis

  • Determine who should participate

    • Highest level manager in each business unit

  • Prepare list of financial impacts

  • Decide on method to collect data

  • Schedule interviews

  • Include Risk Management, Information Technology


Business Impact AnalysisData Collection

  • Examine all current business functions

  • Data collected through interviews

  • Interviews seek financial and subjective impact information

  • Formation of questions important

  • Software programs and questionnaires

  • Sample questions (Box 15.1)


Business Impact AnalysisData Collection

  • Resource Data Collection

    • Short vs. long term resources needed

    • Include:

      • Employees and consultants

      • Internal and External Contacts

      • Customers

      • Forms and Supplies

      • Equipment

      • Software and Applications

      • Vital Records


Business Impact AnalysisData Analysis

  • Review of goals of analysis

  • Criticality not determined solely upon numerical data

  • Avoid duplication

  • Do not deduct insurance reimbursement from loss calculations

  • Validate results

    • Verify results with the business unit manager and CFO

  • Establish outage tolerance during normal and critical business cycles


Business Impact AnalysisData Presentation

  • Results presented to senior management

  • Data must be credible

  • Presentation short and simple

  • Financial data best presented graphically

  • State data as fact where possible

  • Outline expectations of management

    • What management must do with the results of the analysis


Business Impact AnalysisUpdates

  • Reanalyze annually

  • Reanalyze when strategic direction of company changes


ad
  • Login