risk analysis and the security survey 3rd edition n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Risk Analysis and the Security Survey 3rd edition PowerPoint Presentation
Download Presentation
Risk Analysis and the Security Survey 3rd edition

Loading in 2 Seconds...

play fullscreen
1 / 17

Risk Analysis and the Security Survey 3rd edition - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

Risk Analysis and the Security Survey 3rd edition. Chapter 15 Business Impact Analysis. Business Impact Analysis Introduction. Business Impact Analysis (BIA): Establish the value of each business unit Determines order of recovery Defines the impact of a disruption over time

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Risk Analysis and the Security Survey 3rd edition' - desiree-bowers


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
risk analysis and the security survey 3rd edition

Risk Analysis and the Security Survey 3rd edition

Chapter 15

Business Impact Analysis

business impact analysis introduction
Business Impact AnalysisIntroduction
  • Business Impact Analysis (BIA):
    • Establish the value of each business unit
    • Determines order of recovery
    • Defines the impact of a disruption over time
    • Identifies interdependencies
business impact analysis introduction1
Business Impact AnalysisIntroduction
  • BIA examines impacts over time on:
    • Service objectives
    • Financial position/cash flow
    • Regulatory issues/contractual issues
    • Market share/competitive issues
business impact analysis introduction2
Business Impact AnalysisIntroduction
  • BIA will also:
    • Identify critical processes and applications
    • Establish the value of each business unit
    • Identify critical resources
    • Gain support for the recovery process
    • Increase management awareness
    • Reveal inefficiencies in normal operations
    • Justify recovery planning budgets
business impact analysis introduction3
Business Impact AnalysisIntroduction
  • Determines Recovery Time Objectives;
    • Decides which functions are critical;
    • Establishes financial basis for strategies;
    • Provides understanding of the amount of risk to assume, transfer or mitigate
business impact analysis introduction4
Business Impact AnalysisIntroduction
  • Establishes RTO and Recovery Point Objective (RPO)
    • Outage Tolerance vs. RTO
    • Shorter objective equates to most costly strategies
    • Result of BIA and management agreement
    • Can determine escalation point
    • RPO is amount of acceptable data loss
    • Often used to determine backup strategies
    • Timing considerations in RTO, RPO determination
business impact analysis introduction5
Business Impact AnalysisIntroduction
  • Illustrates business cycle criticality
  • BIA is a separate planning element
  • Management time is minimized
  • Questions often included relate to:
    • Mitigation and Preparedness
    • Hazard identification
    • Resource requirements
    • Single points of failure
  • Initial strategy development
business impact analysis bia vs risk analysis
Business Impact AnalysisBIA vs. Risk Analysis
  • BIA subset of Risk Analysis
  • Places ‘asset value’ on business processes
  • Focuses less on hazard identification
  • Cause of disruption not considered
  • Goal not to rank criticality of risks
business impact analysis bia vs risk analysis1
Business Impact AnalysisBIA vs. Risk Analysis
  • BIA/RA projects managed in similar ways
  • BIA is a partnership with senior management
  • Data presented differently
business impact analysis bia methodology
Business Impact AnalysisBIA Methodology
  • Project Planning
  • Data Collection
  • Data Analysis
  • Presentation of Data
business impact analysis bia methodology1
Business Impact AnalysisBIA Methodology
  • Project planning
    • Management commitment:
      • Biggest single predictor of success or failure
      • Management sponsor
      • CFO
    • Top down approach
    • Credible data
    • Senior Management influence
    • Corporate wide view
business impact analysis bia methodology2
Business Impact AnalysisBIA Methodology
  • Agree on scope of analysis
  • Determine who should participate
    • Highest level manager in each business unit
  • Prepare list of financial impacts
  • Decide on method to collect data
  • Schedule interviews
  • Include Risk Management, Information Technology
business impact analysis data collection
Business Impact AnalysisData Collection
  • Examine all current business functions
  • Data collected through interviews
  • Interviews seek financial and subjective impact information
  • Formation of questions important
  • Software programs and questionnaires
  • Sample questions (Box 15.1)
business impact analysis data collection1
Business Impact AnalysisData Collection
  • Resource Data Collection
    • Short vs. long term resources needed
    • Include:
      • Employees and consultants
      • Internal and External Contacts
      • Customers
      • Forms and Supplies
      • Equipment
      • Software and Applications
      • Vital Records
business impact analysis data analysis
Business Impact AnalysisData Analysis
  • Review of goals of analysis
  • Criticality not determined solely upon numerical data
  • Avoid duplication
  • Do not deduct insurance reimbursement from loss calculations
  • Validate results
    • Verify results with the business unit manager and CFO
  • Establish outage tolerance during normal and critical business cycles
business impact analysis data presentation
Business Impact AnalysisData Presentation
  • Results presented to senior management
  • Data must be credible
  • Presentation short and simple
  • Financial data best presented graphically
  • State data as fact where possible
  • Outline expectations of management
    • What management must do with the results of the analysis
business impact analysis updates
Business Impact AnalysisUpdates
  • Reanalyze annually
  • Reanalyze when strategic direction of company changes