Define the purpose of the business impact analysis (BIA). Stress that this document is the first major
Question:
Define the purpose of the business impact analysis (BIA). Stress that this document is the first major component of the CP process and what it is intended for. As mentioned in the text, it serves as an investigation and assessment of the impact that various adverse events can have on the organization.
Compare and contrast the difference between risk management and a BIA. A BIA specifically assumes that controls that are in place have been bypassed or failed or were ineffective to stop the attack from occurring. Critique the approach stating that it is best to assume the worst to be able to recover quickly back to normal operation.
Assemble the considerations that should be included in the BIA document, as provided in the text. These are the following:
Scope: Carefully consider which parts of the organization to include in the BIA; determine which business units to cover, which systems to include, and the nature of the risk being evaluated.
Plan: The needed data will likely be voluminous and complex, so work from a careful plan to ensure that the proper data is collected to enable a comprehensive analysis. Getting the correct information to address the needs of decision makers is important.
Balance: Weigh the information available; some information may be objective in nature, while other information may only be available as subjective or anecdotal references. Facts should be weighted properly against opinions; however, sometimes the knowledge and experience of key personnel can be invaluable.
Objective: Identify in advance what the key decision makers require for making choices. Structure the BIA to bring them the information they need and to facilitate consideration of those choices.
Follow-up: Communicate periodically to ensure that process owners and decision makers will support the process and result of the BIA.
Order and present the three stages that the NIST SP 800-34, Rev. 1, recommend that should be in a BIA:
Determine mission/business processes and recovery criticality.
Identify resource requirements.
Identify recovery priorities for system resources.
Step by Step Answer:
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord