Business Impact Analysis
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi there and welcome to
00:00
our next lesson, Business Impact Analysis.
00:00
We're going to talk a little bit about what
00:00
business impact analysis is
00:00
or commonly referred to as a BIA.
00:00
Some of the main questions that you need to ask when
00:00
you're developing your business impact analysis,
00:00
and some of the levels of criticality that can be
00:00
defined within the business impact analysis.
00:00
Let's begin. Basically,
00:00
the business impact analysis it's essentially
00:00
the first step in developing
00:00
your business continuity strategy.
00:00
Business continuity strategy is
00:00
all about keeping the business
00:00
running in the event of
00:00
a disaster and then that maybe IT disaster,
00:00
it could be natural disaster,
00:00
but the key focus is
00:00
whatever it takes to keep the business running.
00:00
It's basically, the impact analysis is understanding
00:00
exactly what will impact your business significantly.
00:00
You evaluate essentially a critical business processes
00:00
and you're supporting IT components
00:00
and work out a way to keep the business
00:00
running in the event that
00:00
something bad happens to all of those.
00:00
There's needs to be basically a key
00:00
understanding of the organization to do achieve this,
00:00
and so that's basically what are
00:00
the important business processes
00:00
and what is the IT infrastructure.
00:00
Very much to in-depth understanding
00:00
of those two aspects of
00:00
the business is needed and it needs to cover all assets.
00:00
If it doesn't cover all assets,
00:00
then there could be gaps in the level of
00:00
criticality that is contained
00:00
within the business processes.
00:00
You need to have a full understanding
00:00
of the business process or
00:00
the IT infrastructure and all the assets
00:00
that support the business strategic goals.
00:00
Now, some of the main questions to ask.
00:00
First up, what are the business processes?
00:00
Are you a processing
00:00
customer orders, processing accounts?
00:00
What does the business actually do?
00:00
While it may seem like a very obvious question,
00:00
if you really drill down into what impacts the business,
00:00
you often find that there are below
00:00
processes which you never really
00:00
understood or never really thought of.
00:00
You also need to understand what are
00:00
the information resources used
00:00
by these business processes.
00:00
You need to draw a line between what the process
00:00
does and what information it accesses,
00:00
so get a good understanding of that.
00:00
Importantly, what is the recovery time period?
00:00
For some online retailers, for example,
00:00
any downtime for their front end web site
00:00
where their customers can access,
00:00
could equate to millions of dollars.
00:00
You need to understand exactly for
00:00
the business that should have
00:00
doing the impact analysis for,
00:00
what is their critical recovery time period?
00:00
Is it one minute, one hour,
00:00
one day, or one month, for example?
00:00
The other thing to take into account is,
00:00
are there any manual processes that can
00:00
help with that recovery time period?
00:00
The IT system files,
00:00
can they resort to
00:00
a manual process to make do for the time being?
00:00
Now, classification of criticality.
00:00
Now, there's a few models here depending
00:00
upon how you're conducting your business impact analysis.
00:00
These levels may change,
00:00
but ultimately it's defining
00:00
exactly a level of importance.
00:00
Critical, vital, sensitive,
00:00
or non-sensitive, we can use
00:00
a number of terms to define those,
00:00
but wherever they are,
00:00
it's defining a particular level
00:00
ranging from most critical to the least critical.
00:00
That's business impact analysis,
00:00
so spoken a little bit about what it is.
00:00
Some of the main questions
00:00
that you need to ask when you're
00:00
conducting a business impact analysis.
00:00
Some of the criticality levels that you
00:00
need to think about to
00:00
apply to those processes
00:00
and some of those information assets.
00:00
I hope you enjoyed this lesson
00:00
and I will catch with the next one.
Up Next
