Hello and welcome back to this. I bury 2019 comp t A security plus certification preparation course.
We continue our discussion off marginal five and the topic discussion will be the main five risk management.
Surprising enough, we have a brand new objective, which is five point to where we have to summarize business impact analysis concepts
as mentioned in previous lock This brand new objectives title summarized Business Impact analysis concept
within the context of summarised the business impact analysis concept, we have some important concepts which we need to highlight first, all we began by first or discussing the Rto as well as the R P O, which stands for recovery time objective and you recovery point objective the next. I don't want be meantime, between failures,
then I mean time to repair.
We also highlight the mission essential function concept, identification of critical systems and, lastly, the single point of failure.
Let's briefly taken look at the first item on our agenda, which is a pre assessment quiz, and it reads as follows. You're shopping for a new A C unit for your server room and you compare them manufacturers ratings. Which combination will minimize the time you have to go without sufficient cooling is a where you have a high meantime between failures
in a high. I mean time to repair, replace?
Or is it B where you have a higher meantime between failures and a low mean time to repair, replace or that see where you have a low meantime between failures and a high? I mean time to repair or replace or lastly, D, where you have a low meantime between failures
and a low mean time to repair replace.
In this case, if you said, let it be your absolute correct, because where you have what we call a high meantime between fares means that the unit was selling fell and where you have a low mean time to repair replace means it would take mess time to repair.
Let's begin the process of summarized in various business Impact, announces concepts. One of the first concept that we need to highlight is recovery time objective as well as your recovery point objective. With that being said, we think about your recovery time. Objective is the my time, within which a process
must be restored at the disaster to meet business continuity
on The other hand, when you think about your recovery point objective is, in fact, the amount of time that can elapse during a disruption before the quality of the data laws during that period exceeds your business continuity planning maximum allowable thus whole. Simply put,
your curry point objective specifies the allowable
The next concept is, meantime, between failures. The meantime between failures is the average amount of time that passes between ah, hardware component failures, it screaming time spent with parent components or waiting for repairs. Your meantime, between phases intended to measure only the time
a component is available and operating,
then we have I mean, time to repair or empty T R.
This is an average of my time required to fix a fail component or device and return it to production status.
The next concept we need to discuss is call mission essential functions.
Did you know that a mission, a central function, are the limit set of department and a sea level government functions that must be continued throughout or resume rapidly after disruption of normal operations?
Your mission of central functions are functions that cannot be differ, doing an emergency or disaster ensure there are activities that need to be merely functional at an alternate site until normal operations can be restored.
Then we have identification of critical systems. Critical system is a system which must be highly reliable and retained this reliability as they evolve without incurring prohibitive costs.
There are four types of critical system that you need to be aware off first or we have safety, which is considered critical
mission. It's a considered critical business is considered critical and lastly, security is considered critical as well.
Additionally, there are some examples of some missing critical system that you need be aware, such as online banking system,
railway and aircraft operating in control systems, electric power systems and many other computer systems that were adversely affect business and society when they fail.
Failure of it will cause very high cost loss for a business as well,
Then we have a term call single point of failure.
A single point of failure is a potential risk posed by a flaw in the design implementation, all configuration of a circuit or system in which one fault or malfunction caused an entire system to stop operating.
Continue our discussion of a balloon objective 5.2 summarized business impact analysis concept.
We're gonna take a look at some additional concept, which encompasses dis objective, such as the impact within the impact we can highlight life,
property safety, finance as well as reputation. With that being said, let's first, I'll take a look at the impact.
Now we think about the impact with the thing about life.
Life, natural disasters. Intentional manmade attacks can be made severe enough to jeopardize the lives of employees and customers.
Then we have property. Physical damage to buildings and other property can be caused by natural disasters and intentional manmade attacks as well.
Safety on a hand is personal safe. There are employees and customers can be caused by natural disasters, intentional manmade attacks and unintentional manmade risk.
The we have financed monetary damage can be caused by natural disasters, intentional manmade attacks,
unintentional man made abyss and system risk. And then we have reputation.
Man made risk and system was have the potential to cause harm
to an organization's reputation as well.
Could you are very last
get objective again or subcategory projectors. We're gonna take a look at privacy impact assessment as well as privacy threshold assessment. Again, we're highlighting five point to what we have to summarize Business impact analysis concepts.
So turn out into your privacy impact assessment.
A privacy impact assessment is a process which assists organisations and identifying and minimizing the privacy risk off new projects or policies
doing a privacy impact assessment,
or P I is not a trivial task. This is involved not only identifying personal data but determining how did that it would flow through the business processes and technology.
Whether that has been changed, if it will be shared with 1/3 party, such as a vendor and how it wonder data will be deleted,
1/3 party should have the same privacy practices as your organization and provide agreements that bind them to protect the personal information you have go like the wind. It's in their particular custody.
Then we have the privacy threshold assessment.
The purpose of this privacy torso assessment is to help a company department gays just system information and determine how to appropriately treat data has been acquired by the organization.
At this point in time, we have a post assessment quiz, and it reads as follows a single point of failure is a potential risk posed by flaw in the design implementation of configuration of a circuit or system in which one fault or malfunction caused an entire system to stop operating.
Is this true or false?
In this case, if you said to chew, you're absolutely correct.
At this point time, we have our key takeaways
doing this particular video presentation. We discuss and learned that meantime, repair is a basic measure of the maintain ability of our parable items. It represent the average time acquired to repair a fail component or device.
We also learned that the meantime between failure is a middle high. Reliable IT hardware product or component is for most components. The merger is typically in thousands, even tens of thousands of hours between failures.
We also discussed the impact we learned that the impact is the manager of the tangible and intangible effects. Other words. Consequences of one thing or entity, action or influence upon another.
We learned that a critical system is assistant, which must be highly reliable and retainers liability as they evolve without incurring prohibitive costs.
We learned that a single point of failure is a potential risk posed by flaw in the design, implementation all configuration. The circus system in which one fault fault or malfunction causes an entire system to talk, stop operate. In other words,
privacy impact assessment analysis are important aspect of privacy compliance documentation, but aren't the only evaluations necessary for an organization
in our upcoming video presentation will continue on by taking a look at 5.3, and the top of discussion will be explained. Risk mental processes and concepts and again, I look for to see you in a very next video.