FREE Trial

Define the purpose of the business impact analysis (BIA). Stress that this document is the first major

Question:

Define the purpose of the business impact analysis (BIA). Stress that this document is the first major component of the CP process and what it is intended for. As mentioned in the text, it serves as an investigation and assessment of the impact that various adverse events can have on the organization.
Compare and contrast the difference between risk management and a BIA. A BIA specifically assumes that controls that are in place have been bypassed or failed or were ineffective to stop the attack from occurring. Critique the approach stating that it is best to assume the worst to be able to recover quickly back to normal operation.
Assemble the considerations that should be included in the BIA document, as provided in the text. These are the following:
Scope: Carefully consider which parts of the organization to include in the BIA; determine which business units to cover, which systems to include, and the nature of the risk being evaluated.
Plan: The needed data will likely be voluminous and complex, so work from a careful plan to ensure that the proper data is collected to enable a comprehensive analysis. Getting the correct information to address the needs of decision makers is important.
Balance: Weigh the information available; some information may be objective in nature, while other information may only be available as subjective or anecdotal references. Facts should be weighted properly against opinions; however, sometimes the knowledge and experience of key personnel can be invaluable.
Objective: Identify in advance what the key decision makers require for making choices. Structure the BIA to bring them the information they need and to facilitate consideration of those choices.
Follow-up: Communicate periodically to ensure that process owners and decision makers will support the process and result of the BIA.
Order and present the three stages that the NIST SP 800-34, Rev. 1, recommend that should be in a BIA:
Determine mission/business processes and recovery criticality.
Identify resource requirements.
Identify recovery priorities for system resources.

Fantastic news! We've Found the answer you've been seeking!

Step by Step Answer:

Answer rating: 63% (11 reviews)

Answers 1 The purpose of the business impact analysis BIA is to assess the impact that various adverse events can have on the organization This document is the first major component of the CP process ...View the full answer


answer-question-section
Answered By
tutor-profile-image
Vikas Rathour
I have been tutoring for over five years, and I have experience with students of all ages and levels. I have a degree in Education and I am currently working on my Master's degree in Education. I am patient and adaptable, and I am confident that I can help any student improve their grades and confidence in any subject.
0.00 0 Reviews 10+ Question Solved
Related Book For  book-img-for-question
Principles Of Information Security

Principles Of Information Security

ISBN: 9780357506431

7th Edition

Authors: Michael E. Whitman, Herbert J. Mattord

See More Books
Question Posted:
See More Questions

Students also viewed these Computer science questions

Indian Mythology Tales Symbols And Rituals From The Heart Of The Subcontinent - ISBN: 0892818700 - Free Book