Business Impact Analysis

Slides:



Advertisements
Similar presentations
Disaster Recovery The People Dimension. Today’s Agenda Why bother with any Disaster Recovery/Business Continuity Planning? Importance of the People Factor.
Advertisements

Building the business case for Business Continuity Justin Davey Senior Consultant CA.
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
Planning for Contingencies
ITIL Process Management An Overview of Service Management Processes Presented by Jerree Catlin, Sue Silkey & Thelma Simons.
Business Continuation Plan / Program Overview State CIO Council Meeting June 24, 2008.
Continuity of Operations Planning COOP Overview for Leadership (Date)
IT Business Continuity Briefing March 3,  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.
Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Administration and Finance Incident Prioritization Document
ISA 562 Internet Security Theory & Practice
2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?
ITIL Process Management An Overview of Service Management Processes Thanks to Jerree Catlin, Sue Silkey & Thelma Simons University of Kansas.
Business Continuity & Disaster recovery
Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.
©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.
DRP World Class Operations - Impact Workshop Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products.
Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.
Key Terms Business Continuity Plan (BCP) – A comprehensive written plan to maintain or resume business in the event of a disruption Critical Process –
9 juni 2009 Alex van Os de Man BCI Forum 2009 Business Impact Analysis Process.
Disaster Recovery 2015 Indiana Statewide Payroll Conference Michael Ievoli-Client Support Specialist IV, Major Accounts September 16, 2015 Copyright ©
Disaster Recovery Management By: Chris Rozic COSC 481.
Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft IT Security - Regulations and Technical Aspects, 2007 Authors: Andreas Lorenz and Thomas Brandel.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
Business Continuity and Disaster Recovery
THINK DIFFERENT. THINK SUCCESS.
Utilizing Your Business Continuity Plan.
The case for a disaster recovery strategy for component XYZ
ATS Service Assurance Suite presentation
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Facilitation Tool: Team Agreement
Prevention is best … but what if …
Business Continuity / Recovery
PRESENTED BY MICHAEL PREMUZAK
Progress Report.
Guidelines for NSPRC Presentations
Chapter 13: Setting a Direction for Information Resources
Leverage What’s Out There
Officeatwork 365 Document Designer Allows Organizations to Design Brand- and Legal- Compliant Templates and Documents Globally OFFICE 365 APP BUILDER PROFILE:
Enterprise Architecture
Business Continuity Planning and IT Risk Management
NIST Cybersecurity Framework
Alabede, Collura, Walden, Zimmerman
How does a Requirements Package Vary from Project to Project?
Guidelines for NSPRC Presentations
Berry College Disaster Recovery Soft Exit
Fundamentals of a Business Impact Analysis
Mission Essential Functions Identification and Prioritization
Mission Continuity Program
Audit Planning Presentation - Disaster Recovery Plan
Just-in-Time Management Advice
Business Continuity Technology
Continuity Peter Smith, Director of Legal Sales
Understanding Back-End Systems
Business Impact Analysis
Disaster Recovery at UNC
Barton Financial Aid Office Business Continuity Plan
Continuity of Operations Planning
Project Name - Testing Iteration 1 UAT Kick-off
Information technology
Conducting a Business Impact Analysis (BIA)
Presentation transcript:

Business Impact Analysis Marc Scarborough Information Security Officer Rice University marcs@rice.edu

Agenda Business Impact Analysis (BIA) Walk Through a Basic Template Example General Notes Questions Links

Why BIA? From NIST (your tax dollars at work): “The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable.”

Why BIA? Inventory Documentation Prioritization When is the last time you had a good inventory of the systems performing your mission critical work? Documentation In an emergency situation do people know what to do? Prioritization Knowing what is integral in supporting critical University functions and its mission before something happens is good to know.

Example BIA Template Service Description Outage Impact Maximum Tolerable Downtime Recovery Time Objectives Resource Requirements Recovery Priorities for System Resources

Service Description A primary focus of the BIA is to identify systems that support services critical to the University. The Service Description should include as much information as is not available elsewhere. As documentation for services progresses, pointers to existing, more often updated information might be more appropriate, if it contains the right information.

Service Description Description of what the service provides Hardware and software Customers potentially impacted, both internal and external, due to outages Contact information as well Systems and services that depend on it Systems and services that it depends on Vendor and support contact information

Outage Impact Which services should receive priority during or after an emergency should be determined by how much (and how quickly) that service impacts operations within the University

Outage Impact When a service goes offline, how does it impact operations in the University? How long until operations are impacted? How long until operations are halted? Maximum Tolerable Downtime (MTD) How long will it take to recover? Recovery Time Objectives (RTO) Many IT services support several University operations Outage impact should be analyzed for each

Maximum Tolerable Downtime MTD This is represented as the absolute maximum time that can be tolerated for a University operation to be stopped. For example, how long can the University go without the ability to pay for services? Each operation the service facilitates should have this information.

Recovery Time Objectives RTO This is represented as the time a system (not an operation) is unavailable before potentially affecting other systems. For example, how long can DNS stay down before Email goes down, affecting University business? This should be smaller than the MTD, and include time to restore information or re-run processes (like tape restores), all within the MTD window.

Resource Requirements The systems, hardware and software that support the service should be listed here. This might contain items from the Service Description section as well as specific dependencies.

Recovery Priorities Which systems and resources should be restored to service first? Now that the critical University operations, impacts to the campus, tolerable downtimes and service components have been identified, prioritize the recovery steps by system and resource.

Example - Sakai Service Description

Example - Sakai Outage Impact

Example - Sakai Maximum Tolerable Downtime and Recovery Time Objective

Example - Sakai Resource Requirements

Example - Sakai Recovery Priorities for System Resources

General Notes Its late in the day... Remember what the BIA is designed to help you do: Identify and prioritize Help with both continuity and recovery planning The template I use is based on NIST guidelines, but each University will most likely need to create or modify one that works for them. Thank you

Questions?

Links NIST http://csrc.nist.gov/publications/nistpubs/800- 34-rev1/sp800-34-rev1.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.