Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Impact Analysis

Published byGladys Morton Modified over 6 years ago

Similar presentations

Presentation on theme: "Business Impact Analysis"— Presentation transcript:

1 Business Impact Analysis
Marc Scarborough Information Security Officer Rice University

2 Agenda Business Impact Analysis (BIA) Walk Through a Basic Template
Example General Notes Questions Links

3 Why BIA? From NIST (your tax dollars at work):
“The purpose of the BIA is to identify and prioritize system components by correlating them to the mission/business process(es) the system supports, and using this information to characterize the impact on the process(es) if the system were unavailable.”

4 Why BIA? Inventory Documentation Prioritization
When is the last time you had a good inventory of the systems performing your mission critical work? Documentation In an emergency situation do people know what to do? Prioritization Knowing what is integral in supporting critical University functions and its mission before something happens is good to know.

5 Example BIA Template Service Description Outage Impact
Maximum Tolerable Downtime Recovery Time Objectives Resource Requirements Recovery Priorities for System Resources

6 Service Description A primary focus of the BIA is to identify systems that support services critical to the University. The Service Description should include as much information as is not available elsewhere. As documentation for services progresses, pointers to existing, more often updated information might be more appropriate, if it contains the right information.

7 Service Description Description of what the service provides
Hardware and software Customers potentially impacted, both internal and external, due to outages Contact information as well Systems and services that depend on it Systems and services that it depends on Vendor and support contact information

8 Outage Impact Which services should receive priority during or after an emergency should be determined by how much (and how quickly) that service impacts operations within the University

9 Outage Impact When a service goes offline, how does it impact operations in the University? How long until operations are impacted? How long until operations are halted? Maximum Tolerable Downtime (MTD) How long will it take to recover? Recovery Time Objectives (RTO) Many IT services support several University operations Outage impact should be analyzed for each

10 Maximum Tolerable Downtime
MTD This is represented as the absolute maximum time that can be tolerated for a University operation to be stopped. For example, how long can the University go without the ability to pay for services? Each operation the service facilitates should have this information.

11 Recovery Time Objectives
RTO This is represented as the time a system (not an operation) is unavailable before potentially affecting other systems. For example, how long can DNS stay down before goes down, affecting University business? This should be smaller than the MTD, and include time to restore information or re-run processes (like tape restores), all within the MTD window.

12 Resource Requirements
The systems, hardware and software that support the service should be listed here. This might contain items from the Service Description section as well as specific dependencies.

13 Recovery Priorities Which systems and resources should be restored to service first? Now that the critical University operations, impacts to the campus, tolerable downtimes and service components have been identified, prioritize the recovery steps by system and resource.

14 Example - Sakai Service Description

15 Example - Sakai Outage Impact

16 Example - Sakai Maximum Tolerable Downtime and Recovery Time Objective

17 Example - Sakai Resource Requirements

18 Example - Sakai Recovery Priorities for System Resources

19 General Notes Its late in the day...
Remember what the BIA is designed to help you do: Identify and prioritize Help with both continuity and recovery planning The template I use is based on NIST guidelines, but each University will most likely need to create or modify one that works for them. Thank you

20 Questions?

21 Links NIST 34-rev1/sp rev1.pdf

Download ppt "Business Impact Analysis"

Similar presentations

Disaster Recovery The People Dimension. Today’s Agenda Why bother with any Disaster Recovery/Business Continuity Planning? Importance of the People Factor.

Disaster Recovery The People Dimension. Today’s Agenda Why bother with any Disaster Recovery/Business Continuity Planning? Importance of the People Factor.
Building the business case for Business Continuity Justin Davey Senior Consultant CA.

Building the business case for Business Continuity Justin Davey Senior Consultant CA.
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.

Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.

1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.

Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.

Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.
IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.

IT PLANNING Enterprise Architecture (EA) & Updates to the Plan.
Planning for Contingencies

Planning for Contingencies
ITIL Process Management An Overview of Service Management Processes Presented by Jerree Catlin, Sue Silkey & Thelma Simons.

ITIL Process Management An Overview of Service Management Processes Presented by Jerree Catlin, Sue Silkey & Thelma Simons.
Business Continuation Plan / Program Overview State CIO Council Meeting June 24, 2008.

Business Continuation Plan / Program Overview State CIO Council Meeting June 24, 2008.
Continuity of Operations Planning COOP Overview for Leadership (Date)

Continuity of Operations Planning COOP Overview for Leadership (Date)
IT Business Continuity Briefing March 3, 2011.  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.

IT Business Continuity Briefing March 3,  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.
Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.

Business Continuity and Disaster Recovery Chapter 8 Part 2 Pages 914 to 945.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –

Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Administration and Finance Incident Prioritization Document

Administration and Finance Incident Prioritization Document
ISA 562 Internet Security Theory & Practice

ISA 562 Internet Security Theory & Practice
2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery. 2015 Risky Business Week.

2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.
Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?

Project Tracking. Questions... Why should we track a project that is underway? What aspects of a project need tracking?

Similar presentations

Ads by Google