Security+: Business Impact Analysis Concepts

Introduction

A business works via a network of relationships and operations that are constantly being established and re-established. What this means is, what works for the business right now, might not do the job two months (or any other point in the future) from now. The many variables that keep the cog of industry turning, constantly change, which makes running a business a very challenging. At every step of the way, some sort of blocker might arise, stopping, delaying, or damaging the usual processes of the day to day running of a business. Identifying and dealing with these potential errors and risks is what makes Business Impact Analysis (BIA) so crucial. A clear understanding of BIA is crucial for those taking the Security+ exam.

Three main steps of BIA

A highly recommended approach for developing a BIA is built upon the following three steps:

  1. Developing a comprehensive understanding of the business environment – For a business to implement a holistic BIA, it is essential that they have a proper understanding of the multitude of information assets used to achieve the company’s mission. This is accomplished by meeting with each business units and understanding which technologies are essential for them to unleash their day to day responsibilities. By cataloging the entire business environment, organizations are then able to ensure that their disaster recovery plan properly includes all the systems necessary to maintain operations and achieve its goals. As an added benefit, during this portion of the exercise, a company may discover potential cost-saving avenues by identifying unnecessary or redundant technologies.
  2. Quickly identifying the critical technologies and processes – As soon as the company has cataloged the technologies that make up its core environment, they must then prioritize the technologies based on how crucial they are for achieving the organization’s mission and (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Preetam Kaushik. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Hf5g04LOrmA/