Dr. Benjamin [email protected]
New York Institute of TechnologyNew York Institute of TechnologySchool of ManagementSchool of Management
Objective:
To determine the effect the mission-critical information systems failure have on the viability & operations of enterprise core business processes.
Note: BIA done as part of Risk Assessment
04/20/23 2benk
Results of BIA helps determine how CRITICAL a specific:Application,System,Business Process, or Other Asset is to the enterprise.
04/20/23 3benk
Process:1. Create set of Definitions of Impact
on business (see Table 9.1)2.Create set of Impact Tables that
identify the impact thresholds for various categories (see Table 9.2)
3.Create Financial Impact worksheet (see sample table in Table 9.3)
4.Fill-in the values for various categories into the BIA worksheet (see Table 9.4)
04/20/23 4benk
Examples:
1. Accounts Payable Dept. Impact threshold level is 3-5 days(see Table 9.5)
2. Purchasing Dept. Impact threshold level is 2 days(see Table 9.6)
04/20/23 5benk
1. Define the Scope.2. Identify Assets (consider the
types/categories).3. Identify Threats & Vulnerabilities to assets
(consider the types/categories).4. Determine the Probability of occurrence.5. Determine the Impact or Criticality of
occurrence (Quantitative or Qualitative).6. Derive the Risk Level (BIA can be done here).7. Identify Safeguards/Controls (consider the
types/categories).04/20/23 6benk
8. Determine the Safeguards/Controls to Implement by Cost-Benefit Analysis.
9. Implement Safeguards/Controls.10.Continuous Monitoring & Regular Audits.
04/20/23 7benk
Thank You for a great Thank You for a great semester!!!semester!!!
Dr. Benjamin [email protected]
New York Institute of TechnologyNew York Institute of TechnologySchool of ManagementSchool of Management