Professional Documents
Culture Documents
Sec 08058
Sec 08058
Planning Toolkit
Security 2008 – EDUCAUSE & Internet2
Security Professionals Conference
Robert J. Block (B.J.), IT Security Analyst
University of Rochester
Facilities Functions
IT Services Event
Communications
Functions Pandemic Event
Where to Start?
Definition:
A management level analysis, which
identifies the impacts of losing resources.
This analysis measures the effect of resource
loss and escalating losses over time. In order
to provide senior management with reliable
data upon which to base decisions on risk
mitigation and continuity planning.
Goals of the
Business Impact Analysis
To establish the value of each organizational
unit or resource as they relate to the function of
the total organization
To provide the basis for identifying the critical
resources required to develop a business
recovery strategy
To establish an order or priority to restoring the
function of the organization in the event of a
disastrous event
Considerations
Phases
Project Planning
Data Collection
Data Analysis
Reporting Findings
Approval for Next Phase
Business Impact Analysis
Project Planning
Identify
Objectives
• Criticality of business functions
• Critical dependencies
• Impact of disruptions
• Critical resources
Scope
• Departmental
• Facility
• Complex
• Region
• Organization
Business Impact Analysis
Data Collection
How to collect information from the
community
Questionnaire
Interview
Hybrid
Business Impact Analysis
Data Collection
Questionnaire Approach Interview Approach
Design questionnaire Develop interview guide
Develop data analysis Train interviewers
process Formal Presentation
Develop instructions Schedule interview
Cover Letter Conduct interview
Formal presentation Validate
Questionnaire distribution
Questionnaire collection
Business Impact Analysis
Data Collection
Topics to address
Mission
Service Objectives
Dependencies
Impacts over time
Critical time periods
Financial impact
Operational impact
Legal, regulatory, contractual requirements
Business Impact Analysis
Data Collection
Additional items to reference
Mission Statements
Service Objectives
Service Level Agreements
Organizational Charts
Policies and Procedures
Business Impact Analysis
Data Analysis
Quantitative Impact
Losses identified in quantities or percentages
that can be described in monetary terms
Qualitative Impact
Intangible losses that can impact operationally
but that can not be quantified in monetary
terms
Business Impact Analysis
Data Analysis
List of business functions ordered by
restoration time
Consolidation
Simplify the process
Create priority levels
Project lead confirms with management
Business Impact Analysis
Report Findings
Confirm findings with end users and
functional departments
Present formal findings to executive
management
Business Impact Analysis
Approval for Next Phase
Just when you thought it was done…
Prioritization
Dependencies/Relationships
Alternate resources
Command Centers
Coordination/Management of Response
Funding
Disaster Recovery Plan
Determine Criticality
Resources Needed
Priorities and Dependencies
Identify Applications
Identify Locations
Establish and stock resources
Inventory Checklists
Schedule for inventory assessment
Duty Managers
aka Team Leaders
Schedule and Coverage
Train
Assess Command Center Inventory
Substitution Procedure
Drills and Testing