Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Lab 7

    Uploaded by

    Anh Duc
    This document contains a sample Business Impact Analysis (BIA) worksheet for an IT infrastructure that identifies critical business functions, associated systems and applications, recovery time objectives, and potential impacts. It also includes questions to assess understanding of key concepts such as the purpose of a BIA and how risk management relates. Critical systems identified include communications, e-commerce, payroll, accounting, and customer service functions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Lab 7

    Uploaded by

    Anh Duc
    2 views5 pages
    This document contains a sample Business Impact Analysis (BIA) worksheet for an IT infrastructure that identifies critical business functions, associated systems and applications, recovery time objectives, and potential impacts. It also includes questions to assess understanding of key concepts such as the purpose of a BIA and how risk management relates. Critical systems identified include communications, e-commerce, payroll, accounting, and customer service functions.

    Original Description:

    IAA

    Original Title

    LAB 7

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains a sample Business Impact Analysis (BIA) worksheet for an IT infrastructure that identifies critical business functions, associated systems and applications, recovery time objectives, and potential impacts. It also includes questions to assess understanding of key concepts such as the purpose of a BIA and how risk management relates. Critical systems identified include communications, e-commerce, payroll, accounting, and customer service functions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    2 views5 pages

    Lab 7

    Uploaded by

    Anh Duc
    This document contains a sample Business Impact Analysis (BIA) worksheet for an IT infrastructure that identifies critical business functions, associated systems and applications, recovery time objectives, and potential impacts. It also includes questions to assess understanding of key concepts such as the purpose of a BIA and how risk management relates. Critical systems identified include communications, e-commerce, payroll, accounting, and customer service functions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    Lab #7: Assessment Worksheet

    Part A – Perform a Business Impact Analysis for an IT Infrastructure


    Course Name: IA1708
    Student Name: Phạm Công Đức Anh
    Instructor Name: HE170196
    Lab Due Date: 23/3/2024

    When conducting a BIA, you are trying to assess and align the affected IT systems, applications, and
    resources to their required recovery time objectives (RTOs). The prioritization of the identified
    missioncritical business functions will define what IT systems, applications, and resources are
    impacted. The RTO will drive what type of business continuity and recovery steps are needed to
    maintain IT operations within the specified time frame

    Business Function Or Business RTO/RPO IT Systems/Apps


    Process Impact Factor Infrastructure Impacts

    Internal and external e- Critical 8h/ 0h Email server, LAN, WAN


    mail Network
    communications with
    customers via store and
    forward messaging

    Internal and external Critical 8h/ 0h Intra/Internet,


    voice Network,
    communications with Email Serve
    customers in real-time

    DNS – for internal and Minor 48h/ 24h Email server, DNS,
    external IP network
    communications

    Internet connectivity Minor 48h/24h Web servers, email


    for e server,
    mail and store and LAN, WAN network
    forward
    customer service

    Self-service website for Critical 2h/ 0h Web servers, customer


    customer access to database, account
    information and application, WAN
    personal network
    account information

    e-Commerce site for Critical 1h/ 0h Web servers, inventory


    online database, scheduling
    customer purchases or application, purchase
    scheduling 24x7x365 application, WAN
    network,
    internet access

    Payroll and human Major 24h/ 12h Employee database,

    resources for payroll application, LAN


    employees network

    Real-time customer Critical 2 hours/ 0 hour Web servers, email


    service servers, CRM
    via website, e-mail, or application,
    telephone requires CRM database
    CRM

    Network management Major 24 hours/ 12hours LAN, WAN network,


    and internet access, remote
    technical support management

    Marketing and events Minor 1 week/ 3 days Marketing and event


    planning application

    application Critical 2 hours/ 0hour Web server, account


    Sales orders or application, internet
    customer/ access, inventory
    student registration database

    Remote branch office Critical 8 hours/0hour VPN application,


    sales internet
    order entry to access, inventory
    headquarters database

    Voice and e-mail Critical 8 hours/0hour Email server, DNS, LAN,


    communications to WAN network
    remote
    branches

    Accounting and finance Major 24 hours/ 12hours Account application,


    support: Accts payable, customer and
    Accts receivable, etc. employee
    database, LAN network

    1. Why must an organization define policies for an organization’s Business Continuity and

    Disaster Recovery Plans?

    To ensure that organizations can recover from disaster and continue the business as soon as possible

    and also reduce the loss that disaster caused.

    2. When should you define a policy definition and when should you not define one?

    You should define when there are procedures or rules that needed to be documented and

    implemented, but not for every minor factor. A big one is better

    3. What is the purpose of having a Business Continuity Plan policy definition that defines the

    organization’s Business Impact Analysis?

    The BIA is the initial step in the business continuity planning process when classifying the assets

    based on their importance and risk level. This makes things easier for BCP because we know which

    one needs more attention and recovery first.

    4. Why is it critical to align the RTO and RPO standards within the policy definition itself?

    It is important because it should be clear that RPO can never be higher than RTO which would impact

    business continuity. If this happens, the organization can define it and find a solution.

    5. What is the purpose of a Business Impact Analysis (BIA)?

    The main intent of a BIA is to identify which assets are required for the business to recover and

    continue doing business.

    6. Why is a business impact analysis (BIA) an important first step in defining a business

    continuity plan (BCP)?

    It helps identify and classify factors that can impact the organization so things comes easier for BCP

    because we know which one needs more attention and recovery first.

    7. How does risk management and risk assessment relate to a business impact analysis for an

    IT infrastructure?

    Risk management shows the amount of risk in making a business deal and risk assessment identifies

    resources and associated risks, safeguards and techniques for mitigation.


    8. True or False – If the Recovery Point Objective (RPO) metric does not equal the Recovery

    Time Objective (RTO), you may potentially lose data or not have data backed-up to recover.

    This

    represents a gap in potential lost or unrecoverable data.

    True

    9. What question should an organization answer annually to update its BCP, BIA, and RTOs and

    RPOs?

    Is there any new asset? Have assets’ criticality changed? Are there new vulnerabilities for current

    assets? Are the RTO and RPO still acceptable?

    10. Why is it a good idea to have critical documentation recordkeeping defined in a policy

    definition?

    It helps when there is a similar incident, we can solve it more efficiently.

    11. From Part A - Sample BIA for an IT Infrastructure Worksheet, which systems, applications,

    and functions were mission critical to this organization?

    Internal and external communication, e-commerce site for online customers, scheduling payroll,

    accounting and finance support

    12. From Part B – Define a Policy Definition for a BCP/DRP, how did you answer the procedures

    for how to implement this policy throughout your business?

    Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are an organization's last

    corrective control when all other controls have failed! BCP/DRP may prevent or provide a remedy for

    force majeure circumstances such as injury, loss of life, or failure of an entire organization.

    13. True or False. It is a best practice to define policy definitions for an organization-wide BCP

    and DRP.

    True

    14. True or False. An organization must have a Business Impact Analysis and list of prioritized

    business functions and operations defined first prior to building a BCP and DRP.

    True

    15. Explain how having proper security controls and documented BIA, BCP, and DRP can help

    organizations reduce their business liability insurance premiums and errors and omissions
    insurance premiums.

    Because having proper security controls and documented BIA, BCP, DRP help reduce risk of disaster

    and data loss, increase customers’ trust

    You might also like