Lab #7

Student Name: Bạch Quang Lâm_HE172445

Class: IA1803

1. Performa BIA assessment and fill in the following chart:

Business Business Recovery IT Systems/Apps
Function Or Impact Time Infrastructure
Process Factor Objective Impacts
Internal and Critical Within the Server,Internet
external voice hour Network,Telephone
communications System
with customers
in real-time
Internal and Major Within an Internet, Network,
external e-mail day Email Sever
communications
with customers
via store and
forward
messaging
DNS – for Minor Within an DNS Server, VOIP
internal and hour network
external IP
communications
Internet Major Within an Email server,
connectivity for day Internet network
e-mail and store
and forward
customer
service
Self-service Major Within the Server, Internet
website for day network
customer access
to information
and personal
account
information.
e-Commerce Critical Within an Internet
site for online hour network,Server
customer
purchases or
scheduling
24x7x365
Payroll and Critical Within an Server, Internet
human hour network
resources for
employees
Real-time Critical Within an Internet
customer hour network,Server
service via
website, e-mail,
or telephone
requires CRM
Network Critical Within an Network,
management hour Helpdesksupport
and technical
support
Marketing and Minor Within the Web Server, Point of
events month Sales system
Sales orders or Major Within an Orders
customer/ hour Database,registration
student database,
registration Internetwork ,Server
Remote branch Minor Within an Remote
office sales day access,Internetwork,
order entry to VPN
headquarters
Voice and e- Major Within the Remote
mail hour access,Internetwork,
communications VPN,Server, VOIP
to remote
branches
Accounting and Critical Within the Finance
finance support: hour server,Internetwork
Accts payable,
Accts
receivable, etc.

Internal and external voice communications with customers in real-time Critical

Internal and external e-mail communications with customers via store and Major
forward messaging
DNS – for internal and external IP communications Minor
Internet connectivity for e-mail and store and forward customer service Major
Self-service website for customer access to information and personal account Major
information.
e-Commerce site for online customer purchases or scheduling 24x7x365 Critical
Payroll and human resources for employees Critical
Real-time customer service via website, e-mail, or telephone requires CRM Critical
Network management and technical support Critical
Marketing and events Minor
Sales orders or customer/ student registration Major
Remote branch office sales order entry to headquarters Minor
Voice and e-mail communications to remote branches Major
Accounting and finance support: Accts payable, Accts receivable, etc. Critical
Lab Assessment Questions

1. What is the goal and purpose of a BIA?

The Business Impact Assessment (BIA) gathers the information
needed to predict the consequences of disruptions to business
functions and processes and to develop recovery strategies.

2. Why is a business impact analysis (BIA) an important first step in

defining a business continuity plan (BCP)?
BIA identifies critical or non-critical business functions. The BIA
estimates the costs associated with a failure, including loss of cash
flow, salaries of key personnel to repair the failure, and the cost of
new equipment. BIA provides a framework for building over
BCP.

3. How does risk management and risk assessment relate to a business

impact analysis for an IT infrastructure?
Risk identification is necessary to determine the impact on your
IT infrastructure. The assessment prioritizes the categories and
risks.

4. What is the definition of Recovery Time Objective (RTO)? Why is

this important to define in an IT Security Policy Definition as part of
the Business Impact Analysis (BIA) or Business Continuity Plan
(BCP)?
RTO applications can fail and represent the time from system loss
to recovery without significant business damage.
5. True or False - If the Recovery Point Objective (RPO) metric does
not equal the Recovery Time Objective (RTO), you may potentially
lose data or not have data backed-up to recover. This represents a gap
in potential lost or unrecoverable data.
False, RPO can be 30 minutes and RTO can be 1 hour. RPO
depends on backup. This is because data that was not backed up
before the error can be deleted.

6. If you have an RPO of 0 hours – what does that mean?

RPO of 0 hours : means that no committed data should be lost
when media loss occurs

7. What must you explain to executive management when defining

RTO and RPO objectives for the BIA?
RPO determines the maximum amount of data loss that an
organization can tolerate. Organizations may need to recover this
data before it fails. It will cost you a lot. Other databases can
retrieve data once a week

8. What questions do you have for executive management in order to

finalize your BIA?
If there is money in the budget for a separate backup site, how
many of the backup servers will be stored there?
How often will we need to do a full back-up?
9. Why do customer service business functions typically have a short
RTO and RPO maximum allowable time objective?
Business customer service positions usually have shorter RTOs
because they require shorter time intervals.
The RPO should be as short as possible. Because time means
money when it comes to customer service.

10. In order to craft back-up and recovery procedures, you need to

review the IT systems, hardware, software and communications
infrastructure needed to support business operations, functions and
define how to maximize availability. This alignment of IT systems
and components must be based on business operations, functions, and
prioritizations. This prioritization is usually the result of a risk
assessment and how those risks, threats, and vulnerabilities impact
business operations and functions. What is the proper sequence of
development and implementation for these following plans?
Business Continuity Plan : 2
Disaster Recovery Plan : 3
Risk Management Plan : 4
Business Impact Analysis : 1