CIS 462 Business Impact Analysis

Strayer CIS 462 Security Strategy and Policy, Assignment 2: Business Impact Analysis, 8 pages, 1282 words, Graded A, Security Policies and Implementation Issues
In order for an organization to develop an effective business continuity plan or disaster recovery plan, it must know what information assets it has, their impact on business operations, and the criticality and priorities associated with the information systems and assets. The primary objective of a business impact analysis (BIA) is to identify the assets that are required for continued business operations in the event of an incident or disaster. Thus, a critical step in the development of an effective BIA includes establishing component priorities and determining component reliance and dependencies. Additionally, organizational personnel must know their responsibilities during recovery efforts.
Write a three to five page paper in which you:
1. Describe the methods for establishing component priorities, including:
a. Business functions and processes
b. BIA scenarios and components
c. Financial and service impact of components not being available
d. Recovery time frameworks
2. Describe the methods for determining component reliance and dependencies, including:
a. Component dependencies
b. Resources required to recover component in the event of failure
c. Human assets needed to recover components
3. Provide recommendations for the development of the BIA, management and other personnel responsibilities, and educating company personnel that would be involved in the recovery efforts.
Exclusive and Original document Available only on Course Answer


Download Now
(sent via email)



Discussion 1

Imagine that you are part of an organization that has recently formed an incident response team (IRT). You need to draft an initial address to the team members. Respond with your initial address to the team members overviewing the elements of the incident response team charter and the potential challenges that an IRT could encounter. Congratulations on being selected as part of the incident response team (IRT). Execution of the plan that we collectively develop will be performed by the IRT Team Leader, Incident Lead, Support Members, IT contact, Management-, Legal-, Public Relations- Representative and additional IT Incident Responders. This does not absolve other employees of their responsibility to know how to write an incident report and become educated and drilled on proper incident response for security or disaster related issues. As members of the IRT, you will be challenged and required to think outside the box. You will also be held accountable for your roles and expected to remain fully engaged in situation awareness for the purpose of updating and adjusting documentation to adjust with the evolving changes of our environment. Thank you for your commitment and dedication to the team and I look forward to working personally with each of you. Determine the actions of the incident response team that are the most critical in the event of a major incident or disaster. In the event of a major incident or disaster, implementing drills and being flexible in actual real world situations are the most critical. While drills are important for sustaining a controlled environment and assist in keeping people aware of what is expected and required in the event of a live disaster or incident, the unexpected and unplanned incidents that require quick thinking and natural reaction are often the most critical and are utilized as the lessons learned for future responses. Drills keep everyone on target and help protect assets.

Discussion 2

Describe the critical actions of all employees during a major incident or a disaster. The best thing that employees should do during a major incident or disaster is to follow directions and stay out of the way. Everyone cannot be a hero when it comes to incidents or disasters, and it is important for employees to understand that their safety is what is most important to the organization. If the leadership says that all employees should head home for the day, then employees should do that. They should stop everything else and head out of the door. This ensures safety and makes room for responders. Prior to the incident, all employees should have had training or have access to documentation stating what to do in certain incidents. When the incident occurs, employees should have a general idea of the plan and know who is in charge and where to take orders from. Describe the critical actions of management during a major incident or a disaster. Management is responsible for making decisions. They must remove barriers that may be slowing communication and determien what should and should not be done after an incident. Management also supports the IRT, making sure that everyone has the resources and instructions to complete the task. One of the most important decisions that management must make is whether to “pursue” or “protect”. Do we shut everything down, or do we let it happen so that we can find the attacker?