In one of my previous posts, I had written about Disaster Recovery and Business Continuity and the steps individuals as well as organizations can take to overcome not to mention reduce, today’s cleverly disguised cyber attacks.
Business Impact Analysis (BIA) should be a key part of the overall cyber security plan for any organization. Basically, BIA helps a company decide what needs to be recovered and in what amount of time. As part of BIA, an organization needs to identify mission critical functions and make sure they are prioritized.
All the critical functions of the organization need to be examined thoroughly to see how long can the company function without causing significant financial losses, unhappy customers, incurring substantial penalties or fines from regulators and possibly lawsuits!
Furthermore, the organization needs to decide what it’s key functions are as they relate to organization and the technology associated with it needs to be classified based on recovery priority. Another crucial point to keep in mind is that recovery time frame is based on results of not performing the function.
The planner who is part of the Business Impact Analysis team would need to classify the low, medium and high impact areas as well as the time it takes before the impact is noticed.
The fact of the matter is that today’s organizations cannot function without data. The BIA team must take into account all kinds of data associated with the organization. This is also where Recovery Time Objective (RTO), Mean Time Between Failures (MTBF), Maximum Tolerable Downtime (MTD) and Recovery Point Objectives (RPO) would come in to consideration. Stay tuned as these would be discussed in future posts. As always, you may also call the security consultants at Silex Systems for further information.