SlideShare a Scribd company logo

The three phases of business impact assessment

Download as DOC, PDF
Hanaysha
Hanaysha

The three phases of business impact assessment include: Phase 1 establishes a program to conduct assessments by developing impact tables, identifying systems, and ensuring reliable results. Phase 2 performs assessments by profiling systems, planning meetings, introducing assessments, having participants evaluate impacts of lost confidentiality, integrity and availability, determining requirements, and reviewing results. Phase 3 provides tools like the BIA Assistant and forms like system profiles, impact tables, and rating summaries to structure the assessment process.

Technology
1 of 4
The whole three phases:
Phase1: Business Impact Assessment The main objectives of this phase are to determine the business security requirements for a system and identify the appropriate next steps that need to be taken to adequately protect information in that system. Three objectives are achieved by assessing the possible business impact that could arise as a result of the compromise of the confidentiality, integrity and availability of information. The business impact assessment process is shown as follow: I. Establishing a business impact assessment programme Prior to conducting a business impact assessment there are a number of important programme-related elements of work that should be undertaken. These activities are generic and can be conducted at any time leading up to ensure business impact assessments are run in an effective and professional manner that reliable and
trustworthy results are produced. The key elements of work to be undertaken prior to performing a business impact assessment are: 1. Developing a Business Impact Reference Table • Determine the business impact types to be used • Determine business impact measures and values • Gain senior management sign off 2. Identifying system to be assessed II. Performing a business impact assessment 1. Preparing for a business impact assessment A: Determining the system profile The main objective of this step is to gather key background information about the system to be assessed. B: Planning the assessment To plan and prepare the meeting information for the business impact assessment. 2. Conducting a business impact assessment A: Introducing the assessment The main objective of this step is to ensure participants are adequately prepared to take part in the assessment. The key activities to be undertaken during this step of the process are: A1. Set the scene for the assessment A2. Provide overview of the system A3. Familiarize participants with the tools and forms B: Assessing business impact The purpose of this step is to ensure participants assess business impact in an objective and considered manner. The key activities to be undertaken during this step of the process are: B1: Assess possible business impact for a loss of confidentiality B2: Assess possible business impact for a loss of integrity B3: Assess possible business impact for a loss of availability C: Determining overall results The main objectives of this step are to determine the business security requirements and security classification for the system. The key activities to be undertaken during this step of the process are: C1: Transfer results to summary form C2: Determine business security requirements and overall security classification The following is an example of the business impact rating summary form:
D: Reviewing results The main objectives of this step are to: • Identify clearly the next steps to be taken after the assessment • Document all post-business impact assessment actions to be undertaken The key activities to be undertaken during this step of the process are: D1: Review results of assessment D2: Agree next steps III. Tools, Forms to use in a business impact assessment 1. Tools: a) BIA Assistant(Microsoft PowerPoint, Microsoft Excel) 2. Forms: a) Preparatory documents(e.g. invitation letter, System Profile form) b) Business Impact Reference Table c) Business Impact forms • Business Impact Rating forms(confidentiality, integrity, availability) • Business Impact Assessment Summary form

Recommended

Cg Risk Management Info Presentation
Cg Risk Management Info PresentationCg Risk Management Info Presentation
Cg Risk Management Info Presentationjlevenberg
 
Vishal
VishalVishal
VishalVishal Kadam
 
Technical Audit
Technical AuditTechnical Audit
Technical AuditSubhash sapkota
 
Controling en.
Controling en.Controling en.
Controling en.Ahmed AS
 
Performance measurement
Performance measurementPerformance measurement
Performance measurementpalmiralopezfresno
 
Using CMMI as a Framework for Organizing Software Development Process
Using CMMI as a Framework for Organizing Software Development ProcessUsing CMMI as a Framework for Organizing Software Development Process
Using CMMI as a Framework for Organizing Software Development ProcessGlen Alleman
 
Tischmak QuadChart for Company Maintenance Process
Tischmak QuadChart for Company Maintenance ProcessTischmak QuadChart for Company Maintenance Process
Tischmak QuadChart for Company Maintenance ProcessEmmett Tischmak
 
Job titl1
Job titl1Job titl1
Job titl1tinos makato
 

Recommended

Cg Risk Management Info Presentation
Cg Risk Management Info PresentationCg Risk Management Info Presentation
Cg Risk Management Info Presentationjlevenberg
 
Vishal
VishalVishal
VishalVishal Kadam
 
Technical Audit
Technical AuditTechnical Audit
Technical AuditSubhash sapkota
 
Controling en.
Controling en.Controling en.
Controling en.Ahmed AS
 
Performance measurement
Performance measurementPerformance measurement
Performance measurementpalmiralopezfresno
 
Using CMMI as a Framework for Organizing Software Development Process
Using CMMI as a Framework for Organizing Software Development ProcessUsing CMMI as a Framework for Organizing Software Development Process
Using CMMI as a Framework for Organizing Software Development ProcessGlen Alleman
 
Tischmak QuadChart for Company Maintenance Process
Tischmak QuadChart for Company Maintenance ProcessTischmak QuadChart for Company Maintenance Process
Tischmak QuadChart for Company Maintenance ProcessEmmett Tischmak
 
Job titl1
Job titl1Job titl1
Job titl1tinos makato
 
Soft mgmt
Soft mgmtSoft mgmt
Soft mgmtRishav Upreti
 
Software Testing
Software TestingSoftware Testing
Software TestingAJEET KUMAR YADAV
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Donald E. Hester
 
Technical Performance Measures
Technical Performance Measures Technical Performance Measures
Technical Performance Measures Jassfer Alina
 
Plan or review administrative systems
Plan or review administrative systemsPlan or review administrative systems
Plan or review administrative systemsANOano001
 
MOE, MOP, TPM and the IMP/IMS
MOE, MOP, TPM and the IMP/IMSMOE, MOP, TPM and the IMP/IMS
MOE, MOP, TPM and the IMP/IMSGlen Alleman
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)Corporate Registers Forum
 
CONTROL
CONTROLCONTROL
CONTROLUs MA
 
MJ Conroy site management training inspection. audits
MJ Conroy site management training inspection. auditsMJ Conroy site management training inspection. audits
MJ Conroy site management training inspection. auditsMJ Conroy Group
 
Demonstrating the Value of Process Modelling
Demonstrating the Value of Process ModellingDemonstrating the Value of Process Modelling
Demonstrating the Value of Process ModellingBPM Link
 
Hpe program rating #2 procedures
Hpe program rating #2 proceduresHpe program rating #2 procedures
Hpe program rating #2 proceduresPMHaas
 
Project manegement
Project manegementProject manegement
Project manegementSavvycom Savvycom
 
Fmea process la
Fmea process laFmea process la
Fmea process laPaul Robere
 
Systems Life Cycle
Systems Life CycleSystems Life Cycle
Systems Life CycleNirmal PR
 
Mb0044 production and operation management
Mb0044 production and operation managementMb0044 production and operation management
Mb0044 production and operation managementsmumbahelp
 
13 configuration management
13 configuration management13 configuration management
13 configuration managementrandhirlpu
 
PPP02 - Basic Preventive Maintenance Procedures
PPP02 - Basic Preventive Maintenance Procedures PPP02 - Basic Preventive Maintenance Procedures
PPP02 - Basic Preventive Maintenance Procedures Maintenance Connection
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
When Requirements Change
When Requirements ChangeWhen Requirements Change
When Requirements ChangeSeapine Software
 
How does quality monitoring process Happen in lead market?
How does quality monitoring process Happen in lead market?How does quality monitoring process Happen in lead market?
How does quality monitoring process Happen in lead market?SrinivasGowda6
 
VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaHanaysha
 
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...Hanaysha
 

More Related Content

What's hot

Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Donald E. Hester
 
Technical Performance Measures
Technical Performance Measures Technical Performance Measures
Technical Performance Measures Jassfer Alina
 
Plan or review administrative systems
Plan or review administrative systemsPlan or review administrative systems
Plan or review administrative systemsANOano001
 
MOE, MOP, TPM and the IMP/IMS
MOE, MOP, TPM and the IMP/IMSMOE, MOP, TPM and the IMP/IMS
MOE, MOP, TPM and the IMP/IMSGlen Alleman
 
CONTROL
CONTROLCONTROL
CONTROLUs MA
 
MJ Conroy site management training inspection. audits
MJ Conroy site management training inspection. auditsMJ Conroy site management training inspection. audits
MJ Conroy site management training inspection. auditsMJ Conroy Group
 
Demonstrating the Value of Process Modelling
Demonstrating the Value of Process ModellingDemonstrating the Value of Process Modelling
Demonstrating the Value of Process ModellingBPM Link
 
Hpe program rating #2 procedures
Hpe program rating #2 proceduresHpe program rating #2 procedures
Hpe program rating #2 proceduresPMHaas
 
Systems Life Cycle
Systems Life CycleSystems Life Cycle
Systems Life CycleNirmal PR
 
Mb0044 production and operation management
Mb0044 production and operation managementMb0044 production and operation management
Mb0044 production and operation managementsmumbahelp
 
13 configuration management
13 configuration management13 configuration management
13 configuration managementrandhirlpu
 
PPP02 - Basic Preventive Maintenance Procedures
PPP02 - Basic Preventive Maintenance Procedures PPP02 - Basic Preventive Maintenance Procedures
PPP02 - Basic Preventive Maintenance Procedures Maintenance Connection
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit ProcessRam Srivastava
 
How does quality monitoring process Happen in lead market?
How does quality monitoring process Happen in lead market?How does quality monitoring process Happen in lead market?
How does quality monitoring process Happen in lead market?SrinivasGowda6
 

What's hot (20)

Soft mgmt
Soft mgmtSoft mgmt
Soft mgmt
 
Software Testing
Software TestingSoftware Testing
Software Testing
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
 
Technical Performance Measures
Technical Performance Measures Technical Performance Measures
Technical Performance Measures
 
Plan or review administrative systems
Plan or review administrative systemsPlan or review administrative systems
Plan or review administrative systems
 
MOE, MOP, TPM and the IMP/IMS
MOE, MOP, TPM and the IMP/IMSMOE, MOP, TPM and the IMP/IMS
MOE, MOP, TPM and the IMP/IMS
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
CONTROL
CONTROLCONTROL
CONTROL
 
MJ Conroy site management training inspection. audits
MJ Conroy site management training inspection. auditsMJ Conroy site management training inspection. audits
MJ Conroy site management training inspection. audits
 
Demonstrating the Value of Process Modelling
Demonstrating the Value of Process ModellingDemonstrating the Value of Process Modelling
Demonstrating the Value of Process Modelling
 
Hpe program rating #2 procedures
Hpe program rating #2 proceduresHpe program rating #2 procedures
Hpe program rating #2 procedures
 
Project manegement
Project manegementProject manegement
Project manegement
 
Fmea process la
Fmea process laFmea process la
Fmea process la
 
Systems Life Cycle
Systems Life CycleSystems Life Cycle
Systems Life Cycle
 
Mb0044 production and operation management
Mb0044 production and operation managementMb0044 production and operation management
Mb0044 production and operation management
 
13 configuration management
13 configuration management13 configuration management
13 configuration management
 
PPP02 - Basic Preventive Maintenance Procedures
PPP02 - Basic Preventive Maintenance Procedures PPP02 - Basic Preventive Maintenance Procedures
PPP02 - Basic Preventive Maintenance Procedures
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
When Requirements Change
When Requirements ChangeWhen Requirements Change
When Requirements Change
 
How does quality monitoring process Happen in lead market?
How does quality monitoring process Happen in lead market?How does quality monitoring process Happen in lead market?
How does quality monitoring process Happen in lead market?
 

Viewers also liked

VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaHanaysha
 
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...Hanaysha
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaHanaysha
 
Disaster Recovery with Acronis true image
Disaster Recovery with Acronis true imageDisaster Recovery with Acronis true image
Disaster Recovery with Acronis true imageHanaysha
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
 
Vulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq HanayshaVulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq HanayshaHanaysha
 
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaNessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaHanaysha
 

Viewers also liked (7)

VPN security standards - Tareq Hanaysha
VPN security standards - Tareq HanayshaVPN security standards - Tareq Hanaysha
VPN security standards - Tareq Hanaysha
 
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...
GOVERNMENT OF AB ACTS ON PRIVACY COMPLIANCE FOR (PIPA) & (FOIP) INSTITUTION -...
 
Nessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq HanayshaNessus scan report using the defualt scan policy - Tareq Hanaysha
Nessus scan report using the defualt scan policy - Tareq Hanaysha
 
Disaster Recovery with Acronis true image
Disaster Recovery with Acronis true imageDisaster Recovery with Acronis true image
Disaster Recovery with Acronis true image
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq Hanaysha
 
Vulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq HanayshaVulnerability scanning report by Tareq Hanaysha
Vulnerability scanning report by Tareq Hanaysha
 
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq HanayshaNessus scan report using microsoft patchs scan policy - Tareq Hanaysha
Nessus scan report using microsoft patchs scan policy - Tareq Hanaysha
 

Similar to The three phases of business impact assessment

22317-DIPLOMA_SEM4_software_engg-chap-06.ppt
22317-DIPLOMA_SEM4_software_engg-chap-06.ppt22317-DIPLOMA_SEM4_software_engg-chap-06.ppt
22317-DIPLOMA_SEM4_software_engg-chap-06.pptDeepgaichor1
 
OpenERP Management system modules
OpenERP Management system modulesOpenERP Management system modules
OpenERP Management system modulesMaxime Chambreuil
 
Basic concepts of quality assurance
Basic concepts of quality assuranceBasic concepts of quality assurance
Basic concepts of quality assurancesonaliph
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice questionArshad A Javed
 
auditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfauditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfnguyenanvuong2007
 
SOC 2 certification: a Comprehensive Guide
SOC 2 certification: a Comprehensive GuideSOC 2 certification: a Comprehensive Guide
SOC 2 certification: a Comprehensive GuideShyamMishra72
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignAhmad Ammari
 
Quality management form
Quality management formQuality management form
Quality management formjobguide247
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practiceshusseinalshomali
 
Project of IT243Customer Service For Electroni.docx
Project of IT243Customer Service For Electroni.docxProject of IT243Customer Service For Electroni.docx
Project of IT243Customer Service For Electroni.docxwoodruffeloisa
 
Iso ts-implementation-webinar5-17-05
Iso ts-implementation-webinar5-17-05Iso ts-implementation-webinar5-17-05
Iso ts-implementation-webinar5-17-05Omnex Inc.
 
Quality management system process
Quality management system processQuality management system process
Quality management system processselinasimpson331
 
The optimization method of the integrated management systems audit program v2+
The optimization method of the integrated management systems audit program v2+The optimization method of the integrated management systems audit program v2+
The optimization method of the integrated management systems audit program v2+Илья Лившиц
 
Tools and Ways of Improving Quality.pptx
Tools and Ways of Improving Quality.pptxTools and Ways of Improving Quality.pptx
Tools and Ways of Improving Quality.pptxAbiolaOgunsanwo
 

Similar to The three phases of business impact assessment (20)

22317-DIPLOMA_SEM4_software_engg-chap-06.ppt
22317-DIPLOMA_SEM4_software_engg-chap-06.ppt22317-DIPLOMA_SEM4_software_engg-chap-06.ppt
22317-DIPLOMA_SEM4_software_engg-chap-06.ppt
 
Quality - An Introduction-170715
Quality - An Introduction-170715Quality - An Introduction-170715
Quality - An Introduction-170715
 
OpenERP Management system modules
OpenERP Management system modulesOpenERP Management system modules
OpenERP Management system modules
 
Basic concepts of quality assurance
Basic concepts of quality assuranceBasic concepts of quality assurance
Basic concepts of quality assurance
 
ISO 9000 & TQM.pptx
ISO 9000 & TQM.pptxISO 9000 & TQM.pptx
ISO 9000 & TQM.pptx
 
CISA exam 100 practice question
CISA exam 100 practice questionCISA exam 100 practice question
CISA exam 100 practice question
 
auditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdfauditing Fram . from the start to Reporting .pdf
auditing Fram . from the start to Reporting .pdf
 
SOC 2 certification: a Comprehensive Guide
SOC 2 certification: a Comprehensive GuideSOC 2 certification: a Comprehensive Guide
SOC 2 certification: a Comprehensive Guide
 
CIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and DesignCIS 2303 LO1: Introduction to System Analysis and Design
CIS 2303 LO1: Introduction to System Analysis and Design
 
Audit Report Model and Sample
Audit Report Model and SampleAudit Report Model and Sample
Audit Report Model and Sample
 
Quality management form
Quality management formQuality management form
Quality management form
 
IA PRESENTATION-4.pptx
IA PRESENTATION-4.pptxIA PRESENTATION-4.pptx
IA PRESENTATION-4.pptx
 
Database auditing models
Database auditing models Database auditing models
Database auditing models
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
 
Project of IT243Customer Service For Electroni.docx
Project of IT243Customer Service For Electroni.docxProject of IT243Customer Service For Electroni.docx
Project of IT243Customer Service For Electroni.docx
 
Iso ts-implementation-webinar5-17-05
Iso ts-implementation-webinar5-17-05Iso ts-implementation-webinar5-17-05
Iso ts-implementation-webinar5-17-05
 
Quality management system process
Quality management system processQuality management system process
Quality management system process
 
The optimization method of the integrated management systems audit program v2+
The optimization method of the integrated management systems audit program v2+The optimization method of the integrated management systems audit program v2+
The optimization method of the integrated management systems audit program v2+
 
Tools and Ways of Improving Quality.pptx
Tools and Ways of Improving Quality.pptxTools and Ways of Improving Quality.pptx
Tools and Ways of Improving Quality.pptx
 
module_1.pptx
module_1.pptxmodule_1.pptx
module_1.pptx
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

The three phases of business impact assessment

  • 1. The whole three phases:
  • 2. Phase1: Business Impact Assessment The main objectives of this phase are to determine the business security requirements for a system and identify the appropriate next steps that need to be taken to adequately protect information in that system. Three objectives are achieved by assessing the possible business impact that could arise as a result of the compromise of the confidentiality, integrity and availability of information. The business impact assessment process is shown as follow: I. Establishing a business impact assessment programme Prior to conducting a business impact assessment there are a number of important programme-related elements of work that should be undertaken. These activities are generic and can be conducted at any time leading up to ensure business impact assessments are run in an effective and professional manner that reliable and
  • 3. trustworthy results are produced. The key elements of work to be undertaken prior to performing a business impact assessment are: 1. Developing a Business Impact Reference Table • Determine the business impact types to be used • Determine business impact measures and values • Gain senior management sign off 2. Identifying system to be assessed II. Performing a business impact assessment 1. Preparing for a business impact assessment A: Determining the system profile The main objective of this step is to gather key background information about the system to be assessed. B: Planning the assessment To plan and prepare the meeting information for the business impact assessment. 2. Conducting a business impact assessment A: Introducing the assessment The main objective of this step is to ensure participants are adequately prepared to take part in the assessment. The key activities to be undertaken during this step of the process are: A1. Set the scene for the assessment A2. Provide overview of the system A3. Familiarize participants with the tools and forms B: Assessing business impact The purpose of this step is to ensure participants assess business impact in an objective and considered manner. The key activities to be undertaken during this step of the process are: B1: Assess possible business impact for a loss of confidentiality B2: Assess possible business impact for a loss of integrity B3: Assess possible business impact for a loss of availability C: Determining overall results The main objectives of this step are to determine the business security requirements and security classification for the system. The key activities to be undertaken during this step of the process are: C1: Transfer results to summary form C2: Determine business security requirements and overall security classification The following is an example of the business impact rating summary form:
  • 4. D: Reviewing results The main objectives of this step are to: • Identify clearly the next steps to be taken after the assessment • Document all post-business impact assessment actions to be undertaken The key activities to be undertaken during this step of the process are: D1: Review results of assessment D2: Agree next steps III. Tools, Forms to use in a business impact assessment 1. Tools: a) BIA Assistant(Microsoft PowerPoint, Microsoft Excel) 2. Forms: a) Preparatory documents(e.g. invitation letter, System Profile form) b) Business Impact Reference Table c) Business Impact forms • Business Impact Rating forms(confidentiality, integrity, availability) • Business Impact Assessment Summary form