BUSINESS IMPACT ANALYSIS For the project work, we would like to choose Health Insurance industry and within the Health insurance industry, we would like to discuss about security governance operations. Following is the organizational chart of key personnel in our company. Our main asset to protect is our client’s PI Data (Personal Identifiable Data). Data flows in from the client which will be stored in our secured infrastructure and since we are acting as Data custodians, it should be our topmost priority to uphold the CIA (Confidentiality, Integrity and Availability) of the data. For this purpose, we have a set of governing policies that define procedures to follow in case of an incident. This piece of document a.k.a the policy document is nothing but the Incident Response Plan (IRP). Critical business systems that needs to be protected in the event of a significant disruption are customer database which includes personal and financial information of our clients (Whitman, Mattord, & Green, 2013). In this industry, in case of an incident, it is very important to validate if it is an actual incident or a false alarm. Upon validation that the incident needs to be investigated, a meeting is setup with the relevant stakeholders and the security team to discuss the IRP plan and map the resources. In our industry, the resources are nothing but people who will be responsible for implementing IRP. These resources include roles like Case Manager, Investigation Specialist, Security Analyst, Security Engineers. Apart from these important resources, stakeholders and vendors will also be involved as needed. There are multiple phases in the IRP plan. They are: 1. Validation 2. Analysis 3. Remediation 4. Post-Incident activity/Recovery 5. Lessons learned In our company, scope of the IRP document constitutes data protection, vendor management, stakeholder regrouping, mitigative control measures. Validation: Soon after an incident is recorded, this will be the first step where a case manager would receive the case from a party that has reported the incident. He then takes up the case and reviews it and engages with the investigation team. The purpose of investigation team is to validate that the incident has actually happened to ensure that the resources are utilized in an optimal manner. The data from this phase is being fed into the Analysis phase. During the process of investigation, data attributes like the number of records, criticality of the data and parties involved Analysis: After validating the occurrence of incident, case will be forwarded to a security analyst for a review/analysis. He will dive deep and come up with an action plan on how to handle the incident. Remediation: During this phase of IRP, involved parties will be contacted to implement the security controls that were proposed by the analysis team. For example, purging the data in case of unauthorized data disclosure. In this case, we ask for deletion logs from th.