BUSINESS IMPACT ANALYSIS For the project work, we would like to choose Health Insurance industry and within the Health insurance industry, we would like to discuss about security governance operations. Following is the organizational chart of key personnel in our company. Our main asset to protect is our client’s PI Data (Personal Identifiable Data). Data flows in from the client which will be stored in our secured infrastructure and since we are acting as Data custodians, it should be our topmost priority to uphold the CIA (Confidentiality, Integrity and Availability) of the data. For this purpose, we have a set of governing policies that define procedures to follow in case of an incident. This piece of document a.k.a the policy document is nothing but the Incident Response Plan (IRP). Critical business systems that needs to be protected in the event of a significant disruption are customer database which includes personal and financial information of our clients (Whitman, Mattord, & Green, 2013). In this industry, in case of an incident, it is very important to validate if it is an actual incident or a false alarm. Upon validation that the incident needs to be investigated, a meeting is setup with the relevant stakeholders and the security team to discuss the IRP plan and map the resources. In our industry, the resources are nothing but people who will be responsible for implementing IRP. These resources include roles like Case Manager, Investigation Specialist, Security Analyst, Security Engineers. Apart from these important resources, stakeholders and vendors will also be involved as needed. There are multiple phases in the IRP plan. They are: 1. Validation 2. Analysis 3. Remediation 4. Post-Incident activity/Recovery 5. Lessons learned In our company, scope of the IRP document constitutes data protection, vendor management, stakeholder regrouping, mitigative control measures. Validation: Soon after an incident is recorded, this will be the first step where a case manager would receive the case from a party that has reported the incident. He then takes up the case and reviews it and engages with the investigation team. The purpose of investigation team is to validate that the incident has actually happened to ensure that the resources are utilized in an optimal manner. The data from this phase is being fed into the Analysis phase. During the process of investigation, data attributes like the number of records, criticality of the data and parties involved Analysis: After validating the occurrence of incident, case will be forwarded to a security analyst for a review/analysis. He will dive deep and come up with an action plan on how to handle the incident. Remediation: During this phase of IRP, involved parties will be contacted to implement the security controls that were proposed by the analysis team. For example, purging the data in case of unauthorized data disclosure. In this case, we ask for deletion logs from th.

1. BUSINESS IMPACT ANALYSIS
For the project work, we would like to choose Health
Insurance industry and within the Health insurance industry, we
would like to discuss about security governance operations.
Following is the organizational chart of key personnel in our
company.
Our main asset to protect is our client’s PI Data (Personal
Identifiable Data). Data flows in from the client which will be
stored in our secured infrastructure and since we are acting as
Data custodians, it should be our topmost priority to uphold the
CIA (Confidentiality, Integrity and Availability) of the data.
For this purpose, we have a set of governing policies that define
procedures to follow in case of an incident. This piece of
document a.k.a the policy document is nothing but the Incident
Response Plan (IRP). Critical business systems that needs to be
protected in the event of a significant disruption are customer
database which includes personal and financial information of
our clients (Whitman, Mattord, & Green, 2013).
In this industry, in case of an incident, it is very important to
validate if it is an actual incident or a false alarm. Upon
validation that the incident needs to be investigated, a meeting
is setup with the relevant stakeholders and the security team to
discuss the IRP plan and map the resources. In our industry, the
resources are nothing but people who will be responsible for
implementing IRP. These resources include roles like Case
Manager, Investigation Specialist, Security Analyst, Security
Engineers. Apart from these important resources, stakeholders
and vendors will also be involved as needed. There are multiple
phases in the IRP plan. They are:
1. Validation

2. 2. Analysis
3. Remediation
4. Post-Incident activity/Recovery
5. Lessons learned
In our company, scope of the IRP document constitutes data
protection, vendor management, stakeholder regrouping,
mitigative control measures.
Validation: Soon after an incident is recorded, this will be the
first step where a case manager would receive the case from a
party that has reported the incident. He then takes up the case
and reviews it and engages with the investigation team. The
purpose of investigation team is to validate that the incident has
actually happened to ensure that the resources are utilized in an
optimal manner. The data from this phase is being fed into the
Analysis phase. During the process of investigation, data
attributes like the number of records, criticality of the data and
parties involved
Analysis: After validating the occurrence of incident, case will
be forwarded to a security analyst for a review/analysis. He will
dive deep and come up with an action plan on how to handle the
incident.
Remediation: During this phase of IRP, involved parties will be
contacted to implement the security controls that were proposed
by the analysis team. For example, purging the data in case of
unauthorized data disclosure. In this case, we ask for deletion
logs from their Splunk repository to verify data purging.
Post-Incident activity: This phase generally involves
development of security controls to avoid the re-occurrence of
the incident. This can be done in various ways like user
training, strengthening perimeter security devices/controls,
employee sanctions depending on the severity of incidents etc.,

3. Lessons learned: This is the final phase of IRP which involve
documenting the incident and learn from the incident which will
help us to avoid such incidents in the future (Margaret Rouse,
2017).
The above defined phases may change from enterprise to
enterprise depending on the size of organization and availability
of resources. IRP is very essential for an organization be
prepared for unexpected threats which will impact the
productivity and customer/vendor/stakeholder experience.
References
Margaret Rouse. (2017, October 12).
searchsecurity.techtarget.com. Retrieved from incident
response:
https://searchsecurity.techtarget.com/definition/incident-
response
Whitman, M. E., Mattord, H. J., & Green, A. (2013). Principles
of Incident Response and Disaster Recovery. New York: Course
Technology.
This the project that we have done last week and please go
through above and before you work on the below topic
Work on incident analysis and scopeOverview
In addition to the tradeoff decisions, legal issues, and the use of
automated technology to in the incident detection process,
designated groups must be a part of the Incident Analysis and
Scope determination process.
Organizations designate groups to have the primary
responsibility for dealing with unexpected situations and
reestablishing the security of the organization’s information
assets. The members of these groups are carefully selected to
ensure the appropriate range of skills. The IR Reaction team,
which will be discussed in this chapter, is responsible for

4. responding to declared incidents.Learning Activities
Readings:
· Chapter 5: Incident Response: Detection and Decision
MakingGraded ActivitiesTeam Discussion
Incident Analysis and Scope. The team discussion will continue
with this weeks topic. Be sure to discuss the topic from the
purview of your perspective team (the name of your team)