Page 85 - Cyber Warnings
P. 85
Business Impact Analysis (BIA) Phase
This phase involves conducting series of detailed interviews with the key BU personnel to
develop an understanding about the -
1. Legal and contractual requirements
2. Critical business processes
3. Regulatory issues and constraints
4. Supply chain business partners
5. Customer interfaces
6. Primary and back-up staffing (i.e. skill set)
7. Technology support platforms
8. External environmental interfaces (e.g. power, communications, utilities)
9. Physical site constraints (e.g. location, accessibility)
A key outcome of this phase is the creation of a process diagram that shows -
The interactions with the clients
1. The interactions between Business Units
2. The critical processes
3. The assumptions, constraints and dependencies/interactions between these
processes
4. The interactions with the suppliers, vendors, internal and external entities
all of which gives a comprehensive pictorial view of both the physical and business
environment.
This diagram enables to quickly interpret and identify –
How the problem in one process could impact several other downstream and or
inter-related processes across the organization
1. The risks attributable to a process and its interface(s)
2. The impact of an interruption of the process on the BU and on the overall
organization (in dollar terms, time/cost to replace or repair the disrupted
process/service, extent of the SLA breach)
3. How the impact of the interruption would change over time (depending upon the
duration of outage)
4. The feasible options to mitigate the risk of disruption in the first place
5. The options to reduce the impact
6. The primary and secondary backup options
Equipped with the above details its now possible to segregate the business into list of critical
and routine business processes thus creating a risk prioritized matrix as follows –
85 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
