What Benefit is there in a Business Impact Analysis?
So what Benefit is there in a Business Impact Analysis?
3 min read
Chris Bedel : Nov 28, 2017
Just like in years past, the fourth quarter has been full of information security projects here at Bedel Security. Although some of the deadlines have put a strain on my time to post to this blog, I found some time this week to jot down a few thoughts that I think could be helpful to our readers if you are faced with working through any of these projects yourself.
That being said, I'll jump right into it.
This is one that's getting more scrutiny from examiners as of late. But even with the regulatory requirements, it is still an important exercise for your organization to go through because it is the measuring stick that you'll use for planning recovery of your most important assets. It is the communication tool to let your IT and other BCP staff know what the priorities are in a disaster or continuity scenario. Make sure it includes:
With a good BIA in hand, it's important to tie your prioritized order of recovery into your BCP.
We are seeing vendor management programs that are either too complicated that no one can really explain what the objective is, or it's just not getting done. Our suggestion is this:
Kind of like Vendor Management, we're seeing some really complex Incident Response Plans.
The litmus test: ask your incident response coordinator or team members to explain it to you in under 5 minutes. If they can't tell you the basic flow of responsibilities and communication, you have a problem.
Incidents can move and evolve so quickly now that time is of the essence in many situations. If your team is having to take the time to read and review the plan in the heat of battle, you are going to lose.
The keys are:
Nothing new here. I think having an asset-based framework is key, but understanding risk is really helpful too.
There's more, but I've run out of time. If you have any questions on any of these, let us know at support@bedelsecurity.com. Or if you want help with any of these projects, or similar information or cyber security projects, we'd be glad to help.
So what Benefit is there in a Business Impact Analysis?
In our work, we're finding that banks and credit unions are still struggling to differentiate between vendor risk assessments and information...
"Are we just checking off boxes with regulators, or were there actual benefits in performing a business impact analysis (BIA)?" It's the type of...