CompTIA® Security+ Exam Notes : Summarize Business Impact Analysis Concepts

5. Risk Management

5.2 Summarize business impact analysis concepts

Business Impact Assessment or Business Impact Analysis is a management-level analysis aimed at identifying a firm's exposure to sudden loss of critical business functions and supporting resources due to an accident, disaster, emergency, and/or threat. BIA involves assessing both financial and non-financial (customer service, market confidence, creditor or supplier confidence) costs during business disruption and business restoration periods. BIA is used in the development of business Disaster Recovery Plan (DRP).

Any business continuity planning preferably include the following:

  • Redundant network connectivity
  • Clustering
  • Fault tolerance using Raid or similar technique
  • Facilities management

Security policy planning should include the following:

  • Due care, acting responsibly and doing right thing.
  • Privacy, letting the employees and administrator know of the privacy issues
  • Separation of duties
  • Need to know, providing employees only the information required to perform their role or duties.
  • Password management, auditing the passwords
  • Disposal and destruction
  • Human rights policies, and
  • Incident response, should take care of response to an act.

Mean Time to Repair(MTTR): MTTR (mean time to repair) is the average time required to fix a failed component or device and return it to production status.

Mean time to repair includes the time it takes to find out about the failure, diagnose the problem and repair it. MTTR is a basic measure of how maintainable an organization's equipment is and, ultimately, is a reflection of how efficiently an organization can fix a problem.

Mean Time Between Failures (MTBF): The most common failure related metric is also mostly used incorrectly. "Mean time between failures" or "MTBF" refers to the amount of time that elapses between one failure and the next. Mathematically, this is the sum of MTTF and MTTR, the total time required for a device to fail and that failure to be repaired.

RTO/RPO: The recovery point objective (RPO) and the recovery time objective (RTO) are two very specific parameters that are closely associated with recovery. The RTO is how long you can basically go without a specific application. This is often associated with your maximum allowable or maximum tolerable outage.

RPO limits how far to roll back in time, and defines the maximum allowable amount of lost data measured in time from a failure occurrence to the last valid backup.

RTO is related to downtime and represents how long it takes to restore from the incident until normal operations are available to users

Single point of failure (SPOF): A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. SPOFs are undesirable in any system with a goal of high availability or reliability, be it a business practice, software application, or other industrial system.

Privacy Impact assessment: A privacy impact assessment (PIA) is a tool for identifying and assessing privacy risks throughout the development life cycle of a program or system.

Privacy threshold assessment: It is OPM policy to ensure that all information technology (IT) systems that collect, maintain, or disseminate information in an identifiable form have a privacy impact assessment (PIA) or privacy threshold analysis (PTA).

Previous   Contents   Next


Security+ Cram Notes Contents certexams.com ad