New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here


by: James Cha

TINFO462Week6Notes.pdf T INFO 462 - Building An Information Risk Management Toolkit

James Cha
GPA 3.59
T INFO 462 - Building An Information Risk Management Toolkit
Marc Dupuis

Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

A brief overview of subjects in Chapter 12 of Managing Risks in Information Systems: more specifically, topics in Business Impact Analysis, Critical Business Functions, etc.
T INFO 462 - Building An Information Risk Management Toolkit
Marc Dupuis
Class Notes
25 ?




Popular in T INFO 462 - Building An Information Risk Management Toolkit

Popular in Information technology

This 5 page Class Notes was uploaded by James Cha on Friday February 13, 2015. The Class Notes belongs to T INFO 462 - Building An Information Risk Management Toolkit at University of Washington taught by Marc Dupuis in Winter2015. Since its upload, it has received 70 views. For similar materials see T INFO 462 - Building An Information Risk Management Toolkit in Information technology at University of Washington.

Similar to T INFO 462 - Building An Information Risk Management Toolkit at UW

Popular in Information technology


Reviews for TINFO462Week6Notes.pdf


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 02/13/15
T INFO 462 Building an Information Risk Management ToolKit Week 6 Chapter 12 Business Impact Analysis A Business Impact Analysis BIA is a study used to identify the impact that can result from disruptions in the business Focuses on the failure of or more critical information technology IT functions Basically helps identify the systems critical to the survival of an organization Survivability the ability of a company to survive loss due to a risk When working with BIAs you should have a basic understanding of 0 Maximum Acceptable Outage MAO I Identifies the maximum acceptable downtime for a system I If an outage EXCEEDS the MAO time it negatively affects the organization s mission I DIRECTLY affects the recovery time 0 Critical Business Functions CBFs I Includes functions considered vital to an organization I If a CBF fails the organization will lose the ability to perform essential operations such as selling products to customers I If an organization fails to perform the function it will lose money 0 Critical Success Factors CSFs I Includes elements necessary to perform the mission of an organization I An organization will have a few elements that must succeed in order for the organization to succeed I Example a reliable network infrastructure may be considered a CSF for many companies today BIA isn t intended to include all IT functions Instead it helps the organization identify the critical IT systems and components You identify the critical systems and components by identifying the CRITICAL BUSINESS FUNCTIONS What is a Critical Business Function CBF Any stakeholder will determine that a business function is critical If a stakeholder determines that the loss of the function will cause an unacceptable loss it is a critical function 0 The stakeholder makes this decision based on experience and opinion 0 Once it is decided as critical the stakeholder needs to dedicate resources to protect it which includes I Money I Personnel Collecting Data BIA BIA is a datagathering process and there are multiple methods to do so 0 Conduct interviews with key personnel I Improve results with a little forethought 0 Plan the interview 0 Make sure the people you are interviewing have the time to answer your questions 0 Make sure you re ready with the right questions 0 Questions should focus on CBFs and the MAO of supporting resources 0 Use questionnaires forms or surveys I Keep them limited and focused I Focus on only one process at a time 0 Host meetings or conference calls I Beneficial in that people can interact with each other which can lead to richer results I Can be difficult to gain consensus Defining the Scope of Your BIA It is important to define the scope of a BIA early in the process Scope defines the boundaries of the plan 0 Defining the scope helps ensure that the BIA is focused o Ensures that you analyze the correct functions 0 Affected by the size of the organization Objectives of a Business Impact Analysis The overall objective of the BIA is to identify the impact of outages 0 Specifically the goal is to identify the critical functions that can affect the organization I After identifying the critical functions you can identify the critical resources that support these functions 0 Each resource has an MAO and an impact if it fails 0 Ultimate goal is to identify the recovery requirements I You gather input from process owners and experts I Helps identify the CBFs and the critical resources that support them I You then identify the impact and MAO of the resources I Last you determine the recovery requirements from the MAO An indirect objective of the BIA is to justify funding After you ve identified the recovery requirements in the BIA you identify controls to support these requirements in the BCP o If the impact is high it is cost effective to spend money to prevent the outage Identifying Critical Business Functions Unless you own the process the critical business functions are NOT always apparent o For example if you are the security expert you may not know the CBFs of a Web site The Web server is the obvious component but there are others I By interviewing or surveying the experts you can gain insight into all the components that support the Web server I It is often useful to identify the underlying steps of CBFs 0 Steps involved in an online Web site purchase 1 The customer visits the Web site 2 The customer browses the product catalog 3 The customer picks a product 4 The customer checks out 0000 5 A message is sent to the order processing application 0 6 The order is processed o In this example the critical business functions are 0 The customer accessing the web site 0 The web server accessing the database server 0 The order processing application tracking the order 0 A With this information you can identify the critical resources Identifying Critical Resources The critical resources are those that are required to support the CBFs Once you ve identified the CBFs you can analyze them to determine the critical resources for each Following the example of the web site purchase you can see how to identify the critical resources from the CBFs 0 One of the web site CBFs is the customer accessing the web site 0 The following IT resources are required to support this function nternet access The Web server The Web application Network connectivity 0 The firewall on the Internet side of the DMZ o The second CBF is the Web server s ability to access the database server 0 The database server hosts I Product Information I Customer Information Used when the customer makes a purchase and to target advertising for the returning customer I The following IT resources are required to support this function 0 Web Server 0 Web Application 0 Database server 0 Network connectivity o The firewall on the internal side of the DMZ o The third critical function is the order processing application 0 It needs to receive orders from the database server and also needs to be able to track the order until delivery I The following IT resources are required to support this function 0 The server hosting the order processing application 0 The database server 0 The warehouse application 0 Network connectivity 0 Internet access 0 In many instances there will be overlapping in the critical resources 0 Additionally facility support is required for each of these functions such as power heating and air conditioning 0 You may choose to list a resource one time for all the functions or with each function I For example all IT resources require facility support and you could list these requirements one time as follows 0 Power Uninterruptible power supplies and generators are required to ensure systems remain operational during power outages 0 Heating and air conditioning Heating andor air conditioning is required to ensure all systems can operate


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Bentley McCaw University of Florida

"I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"

Jennifer McGill UCSF Med School

"Selling my MCAT study guides and notes has been a great source of side revenue while I'm in school. Some months I'm making over $500! Plus, it makes me happy knowing that I'm helping future med students with their MCAT."

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.