We have assignments from the last two weeks that are due in week 8. Remember to complete and submit them if you have not already done so.
This week the course provides you with a template for a Business Impact Analysis (BIA). The assignment is for two weeks, but a draft is due next week. Once again, there is no rubric for this assignment, so we should discuss what is required.
A BIA should build a list of the assets that are critical to an organization, but it should also let you rate how important all the other assets are.
Three concepts that relate to a BIA:
The BIA process is meant to tag the things that are most important to our organization, whether they are IT systems, processes and procedures, or components of a system. We are not charged with identifying everything that is an asset. That should have already been done. We are just identifying the important things.
That being said, we need to set the scope for our inquiry. Are we determining
the important things for all users, or a subset of all users? We should
determine who the stakeholders are for the system, the division, the location,
or the function we are documenting. It would always be better to include
stakeholders for all aspects of our organization, but there may not be
time, funding, or interest in doing a BIA for the entire organization.
Some systems are more important than others because most or all of the organization depends on them, such as assets concerned with a customer making an Internet purchase. Even a short downtime for the firewalls, web server, and database server all affect the immediate experience of the buyer. However, the buyer is not immediately affected by longer downtime for the warehouse or the shipper. The customer does not expect immediate shipment or delivery, unless we have made a silly promise that such a thing will happen.
the right, you see a graph that
shows time increasing along the
x-axis, and cost increasing up
the y-axis. Its point is that as outage
time increases, cost of a disruption
increases as well. In fact, the blue line on the graph indicates
that the longer an outage lasts
the faster the costs go up. A
second curve is also shown on that graph. It shows that the costs to recover
from an outage diminish as time
goes on. The graph is similar to the ones you will see on this technet
web page. The argument to make from this data is that there is a point
where the two curves intersect, and that this point defines the time at
which the combination of outage cost and recovery cost is typically
When considering the maximum acceptable outage, you should also define
the recovery objective. You will have to specify what conditions
define "recovery" to you and your organization, else there will be internal
and external disagreements about the state of recovery having been reached.
If there is more to be done to reach recovery, obviously the cost will