Assignment
Follow the instructions provide answers to questions: 5, 7, 9, 10, 13, and 14.
Managing Risk
in Information
Systems
Powered by vLab Solutions
JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
LABORATORY MANUAL TO ACCOMPANY
VERSION 2.0
INSTRUCTOR VERSION
Copyright by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
64
Introduction
The purpose of a business impact analysis (BIA) is to identify applications and data access
requirements in an IT infrastructure. The BIA helps you assess affected IT systems, applications,
and resources and align them with their required recovery time objectives (RTOs). It then helps
you prioritize the identified mission-critical business functions so you know how IT systems,
applications, and resources are impacted.
In this lab, you will define a BIAs goal and objective, you will identify where the BIA fits in the
business continuity plan (BCP), you will identify mission-critical applications and data access
requirements, you will perform a BIA qualitative assessment approach, and you will create a
BIA executive summary report for management.
Learning Objectives
Upon completing this lab, you will be able to:
Define the goal and objective of a business impact analysis (BIA).
Identify where a business impact analysis (BIA) fits within a business continuity plan (BCP).
Identify mission-critical applications and access to data requirements for a given scenario.
Perform a business impact analysis (BIA) utilizing a qualitative assessment approach.
Create a business impact analysis executive summary report for management.
Lab #7 Performing a Business Impact Analysis for a
Mock IT Infrastructure
Copyright by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
66 | LAB #7 Performing a Business Impact Analysis for a Mock IT Infrastructure
Hands-On Steps
Note:
This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft
Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing
application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab
deliverable files.
3. On your local computer, open a new Internet browser window.
4. Using your favorite search engine, search for information on a business impact analysis
(BIA).
5. Define BIA.
6. Using your favorite search engine, search for information on a business continuity plan
(BCP).
7. Define BCP and explain how a BIA fits within a BCP.
8. Review the business functions in the following table:
Business Functions
Internal and external voice communication with customers in real time
Internal and external e-mail communication with customers via store and forward messaging
Domain Name Server (DNS) for internal and external Internet Protocol (IP) communications
Internet connectivity for e-mail and store and forward customer service
Self-service Web site for customer access to information and personal account information
e-Commerce site for online customer purchases or scheduling 24 x 7 x 365
Payroll and human resources for employees
Real-time customer service via Web site, e-mail, or telephone requires customer relationship
management (CRM)
Network management and technical support
Marketing and events
Sales orders or customer/student registration
Remote branch office sales-order entry to headquarters
Voice and e-mail communications to remote branches
Accounting and finance support: Accounts payable, Accounts receivable, etc.
9. List a qualitative business impact value of Critical, Major, Minor, or None for each
function.
Copyright by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
67
Copyright 2015 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved.
www.jblearning.com Instructor Lab Manual
Note:
For a descriptive comparison of qualitative versus quantitative risk assessment, read this article:
http://www.sans.edu/research/leadership-laboratory/article/risk-assessment.
10. List the IT systems, applications, and resources that are impacted for each of the
functions.
11. In the address box of your Internet browser, type the URL
http://searchdisasterrecovery.techtarget.com/feature/Using-a-business-impact-analysis-BIA-
template-A-free-BIA-template-and-guide/ and press Enter to open the Web site.
12. Read the article titled Using a business impact analysis (BIA) template for guidance on
writing a business impact analysis. Consult the article for the meaning of the terms
recovery time objective (RTO) and recovery point objective (RPO).
13. In your Lab Report file, assess the recovery time objectives (RTO) for each of the
impacted IT systems, applications, and resources.
14. Write a four-paragraph executive summary that includes the following:
Goals and purpose of the BIA (unique to your scenario)
Summary of findings (business functions and assessment)
Prioritizations (critical, major, and minor classifications)
IT systems and applications impacted (to support the defined recovery time
objectives)
Note:
This completes the lab. Close the Web browser, if you have not already done so.
Copyright by Jones & Bartlett Learning, LLC, an Ascend Learning Company – All Rights Reserved.
Pages from 9781284058680_ILMx_Risk20
