Skip to main content

IT Infrastructure












Perform a Business Impact Analysis for an IT Infrastructure

1.     What is the goal and purpose of a BIA?
a.      The purpose of a business impact analysis (BIA) report is to describe the potential risks specific to the organization studied. One of the basic assumptions behind BIA is that every component of the organization is reliant upon the continued functioning of every other component, but that some are more crucial than others and require a greater allocation of funds in the wake of a disaster. For example, a business may be able to continue more or less normally if the cafeteria has to close, but would come to a complete halt if the information system crashes.
2.     Why is a business impact analysis (BIA) an important first step in defining a business continuity plan (BCP)?
a.      The BIA is the first step because it is used to identify the impact that can result from disruptions in the business. Without the BIA, the BCP would not identify and prioritize which systems and processes must be sustained and provide the necessary information for maintaining them.
3.     How does risk management and risk assessment relate to a business impact analysis for an IT infrastructure?
a.      Risk assessment relates to a business impact analysis by showing the amount of risk in making a business deal, by comparing the potential loss to the percent the loss could occur.
b.     Risk management relates to a business impact analysis by identifying resources and associated risks, determining their magnitude, identifying what safeguards are needed, and maintain the proper techniques to mitigate the risks.
4.     What is the definition of Recovery Time Objective (RTO)? Why is this important to define in an IT Security Policy Definition as part of the Business Impact Analysis (BIA) or Business Continuity Plan (BCP)?
a.      The RTO is the time in which the system or function must be recovered. The RTO would be equal to or less than the MAO. For example, if the MAO is one hour, the RTO would be one hour or less.
5.     True or False - If the Recovery Point Objective (RPO) metric does not equal the Recovery Time Objective (RTO), you may potentially lose data or not have data backed-up to recover. This represents a gap in potential lost or unrecoverable data.
a.      True
6.     If you have an RPO of 0 hours – what does that mean?
a.      It’s common to measure acceptable data loss in minutes, such as 15 minutes. Every minute of data loss represents lost sales revenue. So if you have an RPO of 0 hours, then that means there is no data lost.
7.     What must you explain to executive management when defining RTO and RPO objectives for the BIA?
a.      The RPOs identify the maximum amount of data loss an organization can accept. This is the acceptable data latency. For example, a database may record hundreds of sales transactions a minute. The organization may need to recover this data up to the moment of failure. This would be expensive. Another database may import data once a week. You’d only need to restore the data since the last import to ensure nothing is lost. This is less expensive.
8.     What questions do you have for executive management in order to finalize your BIA?
a.      Is there money in the budget for a separate backup site?
b.     If there is money in the budget for a separate backup site, how many of the backup servers will be stored there?
c.      How often will we need to do a full back-up?
9.     Why do customer service business functions typically have a short RTO and RPO maximum allowable time objective?
a.      Customer service business functions typically have a short RTO because the time frame needs to be short because the longer they are down, the more sales they are losing.
b.     The RPO has to be short as possible because when you’re dealing with customer service, time is money. With some organizations, 30 minutes of down time equals millions of dollars lost.
10.  In order to craft back-up and recovery procedures, you need to review the IT systems, hardware, software and communications infrastructure needed to support business operations, functions and define how to maximize availability. This alignment of IT systems and components must be based on business operations, functions, and prioritizations. This prioritization is usually the result of a risk assessment and how those risks, threats, and vulnerabilities impact business operations and functions. What is the proper sequence of development and implementation for these following plans?
a.      Business Continuity Plan :___2____
b.     Disaster Recovery Plan    :___3____
c.      Risk Management Plan    :___ 4___

d.     Business Impact Analysis:___1____

Comments

  1. VumetricMay 18, 2022 at 4:12 AM

    I can see that you are an expert at your field! I am launching a website soon, and your information will be very useful for me.. enterprise security

    ReplyDelete

Post a Comment

Popular posts from this blog

Team Management Discussion 10

The Stryker and Santoro (2012) article supports the value of face-to-face communication within teams.  As you know, improved technology has introduced many diverse communication and collaboration options.  After reading the article and the textbook, reflect and synthesize the following questions. What options have you used?  What would you consider to be the most effective in a localized team environment?  How about in a global team environment? ANS :  There are a few new correspondence innovations which have changed the correspondence media and its utilization in associations and these advancements have supplanted the conventional medium of correspondence i.e., up close and personal correspondence in the greater part of the associations. The development of new advancements at associations is to conquer the disadvantages of vis-à-vis correspondence at the working environment. A portion of the drawbacks connected with the up close and personal correspondence are they are hard to reh
1 comment
Read more

All Quiz's Management Information Systems

Which of the following is not a benefit of virtualization? Select one: a. Energy efficient and scalable b. More efficient use of data storage c. Less memory-intensive   d. Lower total cost of ownership Question  2 Correct 1.00 points out of 1.00 Flag question Question text The business architecture describes __________. Select one: a. How specific apps are designed and how they interact with each other. b. How an enterprise’s data stores are organized and accessed. c. The hardware and software infrastructure that supports applications and their interactions. d. The processes the business uses to meet its goals.   Question  3 Correct 1.00 points out of 1.00 Flag question Question text Which of the following is not one of the reasons for information deficiencies? Select one: a. Data silos b. Lost or bypassed data c. Distributed systems   d. Non-standardized data formats Question  4 Correct 1.
1 comment
Read more

Flash Cards - #2017

Which of the following statements is true regarding data privacy laws? No European country has a unified data privacy law at the national level. The United States has a unified data privacy law at the national level. The Health Insurance Portability and Accountability Act (HIPAA) only protects consumers in a single industry. The Gramm-Leach-Bliley Act (GLBA) protects consumers in all industries. 1.       States with no security breach law include: New York, Ohio, and Pennsylvania. Alabama, New Mexico, and South Dakota. Illinois, Indiana, and Michigan. California, Colorado, and Kansas. 1.       Mississippi’s security breach law is: Miss. Code § 23-62-31. Miss. Code § 51-42-19. Miss. Code § 75-24-29.
1 comment
Read more