August 21, 2014
CIS 462 Security Strategy and Policy
Dr. J. F. Manning
Abstract
Prior to developing Business Continuity Plans the organization should complete a Business Impact Analysis (BIA). The objective of the BIA is to collect information about the business to understand the importance of the different functions within the organization. The BIA serves as the basis on which an effective BCP can be developed and put in place. Results of performing a BIA will identify and quantify how the business will be impacted during a disruption or loss of processes within the organization. Effective implementation will help the organization recover its operations …show more content…
Describe the methods for establishing component priorities, including recovery time frameworks.
"Once critical functions and processes have been determined the BIA team is then charged with assigning Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to each function. RTO 's are tiered by their level of criticality. It is important to assign appropriate RTO 's and RPO 's that meet business practices." (Linking Disaster Recovery Time Objectives to Business and Compliance Requirements). As an example, the RTO 's could be classified as:
Tier 1 – Fault-tolerant with no impact on the users. If the system goes down, a built in recovery plan gets implemented with no data loss.
Tier 2 – RTO is set to meet the 24 hour time window. At this level organizations will need to have alternative solutions and equipment required to bring systems back online.
Tier 3 – RTO is set to meet the 48 hour time window. This level applies to companies with off-site locations such as data center where operations can be shifted to an alternate …show more content…
A natural disaster or serious disruption can create a chain reaction that ripples through the business community and impacts the local or regional economy." (Business Impact Analysis)
From a planning and implementation perspective people are a major factor in business continuity efforts. When a natural disaster strikes, some or all of your employees will be impacted. Loss of life or serious injury is a real possibility. As you evaluate business functions and processes, you will also need to identify key positions, knowledge, and skills needed for business continuity. "The BC/DR plan needs to look at key positions within the company and understand the role of each in the business continuity realm." (Business Impact