A business impact analysis is an integral part of any Risk Assessment
activity, the impact levels for the assessment parameters of
Confidentiality, Integrity and Availability are determined based on an
analysis of the responses received from a Business Impact Analysis
Business Impact Analysis (BIA) is a vital step towards understanding the
risk posture that a potential threat and vulnerability impacts the
confidentiality, integrity and availability of specific information assets.
BIA involves a series of meetings with various asset owners and
administrators to discuss understand and evaluate security risks. During
such meetings various questions and discussion takes place and the various
attendees will be involved in rating asset criticality. The end product is a
detailed report that identifies the risk impact on the organization legal,
business or availability.
A Business Impact Analysis (BIA) questionnaire is administered to gather
the required information with respect to the financial impact to the client
in the case of compromise to the security of the systems under review.
During this phase, ratings are assigned to impact parameters that would have
an impact on the business of the organization based on the responses
received from the business owners.
The end product is a report that clearly identifies the impact of threats
and vulnerabilities for the assets under assessment.