.

Tuesday, September 17, 2019

Lab †Risk Essay

Name and Number: CIS 333 LAB#6 Instructor Name: Professor West Lab Due Date: 19 May 2013 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations . Risk analysis doesn’t view the organization from the mission critical Business Process point of view. More over BIA perceives the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered What is the difference between a Disaster Recovery Plan and a Business Continuity Plan? Disaster recovery is the older of the 2 functions. DR planning is an essential part of business planning that – too often – gets neglected. Part of this has to do with the fact that making a Disaster Recovery plan requires a lot of time and attention from busy managers and executives from every functional department within the company. Business continuity is a newer term which was first popularized as a response to the Y2K bug. In order to stop your company from bleeding money in these situations, you need a plan that will allow the organization to continue generating revenue and providing services – although possibly with lower quality – on a temporary basis until the company has regained its bearings. 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents include? Technical backup Plan: How can you recover smoothly from technical glitches. Communications Plan: What communication will facilitate this recovery. Why is it important to have detailed backup and recovery steps within your disaster recovery plan (DRP)? 5. What is the purpose of a risk analysis? What is the purpose of a business impact analysis? Why are these an important first step in defining a BCP and DRP? The purpose of a Business Impact and Risk Assessment is to determine the approximate business value of IT assets, to assess the impact the loss of those assets would have on business units, and to assign recovery priorities to the assets. 6. How does risk analysis (RA) relate to a business impact analysis for an organization? The purpose of a Business Impact and Risk Assessment is to determine the approximate business value of IT assets, to assess the impact the loss of those assets would have on business units, and to assign recovery priorities to the assets. 7. Given the list of identified mission critical business functions and processed, what kind of company would you say this organization is, and what do you think are its most important business processes and functions? It Company; Risk Analysis & Disaster Recovery Plan to get the business up and running on the web 8. Given the prioritization list provided for the organizations identified business functions and processes, write an assessment of how this prioritization will impact the need for IT systems, applications, and data access? Recovery strategies should be developed for Information technology (IT) systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data and connectivity. Priorities for IT recovery should be consistent with the priorities for recovery of business functions and processes that were developed during the business impact analysis. IT resources required to support time-sensitive business functions and processes should also be identified. The recovery time for an IT resource should match the recovery time objective for the business function or process that depends on the IT resource. Information technology systems require hardware, software, data and connectivity. Without one component of the â€Å"system,† the system may not run. Therefore, recovery strategies should be developed to anticipate the loss of one or more of the following system components: * Computer room environment (secure computer room with climate control, conditioned and backup power supply, etc.) * Hardware (networks, servers, desktop and laptop computers, wireless devices and peripherals) * Connectivity to a service provider (fiber, cable, wireless, etc. ) * Software applications (electronic data interchange, electronic mail, enterprise resource management, office productivity, etc. ) * Data and restoration Some business applications cannot tolerate any downtime. They utilize dual data centers capable of handling all data processing needs, which run in parallel with data mirrored or synchronized between the two centers. This is a very expensive solution that only larger companies can afford. However, there are other solutions available for small to medium sized businesses with critical business applications and data to protect. 9. For the top identified business functions and processes, what recovery time objective (RTO) would you recommend for this organization and why? The RTO must match or be shorter than the MTD 10. Why is payroll for employees and Human Resources listed as a co-number 1 business priority? It is listed as a number one because it is highly what runs the office and something very important for these to parts to be correct.

No comments:

Post a Comment