[Cisspstudy] Interpretation please

Holland, Brandon hollandb at frmaint.com
Mon Jun 22 11:58:44 EDT 2009 

Remember, the BIA is analyzed BEFORE the impact ever might occur.  This
isn't during the impact.

Hari, I think you're getting MTD mixed up with service level agreements.
MTD is analyzed in the BIA to help determine the impact of a disaster.
If you exceed your MTD, it's not a matter of a contract violation, your
business is OUT of business.  There would be no benefit in making an SLA
that would have a violation for exceeding your MTD on something, because
by the definition, when you exceed that, you're done.

The whole section Shon Harris goes over on Business Impact Analysis
talks about analyzing, and mapping these impacts to various points, one
of them being the MTD.  That's why I'm really thinking that question
should NOT be MTD in that question.  In that whole chapter in her book,
I can't even find a point about "Employee Morale" anywhere.  I'd be
interested in hearing some more viewpoints on this question, though.

-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org] On Behalf Of Hari Shankara
Krishna.H
Sent: Monday, June 22, 2009 9:32 AM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] Interpretation please

Hello Phil,

I am also preparing for CISSP but have'nt reached till the chapter
Business Continuity & Disaster Recovery. But I tried to understand this
question logically and this is my take on it:

Question: A disaster has occured (may be a fire outbreak), and this has
impacted my business. Now I need to measure the impact to understand
what is the loss & liability. For that, out of the four options, I will
consider Choice A as I need to know what are the legal & regulatory
situations that I'll have to face. I'll also consider Choice B, as I can
know the extent of impact on my business, to good extent, by knowing how
much it has effected my company's reputation. Also, I'll consider my
employees's morale, b'cos if this fire outbreak makes them feel insecure
and unsafe and want to switch to another company, which is bad and so
this disaster has a considerable impact.

Maximum Tolerable Downtime, is a value that is fixed for various
time-driven Operations. This doesnt vary with different disasters. For
example, if I am an ISP and provide bandwidth to CGI, then MTD is
something that my company and your company would have agreed upon while
signing the deal. So during a fire outbreak I would consider this value
to make sure that the internet link is up before MTD expires, but
wouldnt consider it to understand the impact of fire outbreak on my
business, they're not related.

I hope that I've helped you understand the question...:-) And thanks for
sharing this question, it did make me think for a while. 

Any other viewpoints from others please?

Regards,
Hari Shankar,
Security Consultant, Bangalore.


On Sat, Jun 20, 2009 at 12:53 AM, Lamey, Phillip <phillip.lamey at cgi.com>
wrote:


	

	 

	I guess maybe I am not understanding what this question is
asking.

	 

	Does anyone see what this question is asking clearly?  

	 

	I think I need an interpretation ...

	 

	Thank you,

	 

	Phil Lamey, P.Eng.

	CGI Senior Consultant

	(506) 458-5020 ext. 5121

	 

	 

	 


	_______________________________________________
	cisspstudy mailing list
	cisspstudy at cccure.org
	http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
	
	




-- 
With Best Regards,
Hari Shankara Krishna.H
--------------------------------------------------------------------

More information about the cisspstudy mailing list