[Cisspstudy] Interpretation please

Hari Shankara Krishna.H harryskrishna at gmail.com
Mon Jun 22 12:16:34 EDT 2009 

Hmm, I'll check on that and get back to you....

On Mon, Jun 22, 2009 at 9:28 PM, Holland, Brandon <hollandb at frmaint.com>wrote:

>
> Remember, the BIA is analyzed BEFORE the impact ever might occur.  This
> isn't during the impact.
>
> Hari, I think you're getting MTD mixed up with service level agreements.
> MTD is analyzed in the BIA to help determine the impact of a disaster.
> If you exceed your MTD, it's not a matter of a contract violation, your
> business is OUT of business.  There would be no benefit in making an SLA
> that would have a violation for exceeding your MTD on something, because
> by the definition, when you exceed that, you're done.
>
> The whole section Shon Harris goes over on Business Impact Analysis
> talks about analyzing, and mapping these impacts to various points, one
> of them being the MTD.  That's why I'm really thinking that question
> should NOT be MTD in that question.  In that whole chapter in her book,
> I can't even find a point about "Employee Morale" anywhere.  I'd be
> interested in hearing some more viewpoints on this question, though.
>
> -----Original Message-----
> From: cisspstudy-bounces at cccure.org
> [mailto:cisspstudy-bounces at cccure.org] On Behalf Of Hari Shankara
> Krishna.H
> Sent: Monday, June 22, 2009 9:32 AM
> To: The CISSP Study Mailing list
> Subject: Re: [Cisspstudy] Interpretation please
>
> Hello Phil,
>
> I am also preparing for CISSP but have'nt reached till the chapter
> Business Continuity & Disaster Recovery. But I tried to understand this
> question logically and this is my take on it:
>
> Question: A disaster has occured (may be a fire outbreak), and this has
> impacted my business. Now I need to measure the impact to understand
> what is the loss & liability. For that, out of the four options, I will
> consider Choice A as I need to know what are the legal & regulatory
> situations that I'll have to face. I'll also consider Choice B, as I can
> know the extent of impact on my business, to good extent, by knowing how
> much it has effected my company's reputation. Also, I'll consider my
> employees's morale, b'cos if this fire outbreak makes them feel insecure
> and unsafe and want to switch to another company, which is bad and so
> this disaster has a considerable impact.
>
> Maximum Tolerable Downtime, is a value that is fixed for various
> time-driven Operations. This doesnt vary with different disasters. For
> example, if I am an ISP and provide bandwidth to CGI, then MTD is
> something that my company and your company would have agreed upon while
> signing the deal. So during a fire outbreak I would consider this value
> to make sure that the internet link is up before MTD expires, but
> wouldnt consider it to understand the impact of fire outbreak on my
> business, they're not related.
>
> I hope that I've helped you understand the question...:-) And thanks for
> sharing this question, it did make me think for a while.
>
> Any other viewpoints from others please?
>
> Regards,
> Hari Shankar,
> Security Consultant, Bangalore.
>
>
> On Sat, Jun 20, 2009 at 12:53 AM, Lamey, Phillip <phillip.lamey at cgi.com>
> wrote:
>
>
>
>
>
>
>        I guess maybe I am not understanding what this question is
> asking.
>
>
>
>        Does anyone see what this question is asking clearly?
>
>
>
>        I think I need an interpretation ...
>
>
>
>        Thank you,
>
>
>
>        Phil Lamey, P.Eng.
>
>        CGI Senior Consultant
>
>        (506) 458-5020 ext. 5121
>
>
>
>
>
>
>
>
>        _______________________________________________
>        cisspstudy mailing list
>        cisspstudy at cccure.org
>        http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>
>
>
>
> --
> With Best Regards,
> Hari Shankara Krishna.H
> --------------------------------------------------------------------
>
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>



-- 
With Best Regards,
Hari Shankara Krishna.H
--------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090622/7a3aad3b/attachment.html>

More information about the cisspstudy mailing list