[CCCure CISSP] Question on BIA

Antong antongkwek-mainan at yahoo.com
Tue Mar 23 01:24:10 EDT 2010 

I think 'dependencies' is the answer. I think the word 'mapping' below mean for dependencies.

Below what OIG book page 359-360:Business Impact Assessment (BIA). 
enterprise management with a prioritized list of time-critical business processes,
and estimate a recovery time objective (RTO) for each of the timecritical
processes and the components of the enterprise that support
those processes.Executive management must understand the potential losses or impacts
to the organization as precisely as possible to allocate resources to the
continuity planning process. It is vital that they thoroughly understand the
time-critical business processes. The BIA is where this information is gathered,
analyzed, consolidated, and presented with recommendations
(including next steps and rough order of magnitude cost). Another important
outcome of the BIA is the 'mapping' of time-critical processes to their
constituent support resources (i.e., IT servers and applications, infrastructure
and networks, facilities space requirements, business partner connectivity,
etc.).

Cheers 
Antong Kwok
Email disclaimer: http://bit.ly/9Hk8Dt






________________________________
From: Clement Dupuis <clement.dupuis at cccure.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Sent: Tue, 23 March, 2010 6:32:29
Subject: Re: [CCCure CISSP] Question on BIA

Very good answer so far,

However, it is not always about what me and you think is the correct answer.  It is about what ISC2 believes is the correct answer.

Unfortunately I do not have access to my reference books right now as I am on the road teaching.

Could someone look this up in the official book to see what they say.

Thanks

Clement

Clément Dupuis, CD
CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS,  ACE
----------------------------------------------------------------------------------------------
In real life:
Senior Security Specialist and Instructor
Security University
>>  Call me to get the best CISSP training  <<
----------------------------------------------------------------------------------------------
In Cyberspace:
President/Security Evangelist/Chief Learning Officer (CLO)
The CCCure Family of Portals
----------------------------------------------------------------------------------------------
Business:  407 479 3903
Fax:          407 264 8396 

Maintainer of :
The CCCure Family of Portals
http://www.cccure.org    

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org   

Knowledge sharing and giving back to the community



On Mon, Mar 22, 2010 at 12:11, <An.Dang at do.treas.gov> wrote:


>I think "priorities" is more important in a contingency plan for disaster recovery.  "Dependencies" and "service levels", I think, are better answers for this question.
>
>
>
>-----Original Message-----
>From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org] On Behalf Of cisspstudy-request at cccure.org
>Sent: Monday, March 22, 2010 12:00 PM
>To: cisspstudy at cccure.org
>Subject: CISSPstudy Digest, Vol 21, Issue 27
>
>Send CISSPstudy mailing list submissions to
>       cisspstudy at cccure.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>       http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>or, via email, send a message with subject or body 'help' to
>       cisspstudy-request at cccure.org
>
>You can reach the person managing the list at
>       cisspstudy-owner at cccure.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of CISSPstudy digest..."
>
>
>Today's Topics:
>
>  1. Question on BIA (Anees Ghosh)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Mon, 22 Mar 2010 01:07:06 -0500
>From: Anees Ghosh <aneesghosh at hotmail.com>
>To: <cisspstudy at cccure.org>
>Subject: [CCCure CISSP] Question on BIA
>Message-ID: <SNT136-w104380A00592357A61719CC8270 at phx.gbl>
>Content-Type: text/plain; charset="iso-8859-1"
>
>
>Hi,
>
>I found the following quesiton on freepracticetests.org and am confused about the answer.
>
>
>Which of the following should be emphasized during the business impact analysis (BIA) considering that the BIA focus is on business processes?
>
>composition
>priorities
>dependencies
>service levels
>
>
>The correct answer is "dependencies" with the following explanation.
>
>In performing the Business Impact Analysis (BIA) it is very important to consider what the dependencies are. You cannot bring a system if it depends on another system to be operational. You need to look at not only internal dependencies but external as well. You might not be able to get the raw materials for your business so dependencies are very important aspect of a BIA.
>
>My thoughts are as following: The BIA phase helps the organization identify the business processes and MTD for each. Based on the MTD, and financial impact a priority is defined and then further analysis is done to ensure this process is part of the BCP plan. Shouldnt priority be the answer? After the critical process is identified, this is when we will ensure all dependiencies are taken care of.
>
>
>
>Appreciate the help!
>
>Regards
>Anees Ghosh
>
>
>
>_________________________________________________________________
>Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox.
>http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_1
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100322/5b9434fc/attachment-0001.html>
>
>------------------------------
>
>_______________________________________________
>CISSPstudy mailing list
>CISSPstudy at cccure.org
>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
>End of CISSPstudy Digest, Vol 21, Issue 27
>******************************************
>
>_______________________________________________
>CISSPstudy mailing list
>CISSPstudy at cccure.org
>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
The goal of the BIA is to provide 


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100322/608473d1/attachment-0001.html>

More information about the CISSPstudy mailing list