Lab #7: Assessment Worksheet

Part A – Perform a Business Impact Analysis for an IT Infrastructure

Course Name: Risk Management in Information Systems(IAA202)

Student Name: Vũ Đức Quý (HE176123)

Lab Due Date: Today

Overview
When performing a BIA, you are trying to assess and align the affected IT systems, applications, and
resources to their required recovery time objectives (RTOs). The prioritization of the identified
mission critical business functions will define what IT systems, applications, and resources are
impacted. The RTO will drive what kind of business continuity and recovery steps are needed to
maintain IT operations within the specified time frames.

1. Perform BIA assessment and fill in the following chart:

Business Function Or Process Business Impact Recovery Time IT Systems/App Infrastructure Impacts
Factor Objective

Internal and external voice Critical 8 hours Server, Infra/Internet, Network, Telephone
communications with system
customers in real-time

Internal and external e- mail Critical 8 hours Intra/Internet, Network, Email

communications with server
customers via store and
forward messaging

DNS – for internal and external Minor 24 hours Email server, DNS, network
IP communications

Internet connectivity for e- mail Minor 24 hours Web servers, email server,
and store and forward customer LAN, WAN network
service
Self-service website for Critical 2 hours Web servers, customer database,
customer access to information account application, WAN
and personal account
network
information

e-Commerce site for online Critical 1 hour Web servers, inventory database,
customer purchases or scheduling application, purchase
scheduling 24x7x365 application, WAN network,
internet access

Payroll and human resources Major 24 hours Employee database, payroll

for employees application, LAN

network

Real-time customer service via Critical 2 hours Web servers, email servers, CRM
website, e-mail, or telephone application, CRM database
requires CRM

Network management and Major 24 hours LAN, WAN network, internet

technical support access, remote management

Marketing and events Minor 1 week Marketing and event planning application

Sales orders or customer/ Critical 2 hours Web server, account application, internet
student registration access, inventory database

Remote branch office sales Critical 8 hours VPN application, internet access,
order entry to headquarters inventory database
Voice and e-mail Critical 8 hours Email server, DNS, LAN, WAN
communications to remote network
branches

Accounting and finance Major 24 hours Account application, customer and

support: Accts payable, Accts employee database, LAN network
receivable, etc.

Part B – Craft a Business Impact Analysis Executive Summary

Craft a BIA executive summary, follow this structure and format:

Your scenario: (EX. Viettel corporation) City Central Hospital

a. Goals and purpose of the BIA – unique to your scenario

- The main intent of a BIA is to identify which assets are required for the business to recover and
continue doing business, for example: patients profiles, employee’s payment,…
b. Summary of Findings – business functions and assessment

c. Prioritizations – critical, major, and minor classifications

- Self-service website for customer access to information and personal account information:
Critical
- Payroll and human resources for employees: Major
- Network management and technical support: Major
d. IT systems and applications impacted - to support the defined recovery time objectives