Scribd Logo
Upload

Welcome to Scribd!

  • Isc2 Cissp 1 9 1 Identify & Analyze & Prioritize BC Requirements

    Uploaded by

    trojanbaya
    17 views1 page
    The document provides guidance on identifying, analyzing, and prioritizing business continuity requirements. It outlines developing a project scope and plan, performing a business impact analysis to determine critical systems and their maximum acceptable downtime, and communicating findings. The business impact analysis process involves gathering requirements, assessing vulnerabilities, and analyzing risks both quantitatively and qualitatively.

    Original Description:

    Original Title

    isc2-cissp-1-9-1-identify-&-analyze-&-prioritize-bc-requirements

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides guidance on identifying, analyzing, and prioritizing business continuity requirements. It outlines developing a project scope and plan, performing a business impact analysis to determine critical systems and their maximum acceptable downtime, and communicating findings. The business impact analysis process involves gathering requirements, assessing vulnerabilities, and analyzing risks both quantitatively and qualitatively.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views1 page

    Isc2 Cissp 1 9 1 Identify & Analyze & Prioritize BC Requirements

    Uploaded by

    trojanbaya
    The document provides guidance on identifying, analyzing, and prioritizing business continuity requirements. It outlines developing a project scope and plan, performing a business impact analysis to determine critical systems and their maximum acceptable downtime, and communicating findings. The business impact analysis process involves gathering requirements, assessing vulnerabilities, and analyzing risks both quantitatively and qualitatively.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Identify & analyze & prioritize BC requirements

    Objectives:

    At the end of this episode, I will be able to:

    Understand and apply the recommended guidance to identify, analyze & prioritize
    Business Continuity (BC) requirements through your daily practice as an
    information security professional.

    External Resources:

    Identify, analyze, and prioritize Business Continuity (BC) requirements

    1. Develop and document scope and plan

    Project Management
    Senior Management Support (*)
    Project Scope
    Resources
    Timeline

    2. Business Impact Analysis (BIA)

    Used to determine what impact a disruptive event would have on an organization

    Goals:

    1. Determine Criticality
    2. Estimate Maximum Downtime
    3. Evaluate Internal and External Resource Requirements

    Process Steps:

    1. Gather requirements/information
    2. Vulnerability assessment
    3. Risk Analysis
    Quantitative - ALE = SLE * ARO ===> ALE = (AV*EF) * ARO
    Qualitative
    4. Communicate findings - Audience relevancy

    Determining Downtime:

    Maximum Allowable Downtime (MAD) / Maximum Tolerable Downtime (MTD)

    Recovery Time Objective (RTO)

    Work Recovery Time (WRT)

    Recovery Point Objective (RPO)

    You might also like