The paper "Information Security the Using Business Impact Analysis " is a good example of a capstone [roject on information technology. The need of enhancing information security has become an essential and integral part of any business across the world. To mitigate any form of information attack, businesses must draft and maintain a comprehensive BIA (Business Impact Analysis), which is a process designed at prioritizing functionalities of a business by assessing potential quantifiers, both qualitative and quantitative impacts. For Automotive Paint Suppliers, serving more than 1000 customers in Western Australia, the need of coming up with an incident response and disaster recovery regarding information security is an urgent issue, based on the fact that more than 80% of businesses fail if faced by any form of information attack.
Information security is a method adopted in protecting information and information systems from any form of use, access, disruption among other aspects. Some of the causes of information insecurities result from failure or acts of human error and compromise to intellectual property (Erbschloe, 2003). For APS, it is essential for the IR team to understand the firm and the enemies to manage its risk in BIA.
By coming up with the appropriate contingency plan, APS will be able to anticipate, react to, and recovering from events that may threaten the firm at any time. To prepare and respond to incidences, APS will take the necessary measures to mitigate the information failures. Activities such as budgetary activities, BIA data collection, and subordinate plan classification are all crucial in the formation of APS BIA. BIA will also help APS to respond, prepare, organize, and prepare for incidences, which may face the information systems at any time.
This will include planning before and after the occurrence of any given incidents as well as the necessary training to the IR teams. Through the BIA system, APS will be able to address the aspect of incident response such as decision and detection making, identification of real threats, classification of IDS network placements among other notable aspects. In conclusion, firms should come up with a detailed BIA system, which addresses most if not all eventualities leading to business discontinuity both in the short and long short (Madanat, 1996). 1.0 Introduction Business impacts analysis is a vital component of an organization's continuance plan.
BIA consists of explanatory components that reveal all possible vulnerabilities and planning components aimed at developing strategies for risk mitigations. The result of BIA is a report, which describes potential risks that are specific to business investigated. One of the main assumptions behind the BIA (Business Impact Analysis) is the fact that each component of a given business is reliant on the continued functioning of each other component, although some are crucial as compared to the others.
The BIA also assumes that the risk management controls have been bypassed failed or are ineffective. The crucial ones require more focus in areas such as allocation of funds and close monitoring in the wake of the disaster before the risk is mitigated. For instance, an organization may continue less efficiently if the cafeteria is closed, but may come to complete halt should areas such as information system stop functioning.
Bishop, M. (2003). Computer security: Art and science. Boston: Pearson Education.
Elliot, D. & Swartz, E. (2009).Just waiting for the next big bang: business continuity planning in the UK finance sector. Journal of Applied Management Studies, Vol. 8, No, pp. 43-60. Here: p. 48.
Erbschloe, M. (2003). Guide to disaster recovery. Boston: Course Technology.
Gollmann, D. (2006). Computer security (2nd ed.). New York: Wiley & Sons.
Madanat, S. (1996).Decision-Making System for Freeway Incident Response Using Sequential Hypothesis Testing Methods. Journal of the Transportation Research Board Publisher. Volume 1554 / 1996 .Pages 228-235
Mitnick, K. (2002). The art of deception: Controlling the human element of security. Indianapolis: John Wiley & Sons.
Pfleeger, C., Pfleeger, S. (2007). Security in computing (4th ed.). New Jersey: Prentice-Hall .
POA Publishing, (2003). Asset protection and security management handbook. Boca Raton: Auerbach Publications.
Power, D. & Gannon, M. (2006).Strategic Management Skills.MA: Addison-Wesley
Schneier, B. (2000). Secrets and lies: Digital security in a networked world. New York: Wiley & Sons.
Schneier, B. (2003). Beyond fear: Thinking sensibly about security in an uncertain world. New York: Copernicus Books.
Toigo, J. (2003). Disaster recovery planning: Preparing for the unthinkable. New Jersey: Prentice Hall.
Verton, D. (2003). Black ice: The invisible threat of cyber-terrorism. Emeryville: McGraw-Hill/Osborne.
Whitman, H. (2007). Principles of incident response and disaster recovery. Virginia: Thomson Course Technology