InformationSecurityandRiskManagement1.docx

Running Head: INFORMATION SECURITY AND RISK MANAGEMENT 1

INFORMATION SECURITY AND RISK MANAGEMENT 3

Information Security and Risk Management

Student’s Name:

Professor’s Name:

Date:

Question 1: Define Business Impact Analysis, Business Continuity planning and explain how BIA fits within BCP

A business impact analysis is defined as a kind of study which is used to find out the influence of interferences in a particular business. On the other hand, business continuity planning can be defined as document created in order to aid in the planning of a disaster or emergency in an organization. BIA fits in the BCP in such a way that BCP will demonstrate the steps that need to be taken during the disruption in a critical system in the business and then the BIA points at the most crucial systems or processes and the urgency of recovering or restoring them during the disruption.

Question 2: Why do you believe (or don't believe) reviewing a risk assessment plan is important

I believe that reviewing a risk assessment plan is very important for a business because; first, risks normally change from time to time. This is coherent since the business, industry as well as the environment in which your business exist will also change in one way or the other. Therefore, when you review your risk assessment plan, you will be capable of finding out novel risks that might or might not have infested your business. You will then be capable of monitoring them and also find out of the risk assessment plan is competent to deal with them (Gibson, D., 2014).

Question 3: What are risk elements?

Risk element entails the various threats and susceptibilities that risks bring to a business or part of a business. There are three processes that are used to find them out; risk identification, risk evaluation and risk response planning. These three components should be included in every process that is undertaken when managing risks ensuring efficiency. Cost benefit analysis is the simple way used to determine if one should go ahead with a project or not. In risk analysis, cost benefit analysis is used to check whether the risk elements have the capability of ruining the business and to what magnitude so that the people in charge could know the urgency of working on it (Piney, C., 2014).

Question 4: Explain your understanding of a risk mitigation plan

A risk mitigation plan is a document that almost all business organizations create in order to form ways and processes that will identify, evaluate, select as well as implement various options so that various risks are set at a level that the business can easily manage. The document specifies the following; what should be done, when the process should be done and accomplished, the person responsible, the associated cost of undertaking that activity and the schedule. “For each risk the type of mitigation strategy must be determined and the details of the mitigation described in the Risk Mitigation Plan.” (Manning, B., 2020). The main plan and reason why every company should have the mitigation plan is to guarantee that successful mitigation of risk occurs. Normally, the level of detail in the risk mitigation plan solely depends on the life-cycle phases together with the needs that need to be addressed.

Question 5: What role does a business impact analysis play in the overall risk management process?

The main objective that business impact analysis does is usually to recognize the impact that outages have on the overall business. To be specific, it figures out the crucial functions which will have more effects on a specific organization. It is also used in the analysis of mission-critical services as well as business functions. It is also significant in finding and prioritizing components by mutual relating them to various critical procedures or services and identifies the influence of qualitative and quantitative processes. Moreover, it enables organizations to determine short and long RTO categories. BIA regulates the time frame to restore every procedure or system in order to avoid impacts of the organization, for instance, data backups should happen as recurrently as possible. (Gibson, D., 2014).

Question 6: Benefits of a business impact analysis

A company or organization that has a business impact analysis is likely to enjoy some benefits. They include; first, the company will have a procedure for recovery for all systems and the business at large. It will also enable the organization to have an order of recovery which allows all employees or the professional involved to work in the same direction. It will also have a list of the very important processes that need to be done first and the ones that will be done last. It will also prioritize the BCP testing of the company since it is the starting point for the areas that will be tested for the BCP. It also measures the test competence of the BCP and it is a rational technique to the company’s backup rotation (Bedel, C., 2017).

References:

Bedel, C. (2017, August 14). What benefit is there in a business impact analysis? Banks & Credit Unions | Cybersecurity | Fill the CISO Role. https://www.bedelsecurity.com/blog/benefit-business-impact-analysis

Gibson, D. (2014). Managing risk in information systems. Jones & Bartlett Publishers.

Manning B. (2020, March 10). Risk mitigation planning. AcqNotes. https://acqnotes.com/acqnote/tasks/risk-mitigation

Piney, C. (2014, August 13). 3 essential elements of riskhttp://exclusive.multibriefs.com/content/3-essential-elements-of-risk/business-management-services-risk-management#:~:text=Given%20this%20clarification%2C%20a%20more,would%20have%20on%20project%20success.%22

Thompson J. (2019, January 24). What Makes Cost Benefit Analysis Important? https://smallbusiness.chron.com/cost-benefit-analysis-important-75211.html#:~:text=A%20cost%2Dbenefit%20analysis%20is,most%20bang%20for%20your%20buck