Business Impact Analysis 5.2 Flashcards
Mean Time to Restore (MTTR)
When hardware or software system fails. This is the average time to restore the system.
MTTR = (total downtime) / (number of breakdowns)
Mean Time to Failure (MTTF)
This is the expected lifetime of a non-repairable product or system.
MTTF/MTBF = ∑ (start of downtime - start of uptime) / number of failures
Mean Time Between Failure (MTBF)
This is a prediction of how much time we can expect between failures.
MTTF/MTBF = ∑ (start of downtime - start of uptime) / number of failures
Recovery Time Objectives (RTO)
What is the recovery time to get everything back up and running to a particular service level.
Recovery Point Objective (RPO)
How much data loss is acceptable? At what point of the recovery process, have you brought the system back to a said point?
Calculating Uptime and Availability
This is expressed as a percentage over time. You will hear the term “five nines” which means 99.999% availability. “Availability” is a negotiated definition. Especially if it’s part of your bonus.
Availability = MTBF / (MTBF + MTTR)
Mission-Essential Functions
If a disaster occurred, what functions would be essential to the org? That is where you being your analysis. These are broad business requirements. What computing systems are required for these mission-essential business functions. Identify the critical systems.
Removing Single Points of Failure
A single event can ruin your day. You can plan backups to prevent this. Backup power, secondary routers, even backup people. There is no practical way to remove all points of failure. Money drives redundancy.
Impact
Life - The most important consideration is people lives first and foremost.
Property - The risk to buildings and assets
Safety - Some environments are too dangerous to work
Finance - The resulting financial cost
Reputation - An even can cause status or character problems.
Privacy Compliance
Some compliance requires a public privacy statement. The Gramm-Leach-Bliley Act requires financial discloser, HIPPA for healthcare. You need to conduct at Privacy Threshold Analysis (PTA). Identify which business processes are privacy-sensitive. Determine if a Privacy Impact Assessment (PIA) is required.
Privacy Impact Assessment (PIA)
Ensures compliance with privacy laws and regs. What Personally Identifiable Info (PII) is collected and why. How will that PII be collected, used, and secure?
Privacy Threshold Analysis (PTA)
The first step in the compliance process. Identify business processes that are privacy sensitive. Determines if a privacy impact assessment is required.
