mgmt 755 security risk analysis

Dr. Benjamin Khookkhoo@nyit.edu

New York Institute of TechnologyNew York Institute of TechnologySchool of ManagementSchool of Management

Objective:

To determine the effect the mission-critical information systems failure have on the viability & operations of enterprise core business processes.

Note: BIA done as part of Risk Assessment

04/20/23 2benk

Results of BIA helps determine how CRITICAL a specific:Application,System,Business Process, or Other Asset is to the enterprise.

04/20/23 3benk

Process:1. Create set of Definitions of Impact

on business (see Table 9.1)2.Create set of Impact Tables that

identify the impact thresholds for various categories (see Table 9.2)

3.Create Financial Impact worksheet (see sample table in Table 9.3)

4.Fill-in the values for various categories into the BIA worksheet (see Table 9.4)

04/20/23 4benk

Examples:

1. Accounts Payable Dept. Impact threshold level is 3-5 days(see Table 9.5)

2. Purchasing Dept. Impact threshold level is 2 days(see Table 9.6)

04/20/23 5benk

1. Define the Scope.2. Identify Assets (consider the

types/categories).3. Identify Threats & Vulnerabilities to assets

(consider the types/categories).4. Determine the Probability of occurrence.5. Determine the Impact or Criticality of

occurrence (Quantitative or Qualitative).6. Derive the Risk Level (BIA can be done here).7. Identify Safeguards/Controls (consider the

types/categories).04/20/23 6benk

8. Determine the Safeguards/Controls to Implement by Cost-Benefit Analysis.

9. Implement Safeguards/Controls.10.Continuous Monitoring & Regular Audits.

04/20/23 7benk

Thank You for a great Thank You for a great semester!!!semester!!!

Dr. Benjamin Khookkhoo@nyit.edu

New York Institute of TechnologyNew York Institute of TechnologySchool of ManagementSchool of Management