Business Impact Analysis (BIA)
For any kind of operations it would be wise to ensure that the most critical business processes and the systems supporting those are well designed and protected. In order to understand what is mission critical for an organisation to achieve its mission, business impact analysis needs to be assessed. This can be viewed as a mini risk assessment. This will only look at the business processes and nothing below that (non- IT/non-technical components). The BIA will help the activities to focus the attention for the more detailed risk assessment, given that the risk assessment is way more detailed, it takes a lot of time and resources, therefore activities should really focus on the critical business processes and nothing beyond. The outcome of this activity will feed into the risk assessment, which will then establish the security measures required to protect the business.
The risk assessment is a detailed analysis of threats and vulnerabilities present in the organisation endangering the operations. The exercise requires profound knowledge of risk management practices and experience on how to manage the activity to avoid unnecessary workload and also on how to treat the risks. One thing to be born in mind, the decision should not be expected from the risk management experts, it is always the given company’s management that is ultimately responsible for taking the decision.