Report on Information Systems Risk and Security: BIA Analysis

Verified

Added on 2023/03/17

AI Summary

This report examines the critical aspects of information systems risk and security, focusing on Business Impact Analysis (BIA) and Business Continuity Management (BCM). It begins by defining BIA as a process that evaluates the potential financial and reputational impacts of disruptions, emphasizing its systematic approach in determining acute business operations following disasters. The report then delves into BCM, highlighting its role in developing and implementing policies to manage business disruptions and build organizational resilience. Key concepts such as the importance of understanding organizational objectives, critical business activities, and resource identification are discussed. The report references the Australian government's PSPF and its requirements for BCM and heightened security. Furthermore, it explores the use of audits in assessing business continuity procedures and identifies key findings from the ANAO on establishing a governance framework. In response to BCM, the report also incorporates Darril Gibson's insights on managing risk in information systems, emphasizing the importance of a comprehensive information security framework, technical skills, and effective IT security. The report also addresses types of disruptions an organization can experience, critical services that must be delivered during disruptions, and the process of creating a business continuity plan and its relation to information risk management. The report uses sources from the assignment brief to analyze the topic of Business Impact Analysis (BIA).

Information systems risk and security 1
INFORMATION SYSTEM RISK AND SECURITY
By (Student Name)
(Course Name)
(Tutor’s Name)
(University Name)
(City)
(Date)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Information systems risk and security 2
Weekly Impact Statement
Business Impact analysis is the process which evaluates and identifies the potential
effects both financial or reputation of man-made and natural on business processes. It is a
systematic process of determining acute business operations resulted by a disaster accident. BIA
is a four phased approach which involves gathering of information, evaluating the information
collected, and preparing a report.
BCM is said to be the development, maintenance, and the implementation of policies to
assist in the management of any form of business disruption so as to build entity resilience. BCM
is an important aspect when it comes to governance, it assists in preparing and preventing from
recovering and managing from the impacts of disruptive events. To focus on business continuity,
it is very essential to have a clear understanding of the organizations objectives and its critical
business activities and functions which assists in achieving those objectives. In addition, a BCM
assists in identifying the resources which supports the priority functions. Example in Australia a
BCM is governed by what the Australian government refer to as PSPF (Protective Security
Policy Framework). The document have two mandatory requirements which are GOV 11 and
PHYSEC 7. GOV 11 requirements is agencies are required to establish a BCM so as to provide a
continued availability of the critical assets and services. PHYSEC 7 requirements is where
agencies are required to develop plans and procedures so as to heighten the security levels in
case of an emergency
Another aspect found in a BCM is audit which is used to assess the procedures and
practices of managing business continuity. With audit an organization can identify the most

Information systems risk and security 3
critical business functions and to develop the key business functions. In addition audit reviews
business continuity arrangements
Some of the key findings from ANAO on business continuity is implementing and
developing an appropriate governance framework. The framework includes the establishment of
the key responsibilities and performance review and monitoring. The Finance and CASA
developed an overall BCM framework to promote the understanding of BCM. This means that A
BCM has some advantages where some of them are identifying the most important business
functions, responding to disruptions, and contributing to the continuous improvement of the
organization (AustralianNationalAuditOffice, 2014).
In response to BCM, Darril Gibson have given an overview of how to manage risk in
information system. Managing risks in information systems assists in providing a comprehensive
over view of information security framework and policies. It also helps in examining and
software skills and the technical knowledge for policy implementation. Third and which is very
crucial it helps in the creation of an effective IT security framework and discussing the
regulatory mandates, legal considerations, and the latest governance. Lastly, managing risks
assists in examining some of the risk management strategies (Gibson, 2015, p. 34).
1. Which type of disruptions that an organization can experience? And some of the critical
services which must be delivered in case a disruption happen?
2. What is the process of creating a business continuity plan? And how is related to
Information risk management?
References

Information systems risk and security 4
AustralianNationalAuditOffice, 2014. Business Continuity Management. [Online]
Available at: https://www.anao.gov.au/work/performance-audit/business-continuity-management
[Accessed 6th Novermber 2019].
Gibson, D., 2015. Managing Risk in Information Systems. 2nd ed. s.l.:Jones & Bartlett Learning
Press.