際際滷

際際滷Share a Scribd company logo

Buisness Impact Analysis - way to justify IT spending

Konstantin Smirnov
Konstantin Smirnov

Business Impact Analysis (BIA) is a process to understand how disruptions may impact a business and justify budgets. It identifies critical resources, how losses grow over time without those resources, and costs of risk mitigation strategies. The process involves interviewing staff, analyzing dependencies and risks, and calculating potential losses under different recovery time/point objectives. Comparing implementation costs of risk reduction strategies to losses allows selecting the most cost-effective option while avoiding overspending. Proper planning and communicating frameworks are important for accurate BIA.

1 of 14
Business Impact Analysis - a way to justify budgets Konstantin Smirnov CISA, CBCP Konstantin.Smirnov@ex-oracle.org
Purpose why bother? Often cheapest strategy of doing nothing proved to be costly More often companies waste their time and money on technology/other things they do not need and will never use while ignoring simple helpful advice I want to share my thoughts, so they will act as a germ of idea for others. Absolute perfection is a myth. But we can change (what we can) to the better one little step at a time.
What is Business Impact Analysis? First of all, for those who cant remember what it is. Business Impact Analysis is: This is a way to understand what kind of resources your business relies upon and how soon it needs them if something bad happens Business Impact Analysis is a part of Business Continuity Planning an effort to help your company to get through interruptions caused by disasters, infrastructure failures, pandemics and so on.
What affects your business
How it usually goes Customers can wait a bit, theyll understand So how long can we stand still? Is it going to be expensive for us? I do not need any analysis! Let protect everything. That will make a recovery quick! Sorry, I did not know it is going to be so expensive. Maybe we do not need such a quick recovery?
So, are we doomed to lose? No! We can protect pretty much against anything! And we can recover fast! Hmm so How much expensive! Do downtime can we need this we afford? much and so fast at all?
Is there any way to make sense? You cant afford to overspend, unless you print money* The cost of doing nothing can be high business may go bust The remedy: spend a bit upfront**, so you will not spend or lose too much in the future * Not a joke. Heard it from a man from Central Bank of <> ** Not necessarily money. It could be your time still a valuable resource.
Way to make sense! Monetary losses, USD IS downtime $10 000 000.0 Risk reduction (money-wise) when RTO or RPO IS data loss is reduced to the target level RPO and RTO to comply with. $1 000 000.0 弌 Were taken from MTS Potential losses are reduced internal document 弌弌 (risk reduction RP354-1 MTS data money-wise) backup and recovery 弌 $100 000.0 Unsafe Curremnt state is compliant (losses Target are below the Safe target level) $10 000.0 Curremnt state is non-compliant (losses are above the RTO or RPO is reduced target level) to the target level $1 000.0 亟仂 2 Up to 2 from 2 to4 仂 2 亟仂 4 from 亟仂 88 仂 4 4 to from 8 to 16 仂 8 亟仂 from 16 to 32 仂 16 亟仂 32 仂 3232 to64 from 亟仂 64 于亠 64 beyond 64 Hours
Do the homework! Prepare well interview sheets, questionnaires Agree on what the losses are legal, finance, reputation, etc. Make sure the losses evaluation framework is communicated to the personnel (whom you will be interviewing)
Run a series of interviews See where the dependencies are Use common sense Use a common framework Do not make it too complicated remember, other people will have to understand it too!
Analyse the results See where critical dependencies are (and what are specific risks) See, how quickly losses grow if a particular risk scenario happens
Make sure you do not overspend* Plan the risk mitigation controls (counter-measures) Calculate two or three business cases Compare the costs of implementing each case (strategy) against risk reduction Pick the best one!* * To be continued in a separate presentation ** Sounds simple. In reality it is a bit more complicated
Some things to consider All the losses are calculated for a single event In a business case make sure you plan for 3-5 years Calculate Capex AND Opex Consider transformation costs how much it will cost to go from AS IS to WILL BE
Buisness Impact Analysis - way to justify IT spending

Recommended

BPHR Area Dimensioning
BPHR Area DimensioningBPHR Area Dimensioning
BPHR Area Dimensioning
Domenico Fama
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...
Using R for Analyzing Loans, Portfolios and Risk: From Academic Theory to Fi...
Revolution Analytics
Lecture 4
Lecture 4Lecture 4
Lecture 4
otmanjavier
Lecture 5
Lecture 5Lecture 5
Lecture 5
otmanjavier
Lecture 6
Lecture 6Lecture 6
Lecture 6
otmanjavier
Lecture 4
Lecture 4Lecture 4
Lecture 4
otmanjavier
Case write up_sample_2
Case write up_sample_2Case write up_sample_2
Case write up_sample_2
Puneet Jaggi
Debt basics
Debt basicsDebt basics
Debt basics
sudhanshuarora1
Justifying IT Spending
Justifying IT SpendingJustifying IT Spending
Justifying IT Spending
dotCMS
Marketing strategy for marketing diploma
Marketing strategy for marketing diplomaMarketing strategy for marketing diploma
Marketing strategy for marketing diploma
Charith De Silva
Marketing concept of today
Marketing concept of todayMarketing concept of today
Marketing concept of today
dipikasingh
Production Concept. Summer Homework
Production Concept. Summer Homework Production Concept. Summer Homework
Production Concept. Summer Homework
amydedman1
Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10
Muhammad Talha Salam
Marketing concepts an evolution
Marketing concepts an evolutionMarketing concepts an evolution
Marketing concepts an evolution
Sundeepkbabu Babu
Management
ManagementManagement
Management
Akila Jayarathna
Introduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsIntroduction to marketing and marketing concepts
Introduction to marketing and marketing concepts
Rishabh Maity
M&amp;CL Group
M&amp;CL GroupM&amp;CL Group
M&amp;CL Group
odelia
Indian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisIndian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic Analysis
Shashikant Tewary
Show 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioShow 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web Radio
Erin Sparks
Solo Latin Tango Prat
Solo Latin Tango PratSolo Latin Tango Prat
Solo Latin Tango Prat
HOME
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoA Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
David Yeh
Nlf Bio 2009
Nlf Bio 2009Nlf Bio 2009
Nlf Bio 2009
neilfrizzell
Vanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin TVanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin T
HOME
Guaranty Association
Guaranty AssociationGuaranty Association
Guaranty Association
bigfaz2009
Aggregate rubric scribblar
Aggregate rubric scribblarAggregate rubric scribblar
Aggregate rubric scribblar
Jen Thoman
Marketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet AnhMarketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet Anh
phamvietanh
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsAdvanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
GoogleTecTalks
QUEST Alliance Overview of work
QUEST Alliance Overview of workQUEST Alliance Overview of work
QUEST Alliance Overview of work
aakashs

More Related Content

Viewers also liked (20)

Justifying IT Spending
Justifying IT SpendingJustifying IT Spending
Justifying IT Spending
dotCMS
Marketing strategy for marketing diploma
Marketing strategy for marketing diplomaMarketing strategy for marketing diploma
Marketing strategy for marketing diploma
Charith De Silva
Marketing concept of today
Marketing concept of todayMarketing concept of today
Marketing concept of today
dipikasingh
Production Concept. Summer Homework
Production Concept. Summer Homework Production Concept. Summer Homework
Production Concept. Summer Homework
amydedman1
Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10
Muhammad Talha Salam
Marketing concepts an evolution
Marketing concepts an evolutionMarketing concepts an evolution
Marketing concepts an evolution
Sundeepkbabu Babu
Management
ManagementManagement
Management
Akila Jayarathna
Introduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsIntroduction to marketing and marketing concepts
Introduction to marketing and marketing concepts
Rishabh Maity
M&amp;CL Group
M&amp;CL GroupM&amp;CL Group
M&amp;CL Group
odelia
Indian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisIndian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic Analysis
Shashikant Tewary
Show 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioShow 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web Radio
Erin Sparks
Solo Latin Tango Prat
Solo Latin Tango PratSolo Latin Tango Prat
Solo Latin Tango Prat
HOME
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoA Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
David Yeh
Nlf Bio 2009
Nlf Bio 2009Nlf Bio 2009
Nlf Bio 2009
neilfrizzell
Vanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin TVanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin T
HOME
Guaranty Association
Guaranty AssociationGuaranty Association
Guaranty Association
bigfaz2009
Aggregate rubric scribblar
Aggregate rubric scribblarAggregate rubric scribblar
Aggregate rubric scribblar
Jen Thoman
Marketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet AnhMarketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet Anh
phamvietanh
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsAdvanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
GoogleTecTalks
QUEST Alliance Overview of work
QUEST Alliance Overview of workQUEST Alliance Overview of work
QUEST Alliance Overview of work
aakashs
Justifying IT Spending
Justifying IT SpendingJustifying IT Spending
Justifying IT Spending
dotCMS
Marketing strategy for marketing diploma
Marketing strategy for marketing diplomaMarketing strategy for marketing diploma
Marketing strategy for marketing diploma
Charith De Silva
Marketing concept of today
Marketing concept of todayMarketing concept of today
Marketing concept of today
dipikasingh
Production Concept. Summer Homework
Production Concept. Summer Homework Production Concept. Summer Homework
Production Concept. Summer Homework
amydedman1
Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10Session 1 MG 220 BBA - 9 Aug 10
Session 1 MG 220 BBA - 9 Aug 10
Muhammad Talha Salam
Marketing concepts an evolution
Marketing concepts an evolutionMarketing concepts an evolution
Marketing concepts an evolution
Sundeepkbabu Babu
Management
ManagementManagement
Management
Akila Jayarathna
Introduction to marketing and marketing concepts
Introduction to marketing and marketing conceptsIntroduction to marketing and marketing concepts
Introduction to marketing and marketing concepts
Rishabh Maity
M&amp;CL Group
M&amp;CL GroupM&amp;CL Group
M&amp;CL Group
odelia
Indian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic AnalysisIndian Railways Toilet's Ergonomic Analysis
Indian Railways Toilet's Ergonomic Analysis
Shashikant Tewary
Show 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web RadioShow 63 | Websites Are Dead | Edge of the Web Radio
Show 63 | Websites Are Dead | Edge of the Web Radio
Erin Sparks
Solo Latin Tango Prat
Solo Latin Tango PratSolo Latin Tango Prat
Solo Latin Tango Prat
HOME
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional VertigoA Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
A Single Therapy for All Subtypes of Horizontal Canal Positional Vertigo
David Yeh
Nlf Bio 2009
Nlf Bio 2009Nlf Bio 2009
Nlf Bio 2009
neilfrizzell
Vanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin TVanessa Mae Happy Valley Violin T
Vanessa Mae Happy Valley Violin T
HOME
Guaranty Association
Guaranty AssociationGuaranty Association
Guaranty Association
bigfaz2009
Aggregate rubric scribblar
Aggregate rubric scribblarAggregate rubric scribblar
Aggregate rubric scribblar
Jen Thoman
Marketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet AnhMarketing During Recession, Pham Viet Anh
Marketing During Recession, Pham Viet Anh
phamvietanh
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap IsAdvanced Gadget And Ui Development Using Googles Ajax Ap Is
Advanced Gadget And Ui Development Using Googles Ajax Ap Is
GoogleTecTalks
QUEST Alliance Overview of work
QUEST Alliance Overview of workQUEST Alliance Overview of work
QUEST Alliance Overview of work
aakashs

Buisness Impact Analysis - way to justify IT spending

  • 1. Business Impact Analysis - a way to justify budgets Konstantin Smirnov CISA, CBCP Konstantin.Smirnov@ex-oracle.org
  • 2. Purpose why bother? Often cheapest strategy of doing nothing proved to be costly More often companies waste their time and money on technology/other things they do not need and will never use while ignoring simple helpful advice I want to share my thoughts, so they will act as a germ of idea for others. Absolute perfection is a myth. But we can change (what we can) to the better one little step at a time.
  • 3. What is Business Impact Analysis? First of all, for those who cant remember what it is. Business Impact Analysis is: This is a way to understand what kind of resources your business relies upon and how soon it needs them if something bad happens Business Impact Analysis is a part of Business Continuity Planning an effort to help your company to get through interruptions caused by disasters, infrastructure failures, pandemics and so on.
  • 4. What affects your business
  • 5. How it usually goes Customers can wait a bit, theyll understand So how long can we stand still? Is it going to be expensive for us? I do not need any analysis! Let protect everything. That will make a recovery quick! Sorry, I did not know it is going to be so expensive. Maybe we do not need such a quick recovery?
  • 6. So, are we doomed to lose? No! We can protect pretty much against anything! And we can recover fast! Hmm so How much expensive! Do downtime can we need this we afford? much and so fast at all?
  • 7. Is there any way to make sense? You cant afford to overspend, unless you print money* The cost of doing nothing can be high business may go bust The remedy: spend a bit upfront**, so you will not spend or lose too much in the future * Not a joke. Heard it from a man from Central Bank of <> ** Not necessarily money. It could be your time still a valuable resource.
  • 8. Way to make sense! Monetary losses, USD IS downtime $10 000 000.0 Risk reduction (money-wise) when RTO or RPO IS data loss is reduced to the target level RPO and RTO to comply with. $1 000 000.0 弌 Were taken from MTS Potential losses are reduced internal document 弌弌 (risk reduction RP354-1 MTS data money-wise) backup and recovery 弌 $100 000.0 Unsafe Curremnt state is compliant (losses Target are below the Safe target level) $10 000.0 Curremnt state is non-compliant (losses are above the RTO or RPO is reduced target level) to the target level $1 000.0 亟仂 2 Up to 2 from 2 to4 仂 2 亟仂 4 from 亟仂 88 仂 4 4 to from 8 to 16 仂 8 亟仂 from 16 to 32 仂 16 亟仂 32 仂 3232 to64 from 亟仂 64 于亠 64 beyond 64 Hours
  • 9. Do the homework! Prepare well interview sheets, questionnaires Agree on what the losses are legal, finance, reputation, etc. Make sure the losses evaluation framework is communicated to the personnel (whom you will be interviewing)
  • 10. Run a series of interviews See where the dependencies are Use common sense Use a common framework Do not make it too complicated remember, other people will have to understand it too!
  • 11. Analyse the results See where critical dependencies are (and what are specific risks) See, how quickly losses grow if a particular risk scenario happens
  • 12. Make sure you do not overspend* Plan the risk mitigation controls (counter-measures) Calculate two or three business cases Compare the costs of implementing each case (strategy) against risk reduction Pick the best one!* * To be continued in a separate presentation ** Sounds simple. In reality it is a bit more complicated
  • 13. Some things to consider All the losses are calculated for a single event In a business case make sure you plan for 3-5 years Calculate Capex AND Opex Consider transformation costs how much it will cost to go from AS IS to WILL BE
AboutCopyright
息 2025 際際滷