Create a Business Impact Analysis executive summary report for management

Student Lab Manual

-46-

Laboratory #7 Lab #7: Perform a Business Impact Analysis for a Mock IT Infrastructure Learning Objectives and Outcomes

Upon completing this lab, students will be able to:

• Define the goal and objective of a Business Impact Analysis (BIA)

• Identify where a Business Impact Analysis (BIA) fits within a Business Continuity Plan (BCP)

• Identify mission critical applications and access to data requirements for a given scenario

• Perform a Business Impact Analysis (BIA) utilizing a qualitative assessment approach

• Create a Business Impact Analysis executive summary report for management

Required Setup and Tools This is a paper-based lab and does not require the use of a “mock” IT infrastructure or virtualized server

farm.

The standard Instructor and Student VM workstation with Microsoft Office 2007 or higher is required for

this lab. Students will need access to their completed, Lab #4 –Assessment Worksheet, Part A – Perform

a Qualitative Risk Assessment for an IT Infrastructure prioritizing the risks, threats, and vulnerabilities

identified from the qualitative risk assessment.

In addition, Microsoft Word is a required tool for the student to craft a BIA utilizing a qualitative

assessment approach to prioritize mission critical applications, data, and IT systems and elements that are

required to maintain business continuity. An executive summary report is also required for management

along with answering and submitting the Lab #7 – Assessment Worksheet questions.

Recommended Procedures Lab #7 – Student Steps:

Student steps needed to perform Lab #7 – Perform a Business Impact Analysis for an IT Infrastructure:

1. Connect your removable hard drive or USB hard drive to a classroom workstation.

2. Boot up your classroom workstation and DHCP for an IP host address.

3. Login to your classroom workstation and enable Microsoft Word.

4. Review Figure 2 – “Mock” IT Infrastructure.

Student Lab Manual

Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -47-

5. Identify the scenario/vertical industry you were provided in Lab #4 – assigned by your Instructor:

a. Healthcare provider under HIPPA compliance law

b. Regional bank under GLBA compliance law

c. Nationwide retailer under PCI DSS standard requirements

d. Higher-education institution under FERPA compliance law

6. Conduct a BIA by assigning a qualitative business impact value for each identified business

functions and operations: Critical, Major, or Minor or None.

7. From this prioritization, identify the IT systems, applications, and resources that are impacted.

8. Assess the recovery time objectives needed for the IT systems, applications, and resources.

9. Complete Lab #7 – Assessment Worksheet, Part A – BIA Process Flow Sheets and Part B –

Assessment Questions.

10. Craft a four-paragraph executive summary according to the following outline:

a. Goals and purpose of the BIA – unique to your scenario

b. Summary of Findings – business functions and assessment

c. Prioritizations – critical, major, and minor classifications

d. IT systems and applications impacted – to support the defined recovery time objectives

11. Work on Lab #7 – Assessment Worksheet and Questions and submit with your executive

summary.

Deliverables Upon completion of Lab #7 – Perform a Business Impact Analysis for a Mock IT Infrastructure, students

are required to provide the following deliverables as part of this lab:

1. Lab #7 – Assessment Worksheet, Part A – BIA of business functions and operations

2. Lab #7 – Assessment Worksheet, Part B – Business Impact Analysis Executive Summary

3. Lab #7 – Assessment Questions and Answers

Evaluation Criteria and Rubrics

The following are the evaluation criteria and rubrics for Lab #7 that the students must perform:

1. Was the student able to define the goal and objective of a Business Impact Analysis (BIA)? –

[20%]

2. Was the student able to identify where a Business Impact Analysis (BIA) fits within a Business

Continuity Plan (BCP)? – [20%]

Student Lab Manual

-48-

3. Was the student able to identify mission critical applications and access to data requirements for a

given scenario? – [20%]

4. Was the student able to perform a Business Impact Analysis (BIA) utilizing a qualitative

assessment approach? – [20%]

5. Was the student able to create a Business Impact Analysis executive summary report for

management? – [20%]

Student Lab Manual

-49-

Lab #7: Assessment Worksheet

Part A – Perform a Business Impact Analysis for an IT Infrastructure

Course Name: _____________________________________________________________ Student Name: _____________________________________________________________ Instructor Name: ___________________________________________________________ Lab Due Date: _____________________________________________________________ Overview

When performing a BIA, you are trying to assess and align the affected IT systems, applications, and

resources to their required recovery time objectives (RTOs). The prioritization of the identified mission

critical business functions will define what IT systems, applications, and resources are impacted. The

RTO will drive what kind of business continuity and recovery steps are needed to maintain IT operations

within the specified time frames.

1. Performa BIA assessment and fill in the following chart: Business Function Business Impact Recovery IT Systems/Apps Or Process Factor Time Objective Infrastructure Impacts Internal and external voice communications with customers in real-time

Internal and external e-mail communications with customers via store and forward messaging

DNS – for internal and external IP communications

Internet connectivity for e- mail and store and forward customer service

Self-service website for customer access to information and personal account information

Student Lab Manual

-50-

e-Commerce site for online customer purchases or scheduling 24x7x365

Payroll and human resources for employees

Real-time customer service via website, e-mail, or telephone requires CRM

Network management and technical support

Marketing and events

Sales orders or customer/ student registration

Remote branch office sales order entry to headquarters

Voice and e-mail communications to remote branches

Accounting and finance support: Accts payable, Accts receivable, etc.

Part B – Craft a Business Impact Analysis Executive Summary Craft a BIA executive summary, follow this structure and format:

a. Goals and purpose of the BIA – unique to your scenario

b. Summary of Findings – business functions and assessment

c. Prioritizations – critical, major, and minor classifications

d. IT systems and applications impacted – to support the defined recovery time objectives