(Estrategia del Servicio) BIA es la Actividad de la
Gestión de la Continuidad del Negocio que identifica las Funciones Vitales del
Negocio y sus dependencias. Estas dependencias pueden incluir Proveedores,
personas, otros Procesos de Negocio, Servicios TI, etc.
BIA define los requerimientos de recuperación para
los Servicios TI. Dichos requerimientos incluyen Objetivos de Tiempos de
Recuperación, Objetivos del Punto de Recuperación y los Objetivos de Nivel de
Servicio mínimos para cada Servicio TI.
[ITIL:2007]
Estudio de las consecuencias que tendría una parada
de X tiempo sobre la Organización. [Magerit:2012]
Estudio y evaluación de las pérdidas producidas por
un ataque real o simulado. [Ribagorda:1997]
An analysis of an
enterprise’s requirements, processes, and interdependencies used to
characterize information system contingency requirements and priorities in the
event of a significant disruption. [CNSSI_4009:2010]
(Service Strategy) BIA is
the Activity in Business Continuity Management that identifies Vital Business
Functions and their dependencies. These dependencies may include Suppliers,
people, other Business Processes, IT Services etc.
BIA defines the recovery
requirements for IT Services. These requirements include Recovery Time
Objectives, Recovery Point Objectives and minimum Service Level Targets for
each IT Service.
[ITIL:2007]
process of analysing
business functions and the effect that a business disruption might have upon
them. [BS25999-1:2006]
The BIA is a critical step
to understanding the information systems components, interdependencies, and
potential downtime impacts. The contingency plan strategy and procedures should
be designed specifically around the results of the BIA. A BIA is conducted by
identifying the systems critical resources. Each critical resource is then further
examined to determine how long functionality of the resource could be withheld
from the information system before an unacceptable impact is experienced. [NIST-SP800-100:2006]
An activity performed by a
sponsor to determine if a re-evaluation of a changed Target of Evaluation is
necessary. [ITSEM:1993]
The process of identifying
the potential impact of uncontrolled, non-specific events on an institution's
business processes.
http://ithandbook.ffiec.gov/it-booklets/business-continuity-planning/appendix-b-glossary.aspx
A Business Impact Analysis
determines what levels of impact to a system are tolerable.
http://www.sans.org/security-resources/glossary-of-terms/
(Stratégie de Services)
La BIA est l’activité de la gestion de la continuité du business qui identifie
les fonctions business vitales et leurs dépendances. Ces dépendances peuvent
inclure des sous-traitants, des gens, d’autres processus business, des services
informatiques, etc.
La BIA définit les
besoins de la reprise des services des TI. Ces besoins incluent les objectifs
de temps de reprise, les objectifs de point de reprise et les cibles de niveau
de service minimum pour chacun des services informatiques.
[ITIL:2007]