From the course: Implementing the NIST Risk Management Framework
Join today to access over 25,300 courses taught by industry experts.
Using a Business Impact Assessment for system categorization
From the course: Implementing the NIST Risk Management Framework
Using a Business Impact Assessment for system categorization
To help you build your asset inventory and system categorization, I suggest you leverage a Business Impact Analysis, or BIA. It's a form of a risk assessment to better understand your organization's critical assets, their security categories, and will ultimately help determine the priority for protection and recovery. Your BIA should identify the operational and financial impacts resulting from the disruption of business or operational functions and processes. Impacts to consider include: loss or delayed productivity and income, increased expenses such as overtime, outsourcing, expediting costs, etc., real or expected regulatory fines, contractual penalties or loss of contractual bonuses, customer dissatisfaction or defection, or the delay of new business plans. When conducting a BIA. I suggest using a BIA questionnaire to survey those within the mission or business who have detailed knowledge of how the business works. Ask them to identify potential impacts if the business function…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.