Skip to main content
How Can We Help?
IT Services
Back
IT Consulting
Back
IT Strategy
Assessments
Audit Readiness
IT Governance & Security
Professional Services
Back
Project Implementation
IT Staff Augmentation
Development
Managed IT Services
Back
OnDemand Access
OnDemand Assurance
Technology Solutions
Back
Collaboration
Back
Unified Communications
Contact Center
Conferencing
Networking
Back
Enterprise Networking
Mobility & WiFi
IoT Network
Software Defined Networking
Data Center
Back
Data Center Networking
Compute
Converged Hyperconverged
Data Storage
Data Protection
Cloud Solutions
Cybersecurity
Back
Network Access Control
Endpoint Protection
Cloud Security
Identity Management
Threat Intelligence
Industries
Back
Healthcare
State & Local Government
Education
Manufacturing
Service Provider
Retail
Financial Services
Learning Center
Back
Blogs
Videos
eBooks
Tools
Pricing
About
Back
Our Company
Our Process
Why IE
Customer Experience
Corporate Social Responsibility
Partners
Events
Careers
Contact
MyIE Login
OnDemand Login
How Can We Help?
Business Impact
IE'S BUSINESS IMPACT ANALYSIS

How do events impact business operations?

Every organization needs to understand how a business-impacting event could affect their organization. Manufacturers need to understand how to keep producing, schools need to understand how to keep students learning, healthcare providers need to understand how to keep treating patients, and government needs to understand how to keep providing services to their constituents. This knowledge comes from the result of a Business Impact Analysis.

REQUEST BIA

Business Impact

Business Impact Analysis

Business impact knowledge should guide broad business decisions, such as acquisitions and growth plans, and will impact risk management, with an emphasis on the deployment and usage of security controls. Typically, business impact knowledge will lead to smarter spending and possibly even savings. This is because the control mechanisms (people, processes, and technology) will be applied where the risks actually exist and are based on severity of those risks. 

IE will host and facilitate structured workshops with your team to gain an understanding of what resources and access are truly important to the function of the business. We call these the Critical Business Functions (CBF) and the Critical Business Processes (CBP). Once we have identified and prioritized the CBFs and the CFPs, will narrow the field to the top five or top ten and try to identify the threats and risks to those. This knowledge will then guide the risk mitigation, remediation, data protection, and control placement. 

Business Impact

 

Request Business Impact Analysis

Business Impact Analysis

Business impact knowledge should guide broad business decisions, such as acquisitions and growth plans, and will impact risk management, with an emphasis on the deployment and usage of security controls. Typically, business impact knowledge will lead to smarter spending and possibly even savings. This is because the control mechanisms (people, processes, and technology) will be applied where the risks actually exist and are based on severity of those risks. 

IE will host and facilitate structured workshops with your team to gain an understanding of what resources and access are truly important to the function of the business. We call these the Critical Business Functions (CBF) and the Critical Business Processes (CBP). Once we have identified and prioritized the CBFs and the CFPs, will narrow the field to the top five or top ten and try to identify the threats and risks to those. This knowledge will then guide the risk mitigation, remediation, data protection, and control placement. 

Business Impact

 

The BIA Process

  • Define Current State

  • Assessment and Analysis

  • Define Target State

  • Deliverables

Define Current State

The business impact assessment begins by identifying and defining the business priorities, compliance requirements, threats to the business, and relevant IT characteristics of the current state. We also begin to discover and map out the environment, run full vulnerability and configuration scans, identify roles and responsibilities, and review existing policies and procedures. This collected data, once analyzed, provides us with a composite view of the current state of cyber security threats and controls in the environment. 

Assessment and Analysis

IE will analyze the collected data, identify threats, categorize the identified risks, and determine probability and likelihood of an event. Additional clarification questions and data collection may be required during this phase to properly set severity and priority of remediation tasks and mitigation controls. 

Define Target State

IE will define the desired target state, based on a more secure business environment, with fewer risks to operations. Mitigation approaches will be determined and validated, with a focus on having the least amount of negative impact to the business. Mitigation and remediation activities will be defined and aligned to business outcomes. Potential residual risk will be identified and quantified. 

Deliverables

IE will compile a comprehensive report and executive summary, complete with findings and guidance, validations, and additional supporting documentation. Cybersecurity findings will be aligned to the NIST CSF functional areas and sub areas, with severity based on NIST CSF scoring models, prioritized either Tactically (<90 days) or Strategically (>90 days). Suggested implementations, acquisitions, and staffing changes will be called out over a timeline of up to three (3) years. 

 

Additional Resources

Image

Article

8 Reasons Why You Need to Evaluate Your Cyber Resiliency

With new cyber threats surfacing almost daily, the barometer for adequate cyber resiliency seems to...

Read More

3 min. read

Image

Article

Maximizing Cisco Identity Service Engine (ISE) in Your Environment

Have you heard this recently, “You need better network segmentation?"

Read More

6 min. read

Image

Article

Utilizing Amazon S3 to Enhance Your Data Backup and Recovery Strategy

In our previous blogs, we’ve explored why immutable backups are a good idea for your disaster...

Read More

4 min. read

View All