Phase B is about assessing potential business impact to an organisation should information assets be compromised. The BIA covers both the realistic and worst-case scenarios, for confidentiality, integrity and availability. The scope of the assessment should be reflected when selecting information assets from the information asset library.
To begin, select all the desired Information Assets using the Import from Form to populate it with the assets in scope for this assessment. Use the check box in the top left most corner of the selection window to import all items. With the populated form, click on the BIA Assessment link to access each assets individual BIA.
|1||Search Bar||This bar enables you to search through the existing rows of BIA assessments, for properties – you can select whether to search by all fields, or a specific field.|
|2||Information Assets||This is a reference field where you can select an information asset from the Information Assets form.|
|3||BIA Assessment||This is a link to a BIA Assessment which is created when an information asset is selected.|
|4||Impact Ratings||These impact ratings are fields pulled through from the BIA Assessment when the fields are completed.|
The BIA Assessment is where you consider the impact on the information asset – it may be necessary to consider more than one impact category. This is an individual assessment within your overall BIA.
To begin, select all the desired Impact Categories from the Business Impact Reference Table (BIRT) to assess against using the Import from Form to populate the BIA. Use the check box in the top left most corner of the selection window to import all items. With the populated form, review the Realistic and Worst-Case impact rating for each of the three security categories; Confidentiality, Integrity, Availability. Note that the Worst-Case impact may not be less than the Realistic impact.
Complete the BIA for all the Information Assets in the IRAM2 assessment.
|1||Impact Category||This is a reference field to the impact categories defined in the Business Impact Reference Table (BIRT).|
|2||Impact Ratings||These are reference fields to the impact ratings defined in the Impact Ratings. For the 3 categories defined as Confidentiality, Integrity and Availability, you need to specify the realistic and worst-case impacts for each impact category considered.|
|3||Comments||A free text field where you can add further rationale and comments about the reasoning for the realistic and worst-case impact responses.|