In English

Business Impact Analysis (BIA) process for Siemens Industrial Turbomachinery AB

Alireza Tamadoni
Göteborg : Chalmers tekniska högskola, 2015. 81 s.
[Examensarbete på avancerad nivå]

The threats encountered by companies and organizations must be dealt with in order to secure their survivability. This is especially important as the survivability of society and its economic infrastructure depends on companies and organizations continuing their business operations. As a result, Business Continuity Planning (BCP) has proliferated by the years in order to reduce the risks of potentially damaging and disruptive events. The rapid proliferation of BCP has contributed to different standards used by different companies and different organizations worldwide. The wide variety of standards and the lack of an international standard leads to difficulties when determining which methodologies to use for performing BCP.

This project presents a process for performing a Business Impact Analysis (BIA) which is an essential part of BCP. The process is tailored for Siemens Industrial Turbomachinery (SIT) AB. From SIT’s point of view, a BIA should provide a decision basis. This would enable management to justify and perform pre-cautionary measures to hinder potential damages on business. In order to meet the demands from the management of SIT, the process was built from scratch based on a comprehensive literature study and reviewing existing material from SIT and the Siemens Corporation. Bits and pieces from different methodologies were reviewed and used when appropriate. One demand was to develop a process that is both cost-efficient and time-efficient. As a result, the process was built based on the company’s resource assets instead of on its complex business processes. In order to gather the information needed about these assets and to determine which assets are critical for the company, a customized method on how to gather data was developed. The method suggested an integrated solution in which the data gathering process would integrate with an existing web-based information security survey system. The method, and consequently the questions involved in the developed questionnaire were to the largest possible extent validated by performing a number of interviews with managers within the different business divisions. Furthermore, the methods driving the BIA process were developed based on the concepts of confidentiality, integrity and availability so that threat-scenarios and potential financial impact losses could be derived in a structured and systematic manner. Consequently, it is possible to estimate the risks involved in order to derive decision basis for pre-cautionary measures. A decision could be to reduce a risk, plan or manage the risk or simply to accept the risk. In most of the parts of the process, tools were created in Microsoft Excel Sheets. This simplifies the description of the process within this report. It also to simplifies the actual execution of a BIA, for the management of SIT.

Nyckelord: Business Impact Analysis (BIA), Risk Assessment, Security risks, Business processes

Publikationen registrerades 2015-02-25. Den ändrades senast 2015-02-25

CPL ID: 213091

Detta är en tjänst från Chalmers bibliotek