|
PILAR BCM Business
Impact Analysis Continuity
Management Help Files version
2024.1 February, 2024 |
Contents
1 First screen.................................................................................................................................. 5
1.1 License............................................................................................................................................... 5
2 Edit / Options.............................................................................................................................. 6
2.1 Options – Valuation...................................................................................................................... 6
2.2 Options – Likelihood..................................................................................................................... 7
2.3 Options – Effects............................................................................................................................ 7
2.4 Options – Threats.......................................................................................................................... 7
2.5 Options – Maturity........................................................................................................................ 8
2.6 Options – Special phases............................................................................................................... 8
2.7 Options – CSV................................................................................................................................... 9
2.8 Options – Value model.................................................................................................................. 9
2.9 Options – Project phases.............................................................................................................. 9
2.10 Security domains and project phases.................................................................................... 9
2.11 Options – Xor.............................................................................................................................. 10
2.12 Options – Loops.......................................................................................................................... 10
2.13 Options – Save............................................................................................................................. 11
2.14 Options – Export: safeguards............................................................................................... 11
2.15 Options – Residual risk............................................................................................................ 11
2.16 Options – ROLL........................................................................................................................... 11
3 Reports......................................................................................................................................... 12
3.1 From template.............................................................................................................................. 12
3.2 Textual reports........................................................................................................................... 12
3.3 Graphical reports....................................................................................................................... 13
3.4 Databases....................................................................................................................................... 15
4 Perimeters................................................................................................................................. 15
5 OK, Cancel, Help....................................................................................................................... 17
6 Main control panel............................................................................................................. 18
6.1 Basic controls.............................................................................................................................. 18
6.2 Project controls.......................................................................................................................... 20
7 Project.......................................................................................................................................... 21
7.1 Project data.................................................................................................................................. 21
7.2 Information sources................................................................................................................... 23
7.2.1 Edition..................................................................................................................................... 24
7.3 Security domains.......................................................................................................................... 25
7.3.1 Edition..................................................................................................................................... 26
7.3.2 Removal................................................................................................................................... 27
7.4 Interruption steps...................................................................................................................... 28
7.4.1 Format..................................................................................................................................... 29
7.4.2 Standard scales..................................................................................................................... 29
7.5 Asset classes selection.............................................................................................................. 30
7.6 Selection of criteria for valuation...................................................................................... 30
7.7 Threats selection........................................................................................................................ 31
7.8 Project phases............................................................................................................................... 32
7.8.1 Combination and removal of phases............................................................................... 33
7.8.2 Edit one phase....................................................................................................................... 35
7.9 Risk Treatment............................................................................................................................. 36
8 Risk analysis............................................................................................................................. 37
8.1 Assets / Identification............................................................................................................... 37
8.1.1 Layers menu........................................................................................................................... 39
8.1.2 Assets menu............................................................................................................................ 41
8.1.3 Statistics menu...................................................................................................................... 45
8.1.4 Asset operations.................................................................................................................... 45
8.2 Assets / Edit one asset............................................................................................................... 46
8.3 Assets / Sources........................................................................................................................... 49
8.4 Assets / Classes............................................................................................................................ 51
8.5 Assets / Dependencies................................................................................................................ 53
8.5.1 Dependencies – Layers........................................................................................................ 58
8.5.2 Dependencies – Graph......................................................................................................... 59
8.5.3 Dependencies – Buses.......................................................................................................... 61
8.5.4 Dependencies – Blocks......................................................................................................... 62
8.5.5 Dependencies – Map............................................................................................................ 62
8.5.6 Dependencies per dimension of security........................................................................ 64
8.6 Assets / Valuation – BIA (Business Impact
Analysis)...................................................... 66
8.6.1 Valuation by domains.......................................................................................................... 66
8.6.2 Valuation asset by asset...................................................................................................... 69
8.6.3 To set a qualitative valuation........................................................................................... 72
8.6.4 To set a quantitative valuation......................................................................................... 74
8.6.5 To nullify a valuation........................................................................................................... 75
8.6.6 Availability valuation.......................................................................................................... 75
8.7 Threats........................................................................................................................................... 77
8.7.1 Aggravating & mitigating factors.................................................................................... 77
8.7.2 Identification......................................................................................................................... 78
8.7.3 Valuation................................................................................................................................ 82
8.7.4 TSV – Threat Standard Values.......................................................................................... 84
8.8 Potential impact and risk......................................................................................................... 85
8.8.1 Criticality levels – Colour encoding................................................................................. 85
8.8.2 Accumulated impact and risk............................................................................................ 85
8.8.3 Deflected impact and risk................................................................................................... 87
8.9 Backup equipment........................................................................................................................ 89
8.9.1 Aggregated values................................................................................................................ 90
8.9.2 Backup / Edition................................................................................................................... 91
8.10 Safeguards.................................................................................................................................. 93
8.10.1 Aspect.................................................................................................................................... 93
8.10.2 Type of protection.............................................................................................................. 93
8.10.3 Relative weight................................................................................................................... 93
8.10.4 Additional information..................................................................................................... 94
8.10.5 On safeguards’ tree............................................................................................................ 94
8.10.6 Valuation per domains..................................................................................................... 95
8.10.6.1 Central table........................................................................................................................................... 97
8.10.6.2 Bottom tool bar..................................................................................................................................... 98
8.10.6.3 SoA – Statement of Applicability.................................................................................................. 99
8.10.7 Reference and target phases........................................................................................... 99
8.10.8 Safeguard maturity valuation...................................................................................... 100
8.10.9 Operation combo............................................................................................................. 102
8.10.10 Suggest operation......................................................................................................... 103
8.10.11 Find................................................................................................................................... 103
8.11 Residual impact & risk........................................................................................................... 105
8.11.1 Accumulated impact and risk table............................................................................ 105
8.11.2 Accumulated impact....................................................................................................... 107
8.11.3 Accumulated risk............................................................................................................. 108
8.11.4 Deflected impact and risk table................................................................................... 110
8.11.5 Deflected impact.............................................................................................................. 112
8.11.6 Deflected risk.................................................................................................................... 113
9 DRP – Disaster Recovery Plan................................................................................... 115
9.1 Screens.......................................................................................................................................... 115
9.1.1 Central area......................................................................................................................... 116
9.1.2 Example................................................................................................................................ 116
9.2 DRP / Actions............................................................................................................................. 117
9.2.1 Quantitative analysis........................................................................................................ 118
9.3 The meaning of ENABLED assets.......................................................................................... 118