Business Impact Analysis (BIA) process for Siemens Industrial Turbomachinery AB

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/213091
Download file(s):
File Description SizeFormat 
213091.pdfFulltext2.39 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Business Impact Analysis (BIA) process for Siemens Industrial Turbomachinery AB
Authors: Tamadoni, Alireza
Abstract: The threats encountered by companies and organizations must be dealt with in order to secure their survivability. This is especially important as the survivability of society and its economic infrastructure depends on companies and organizations continuing their business operations. As a result, Business Continuity Planning (BCP) has proliferated by the years in order to reduce the risks of potentially damaging and disruptive events. The rapid proliferation of BCP has contributed to different standards used by different companies and different organizations worldwide. The wide variety of standards and the lack of an international standard leads to difficulties when determining which methodologies to use for performing BCP. This project presents a process for performing a Business Impact Analysis (BIA) which is an essential part of BCP. The process is tailored for Siemens Industrial Turbomachinery (SIT) AB. From SIT’s point of view, a BIA should provide a decision basis. This would enable management to justify and perform pre-cautionary measures to hinder potential damages on business. In order to meet the demands from the management of SIT, the process was built from scratch based on a comprehensive literature study and reviewing existing material from SIT and the Siemens Corporation. Bits and pieces from different methodologies were reviewed and used when appropriate. One demand was to develop a process that is both cost-efficient and time-efficient. As a result, the process was built based on the company’s resource assets instead of on its complex business processes. In order to gather the information needed about these assets and to determine which assets are critical for the company, a customized method on how to gather data was developed. The method suggested an integrated solution in which the data gathering process would integrate with an existing web-based information security survey system. The method, and consequently the questions involved in the developed questionnaire were to the largest possible extent validated by performing a number of interviews with managers within the different business divisions. Furthermore, the methods driving the BIA process were developed based on the concepts of confidentiality, integrity and availability so that threat-scenarios and potential financial impact losses could be derived in a structured and systematic manner. Consequently, it is possible to estimate the risks involved in order to derive decision basis for pre-cautionary measures. A decision could be to reduce a risk, plan or manage the risk or simply to accept the risk. In most of the parts of the process, tools were created in Microsoft Excel Sheets. This simplifies the description of the process within this report. It also to simplifies the actual execution of a BIA, for the management of SIT.
Keywords: Informations- och kommunikationsteknik;Data- och informationsvetenskap;Information & Communication Technology;Computer and Information Science
Issue Date: 2015
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/213091
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.