If you have
been following this post series welcome back and thank you for your support.
Hopefully, you have a change to complete the Business Impact Assessment (BIA)
exercise and you have recognized the critical systems, critical network, and
critical data of your business that need to be protected.

Yes, the
outcome of the BIA assessment can be daunting, however if you have completed
this exercise then you are doing better than others who has not at all.

Now, since
you are aware of the critical assets, you should invite your IT service
provider and discussed the BIA assessment with them. We suggest you ask
questions that avoid ‘yes or no’ answer. Here are some of example questions
that we would ask the IT provider when we develop mitigation strategy for our
clients:

·       
What
are the protection systems in place to mitigate cyber threat?

·       
What
measures or mitigation strategies in place to ensure the availability and
accessibility of the critical systems in the event of Denial of Services exercised
or malware such as ransomware?

·       
In
the event of Ransomware, what technology(s) or solution that would enable the
organization to recover within the milestone of Recover Point Objective (RPO)?

·       
What’s
the backup policy in place? What monitoring in place to ensure the backup
integrity and its ability to be used during disaster recovery?

·       
What
is the policy and procedure in place to detect potential cyber threat and
immediately react to the threat?

We hope
this post helps you.

Additionally,
you are welcome to reach us if you have further queries for the above.