The BIA is an integral component of the
Information Risk Management service. The aim of this services is to provide a methodology to define and classify a criticality of an application or system as:
Confidentiality: Protecting sensitive information from unauthorised disclosure or intelligible interception.
Integrity: Safeguarding the accuracy, completeness, and timeliness of information, IT systems and computer software (including the ability to audit).
Availability: Ensuring that information and vital services are accessible to authorised users when required.
This methodology focused in assessing the business risk associated with the system by evaluating the business consequences and impact of a loss of the confidentiality, integrity and availability of information:
- To
determine the maximum severity of a loss of the confidentiality, integrity and availability of information.
- To
classify the system as a whole in terms of its importance to the business and hence the level of protection needed.