Handbook of Information Security Management:Risk Management and Business Continuity Planning

Previous Table of Contents Next


Preparing the Management Presentation

Presentation of the results of the BIA to concerned management should result in no surprises for them. If you are careful to ensure that the BIA findings are communicated and adjusted as the process has unfolded, then the management review process should really become more of a formality in most cases. The final presentation meeting with the senior management group is not the time to surface new issues and make startling results public for the first time.

In order to achieve the best results in the management presentation, the following suggestions are offered:

  Draft Report for Review Internally First — Begin drafting the report following the initial interviews. By doing this, you will be capturing fresh information. This information will be used to build the tables, graphs, and other visual demonstrations of the results, and it will be used to record the interpretations of the results in the verbiage of the final BIA Findings and Recommendation Report. One method for accomplishing a well-constructed BIA Findings and Recommendation Report from the very beginning is to record, at the completion of each interview, the tabular information into the BIA data base or manual filing system in use to record this information. Second, the verbal information should be transcribed into a BIA Summary Sheet for each interview. This BIA Summary Sheet should be completed for each interviewee and contain the highlights of the interview in summarized form. As the BIA process continues, the BIA tabular information and the transcribed verbal information can be combined into the draft BIA Findings and Recommendations Report. The table of contents for a BIA Report may look like the following:


Exhibit 2.  BIA Report Table of Contents

  Schedule Individual Senior Management Meetings as Necessary — As you near the time for the final BIA presentation, it is sometimes a good idea to conduct a series of one-on-one meetings with selected senior management representatives in order to brief them on the results and gather feedback for inclusion in the final deliverables. In addition, this is a good time to begin building grassroots support for the final recommendations that will come out of the BIA process and concurrently give you an opportunity to practice making your points and discussing the pros and cons of the recommendations.
  Prepare Senior Management Presentation (Bullet Point) — Our experience says that senior management level presentations, most often, are better prepared in a brief and focused manner. It will undoubtedly become necessary to present much of the background information used to make the decisions and recommendations, but the formal presentation should be in bullet point format, crisp, and to the point. Of course every organization has its own culture, so be sure to understand and comply with the traditional means of making presentations within your own environment. Copies of the report, which have been thoroughly reviewed, corrected, bound, and bundled for delivery can be distributed at the beginning or the end of the presentation depending upon circumstances. In addition, copies of the bullet point handouts can also be supplied so attendees can make notes for reference at a later time. Remember, the BIA process should end with a formalized agreement as to management’s intentions with regard to MTDs, so that business unit and support services managers can be guided accordingly. It is here that that formalized agreement should be discussed and the mechanism for acquiring and communicating it determined.
  Distribute Report — Once the management team has had an opportunity to review the contents of the BIA Report and have made appropriate decisions and/or given other input, the final report should be distributed within the organization to the appropriate interested individuals.


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.