Business Impact Assessments and Risk Assessments lay the foundation for a successful Disaster Recovery and Business Continuity program. This presentation will examine the elements of the assessments and focus on how the assessment results help a business determine areas of risk and potential impact to their business when things go wrong. Audience members will participate in an assessment exercise. Susan Kastan, Kastan Consulting Susan Kastan has worked over 20 years in the information technology field with experience in business continuity planning, security analysis, systems development, and project management. She is currently focused on developing business continuity and disaster recovery plans for companies and associations. Susan has experience in all areas of the business continuity life cycle including risk and business continuity assessments, business impact analysis, plan development, training, testing, and plan maintenance. She also writes information security policies and procedures providing organizations the necessary framework to secure their information systems. Penny Klein, PJKlein Consulting Penny Johnson Klein has been in the Information Assurance field for over 20 years and is a recognized expert in the field. During her career, she has provided support for various Department of Defense (DOD) Agencies, Federal Agencies, and the Private Sector. She spent 14 years with DOD, with 13 of those years in the Information Assurance arena, assisting in the development of security policies, processes, and procedures. She was one of the prime authors of the DOD Information Technology Security Certification and Accreditation Process (DITSCAP), and contributor to the National Information Assurance Certification and Accreditation Process (NIACAP). In addition, Ms. Klein has directed numerous successful Security Test and Evaluations and has developed information security programs.