Time-based analysis is a quantitative analysis that uses only a small amount of qualitative measures. TBA is extremely effective in measuring the adequacy of a control. This is also useful in terms of fault preparation (Delphi Group, 2005).
TBA involves analysis of the systems to identify:
- The preventative controls (P)
- The detective controls (D)
- And the reactive controls on the system (R)
The detective controls (D) + the reactive controls on the system (R) are less then the Preventative controls (P), or:
- D + R < [P]
And a measurable loss occurs when:
- D + R > [P].
- How long does it take for detective controls to be enacted?
- How long following detection, does it take for a response to be initiated?
In determining a target, the costs of the preventative, detective and reactive controls are taken into account to create a cost benefit analysis. TBA is one of the simpler quantitative methods of risk analysis and management that is available.