Best tips for risk management


Business Continuity and Disaster Recovery - Risk Analysis and Control

In the risk evaluation phase, there are athen analysis to understand those
number of key areas that must be covered. Onevulnerabilities which would have the greatest
of the most important is to understandimpact on your critical business processes
probable threats. In an ideal world, whichand the organization. This starts to clarify
most of us have noticed does not exist, weand quantify potential losses, which helps to
would identify and protect ourselves againstestablish priorities.Following the
all threats to ensure that our businessidentification of the most probable threats
continues to survive. Obviously, we areand vulnerabilities, an analysis of existing
constrained by other factors such as budgets,controls is needed. This spans physical
time and priorities and need to apply costsecurity as well as people, processes, data,
benefit analysis to ensure we are protectingcommunications and asset protection. Some
the most critical business functions.A secondcontrols such as physical security and data
important step is to identify all probablebackup are obvious. Other controls required
threats and prioritize them. Threats,are often less obvious, but they can be
typically, can be classified in several waysidentified through the risk evaluation
such as internal/external, man-made/natural,process.Once the key building blocks of
primary/secondary, accidental/intentional,critical business functions, most probable
controllable/not controllable, warning/nothreats, vulnerabilities and controls are
warning, frequency, duration, speed of onsetidentified, the next stage is to develop an
etc. While classifying threats is helpful inunderstanding of the probability of threats
terms of understanding their characteristicsfactored by the severity or impact of the
and potential controls, grouping andthreats. This leads to the business impact
understanding by business impact is alsoanalysis phase which establishes priorities
important. Obviously, the same impact canfor protection.The goal is to minimize
result from a number of differentthreats, impacts and downtime and to mitigate
threats.Identifying mission critical businessany losses. Fundamentally, the goal is to
processes and systems is another fundamentalprotect your people, protect your data,
building block of the business continuityprotect your vital communications, protect
plan. After your critical business processesyour assets and to protect your brand and
and systems and probable threats arereputation. Overall, of course, the goal is
established, the next step is to identifyto ensure your business continues to operate
vulnerabilities and loss potential. Thisand to do it in a cost-effective way meeting
requires an extensive scan of thestandards of reasonable and prudent judgment.
organization to identify vulnerabilities and



1 A B C D 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112