| In the risk evaluation phase, there are a
| |
| | vulnerabilities which would have the
|
| number of key areas that must be covered.
| |
| | greatest impact on your critical business
|
| One of the most important is to
| |
| | processes and the organization. This
|
| understand probable threats. In an ideal
| |
| | starts to clarify and quantify potential
|
| world, which most of us have noticed does
| |
| | losses, which helps to establish
|
| not exist, we would identify and protect
| |
| | priorities.Following the identification
|
| ourselves against all threats to ensure
| |
| | of the most probable threats and
|
| that our business continues to survive.
| |
| | vulnerabilities, an analysis of existing
|
| Obviously, we are constrained by other
| |
| | controls is needed. This spans physical
|
| factors such as budgets, time and
| |
| | security as well as people, processes,
|
| priorities and need to apply cost benefit
| |
| | data, communications and asset
|
| analysis to ensure we are protecting the
| |
| | protection. Some controls such as
|
| most critical business functions.A second
| |
| | physical security and data backup are
|
| important step is to identify all
| |
| | obvious. Other controls required are
|
| probable threats and prioritize them.
| |
| | often less obvious, but they can be
|
| Threats, typically, can be classified in
| |
| | identified through the risk evaluation
|
| several ways such as internal/external,
| |
| | process.Once the key building blocks of
|
| man-made/natural, primary/secondary,
| |
| | critical business functions, most
|
| accidental/intentional, controllable/not
| |
| | probable threats, vulnerabilities and
|
| controllable, warning/no warning,
| |
| | controls are identified, the next stage
|
| frequency, duration, speed of onset etc.
| |
| | is to develop an understanding of the
|
| While classifying threats is helpful in
| |
| | probability of threats factored by the
|
| terms of understanding their
| |
| | severity or impact of the threats. This
|
| characteristics and potential controls,
| |
| | leads to the business impact analysis
|
| grouping and understanding by business
| |
| | phase which establishes priorities for
|
| impact is also important. Obviously, the
| |
| | protection.The goal is to minimize
|
| same impact can result from a number of
| |
| | threats, impacts and downtime and to
|
| different threats.Identifying mission
| |
| | mitigate any losses. Fundamentally, the
|
| critical business processes and systems
| |
| | goal is to protect your people, protect
|
| is another fundamental building block of
| |
| | your data, protect your vital
|
| the business continuity plan. After your
| |
| | communications, protect your assets and
|
| critical business processes and systems
| |
| | to protect your brand and reputation.
|
| and probable threats are established, the
| |
| | Overall, of course, the goal is to ensure
|
| next step is to identify vulnerabilities
| |
| | your business continues to operate and to
|
| and loss potential. This requires an
| |
| | do it in a cost-effective way meeting
|
| extensive scan of the organization to
| |
| | standards of reasonable and prudent
|
| identify vulnerabilities and then
| |
| | judgment.
|
| analysis to understand those
| |
| |
|
