CBCP业务连续性管理专家培训材料Area2_第1页
CBCP业务连续性管理专家培训材料Area2_第2页
CBCP业务连续性管理专家培训材料Area2_第3页
CBCP业务连续性管理专家培训材料Area2_第4页
CBCP业务连续性管理专家培训材料Area2_第5页
已阅读5页,还剩30页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

1、1business continuity managementcourse for advanced professionals introduction2subject area 2: risk evaluation & control3lesson overviewnthe purpose of a risk assessmentnmethodology and approachnidentifying and evaluating controls4professional practices for business continuity professionals1.project

2、initiation and management2.risk evaluation and control3.business impact analysis4.developing business continuity strategies5.emergency response and operations6.developing and implementing business continuity plans7.awareness and training programs8.maintaining and exercising business continuity plans

3、9.crisis communications10. coordination with external agencies5objectivesndetermine the events and external surroundings that can adversely affect the organization and its facilities with disruption as well as disaster, the damage such events can cause, and the controls needed to prevent or minimize

4、 the effects of potential loss. provide cost-benefit analysis to justify investment in controls to mitigate risks.6the professionals role (1/2)1.identify potential risks to the organizationnprobabilitynconsequences/impact2.understand the function of risk reduction/mitigation within the organization3

5、.identify outside expertise required4.identify exposures7the professionals role (2/2)1.identify risk reduction/mitigation alternatives2.confirm with management to determine acceptable risk levels3.document and present findings8the planning processnobjective nidentify existing risks and threats that

6、the organization is exposed to and recommend sageguradsnsome key tasksn analyze business risk exposuresnperform risk mitigationnsome key deliverablesn high probability events and exposuresna list of controls and safeguardsproject planningrisk assessment & analysis9what is risk assessment?nprocess of

7、 identifying the risks to an organizationnassesses the critical functions necessary for an organization to continue business operationsna function of risk reduction/mitigationndefines the controls in place to reduce organization exposurenevaluates the cost for such controlsnoften involves an evaluat

8、ion of the probabilities of a particular event occurring.10why conduct a risk assessment?nthe purpose of a risk assessment is to nprioritize planning and resource allocationnidentify and mitigate exposuresnidentify the threats, risk, and vulnerabilities in the “disaster chain”11risk assessment objec

9、tivesnunderstand loss potentialsn threatsn risksn probabilityn vulnerabilityn impacts12risk assessment objectivesndetermine vulnerability to potential lossnprimary threatsnselect vulnerabilities most likely to occur13risk assessment objectivesnidentify existing controls and recommend additional cont

10、rolsnevaluate the effectiveness of controls and safeguardsnidentify possible exposures14cause and effect relationshipthreatvulnerabilityriskcauseprobabilityeffectassets15role of risk assessmentnidentifies what plans need to be developednfocuses on the outcomes of failures, as well as considering the

11、 causesnrelates primarily to provision of support servicesnused to identify mitigating actionsnto increase the resilience of service provisionnto facilitate rapid and effective response to any failure16benefits of a risk assessmentnthe results serve as the basis for cost savings through avoidancenju

12、dicious use of finite resources for risk mitigationncan eliminate major downtime events17approach to data collectionexternal continentcountryregioncommunityneighborhood internalindustryplantbuildingfloorprocesswork area18approach to data collectionninterviews, questionnaires, & workshop sessionsndoc

13、umentation/infrastructure reviewnobservationncorporate documentsnsupply chain informationndata repositories19information sourcesnexternaln international standardsl iso,bsi,rims*nfema nnational weathernfederal/state climatologynstate/county/city emergency managersnstate/local police & fir

14、enlocal groupsl brpa,acp,bcpncommunity public worksinternal corporate management staff engineering deptcontractors insurance brokers engineering/design firms architectural firms contractors/vendors 20categories of threatsnnatural or acts of naturenman-made n politicaln technologicaln infrastructure2

15、1identify risk eventslow probability high severitymedium probability medium severitymedium probability high severityfirewhole building firefire limited to one floorfire in basement mailroom22identify risk event probabilitylowless than once every 25 years“this could happen, but it would be a freak ev

16、ent” mediumonce every 5 to 25 years“i saw something similar in the papers recently”“i know someone this happened to”highmore than once every 5 years“i remember the last time this happened”23risk analysisnclassify risk & threatsn under organizations controln beyond organizations controln with prior w

17、arningsn with no prior warningsnstatement of risk: quantitative & qualitativenevaluate impact of risks and threats on critical business functions24risk analysis & exposure estimationrisk-levelmatriximpactlow(10)medium(50)high(100)high(1.0)low101.0=10medium501.0=50high1001.0=100medium(0.5)low100.5=5m

18、edium500.5=25medium1000.5=50low(0.1)low100.1=1low 500.5=5low1000.1=10threat likelihoodrisk scale: high =51 to 100 medium = 11 to 50 low =1 to 1025identify risk event impactlow medium highavailabilityperiodic reduction in serviceintermittent total loss of service, or serious reduction in serviceno se

19、rvice available at alldurationservice disruption for less than 0.5 daysservice disruption for between 0.5 and 3 daysservice disruption for more than 3daysspreadimpacts a number of individualsimpacts one business functionimpacts many business functions26assess the potential impactsloss of customer se

20、rvicefire in basement computer roomloss of functionloss of work in progress27definition of controlnprocess, device or procedure that:n deters a threat from occurringn mitigates impact of a threatn reduces effect, but cannot always prevent occurrence28types of controlsnphysical controlsn fire suppres

21、sion/sprinkler systemsn access control systemsn security guardsnprocedural controlsn hiring and termination policiesn clean desk policyn document receipting29identifying controlsnidentify controls and safeguards to prevent and/ or mitigate the effect of the loss potentialn security protectionl physi

22、cal protectionl physical presencenlogical protectionl information backup and protectionl information securitynlocation of assets l preventative maintenancel personnel /kids/games1/htm30recommend additional controlsnevaluate impact of risks and exposures on factors essential for conduction business operationsneliminating threat is not possiblenselect controls with highest paybackninclude cost of control and maintenancenprepare cost-benefit analysisnpresent results to senior management31layers of

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

最新文档

评论

0/150

提交评论