版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、1business continuity managementcourse for advanced professionals introduction2subject area 2: risk evaluation & control3lesson overviewnthe purpose of a risk assessmentnmethodology and approachnidentifying and evaluating controls4professional practices for business continuity professionals1.project
2、initiation and management2.risk evaluation and control3.business impact analysis4.developing business continuity strategies5.emergency response and operations6.developing and implementing business continuity plans7.awareness and training programs8.maintaining and exercising business continuity plans
3、9.crisis communications10. coordination with external agencies5objectivesndetermine the events and external surroundings that can adversely affect the organization and its facilities with disruption as well as disaster, the damage such events can cause, and the controls needed to prevent or minimize
4、 the effects of potential loss. provide cost-benefit analysis to justify investment in controls to mitigate risks.6the professionals role (1/2)1.identify potential risks to the organizationnprobabilitynconsequences/impact2.understand the function of risk reduction/mitigation within the organization3
5、.identify outside expertise required4.identify exposures7the professionals role (2/2)1.identify risk reduction/mitigation alternatives2.confirm with management to determine acceptable risk levels3.document and present findings8the planning processnobjective nidentify existing risks and threats that
6、the organization is exposed to and recommend sageguradsnsome key tasksn analyze business risk exposuresnperform risk mitigationnsome key deliverablesn high probability events and exposuresna list of controls and safeguardsproject planningrisk assessment & analysis9what is risk assessment?nprocess of
7、 identifying the risks to an organizationnassesses the critical functions necessary for an organization to continue business operationsna function of risk reduction/mitigationndefines the controls in place to reduce organization exposurenevaluates the cost for such controlsnoften involves an evaluat
8、ion of the probabilities of a particular event occurring.10why conduct a risk assessment?nthe purpose of a risk assessment is to nprioritize planning and resource allocationnidentify and mitigate exposuresnidentify the threats, risk, and vulnerabilities in the “disaster chain”11risk assessment objec
9、tivesnunderstand loss potentialsn threatsn risksn probabilityn vulnerabilityn impacts12risk assessment objectivesndetermine vulnerability to potential lossnprimary threatsnselect vulnerabilities most likely to occur13risk assessment objectivesnidentify existing controls and recommend additional cont
10、rolsnevaluate the effectiveness of controls and safeguardsnidentify possible exposures14cause and effect relationshipthreatvulnerabilityriskcauseprobabilityeffectassets15role of risk assessmentnidentifies what plans need to be developednfocuses on the outcomes of failures, as well as considering the
11、 causesnrelates primarily to provision of support servicesnused to identify mitigating actionsnto increase the resilience of service provisionnto facilitate rapid and effective response to any failure16benefits of a risk assessmentnthe results serve as the basis for cost savings through avoidancenju
12、dicious use of finite resources for risk mitigationncan eliminate major downtime events17approach to data collectionexternal continentcountryregioncommunityneighborhood internalindustryplantbuildingfloorprocesswork area18approach to data collectionninterviews, questionnaires, & workshop sessionsndoc
13、umentation/infrastructure reviewnobservationncorporate documentsnsupply chain informationndata repositories19information sourcesnexternaln international standardsl iso,bsi,rims*nfema nnational weathernfederal/state climatologynstate/county/city emergency managersnstate/local police & fir
14、enlocal groupsl brpa,acp,bcpncommunity public worksinternal corporate management staff engineering deptcontractors insurance brokers engineering/design firms architectural firms contractors/vendors 20categories of threatsnnatural or acts of naturenman-made n politicaln technologicaln infrastructure2
15、1identify risk eventslow probability high severitymedium probability medium severitymedium probability high severityfirewhole building firefire limited to one floorfire in basement mailroom22identify risk event probabilitylowless than once every 25 years“this could happen, but it would be a freak ev
16、ent” mediumonce every 5 to 25 years“i saw something similar in the papers recently”“i know someone this happened to”highmore than once every 5 years“i remember the last time this happened”23risk analysisnclassify risk & threatsn under organizations controln beyond organizations controln with prior w
17、arningsn with no prior warningsnstatement of risk: quantitative & qualitativenevaluate impact of risks and threats on critical business functions24risk analysis & exposure estimationrisk-levelmatriximpactlow(10)medium(50)high(100)high(1.0)low101.0=10medium501.0=50high1001.0=100medium(0.5)low100.5=5m
18、edium500.5=25medium1000.5=50low(0.1)low100.1=1low 500.5=5low1000.1=10threat likelihoodrisk scale: high =51 to 100 medium = 11 to 50 low =1 to 1025identify risk event impactlow medium highavailabilityperiodic reduction in serviceintermittent total loss of service, or serious reduction in serviceno se
19、rvice available at alldurationservice disruption for less than 0.5 daysservice disruption for between 0.5 and 3 daysservice disruption for more than 3daysspreadimpacts a number of individualsimpacts one business functionimpacts many business functions26assess the potential impactsloss of customer se
20、rvicefire in basement computer roomloss of functionloss of work in progress27definition of controlnprocess, device or procedure that:n deters a threat from occurringn mitigates impact of a threatn reduces effect, but cannot always prevent occurrence28types of controlsnphysical controlsn fire suppres
21、sion/sprinkler systemsn access control systemsn security guardsnprocedural controlsn hiring and termination policiesn clean desk policyn document receipting29identifying controlsnidentify controls and safeguards to prevent and/ or mitigate the effect of the loss potentialn security protectionl physi
22、cal protectionl physical presencenlogical protectionl information backup and protectionl information securitynlocation of assets l preventative maintenancel personnel /kids/games1/htm30recommend additional controlsnevaluate impact of risks and exposures on factors essential for conduction business operationsneliminating threat is not possiblenselect controls with highest paybackninclude cost of control and maintenancenprepare cost-benefit analysisnpresent results to senior management31layers of
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2026年119消防知识竞赛题库附含参考答案
- 2026蒙自市森邦人力资源有限责任公司实验室技术辅助人员(化学类)招聘5人备考题库及完整答案详解【夺冠系列】
- 2026杭州淳安县县域医共体招聘紧缺专业人才17人模拟试卷及参考答案详解【夺分金卷】
- 2026浙江杭州市西湖小学教育集团诚聘小学科学、心理教师(非事业)笔试题库附答案详解【培优B卷】
- 2026江苏南京航空航天大学金城学院招聘 (后勤保卫处)笔试题库(网校专用)附答案详解
- 2026湖北孝感市教育系统招聘教师230人备考题库含答案详解【综合卷】
- 2026江苏泰州医药高新区(高港区)人才发展中心校园招聘高层次人才20人备考题库带答案详解(典型题)
- 2026广东江门市台山市漫途禾畔有院酒店有限公司招聘2人参考题库附答案详解(预热题)
- 2026年甘肃省张掖市直事业单位引进高层次人才11人(第二批)模拟试卷带答案详解(夺分金卷)
- 2026湖南郴州市宜章县引进高层次医疗卫生人才13人参考题库完整附答案详解
- 2026年大连市城市建设投资集团有限公司招聘41人笔试参考题库及答案详解
- 实证资产定价-present
- 2026内蒙古呼伦贝尔鄂温克族自治旗伊敏河军粮供应有限责任公司招聘工作人员3人笔试备考试题及答案详解
- 2025广西河池市小微企业融资担保有限责任公司公开招聘3人笔试历年参考题库附带答案详解
- 2026年高考北京卷理综化学含解析及答案
- 2025年乡村振兴背景下动物疫病防控体系建设
- 期末综合模拟卷(试卷)2025-2026学年三年级数学下册人教版(含答案)
- 2026年22届深圳中考试卷及答案
- 2025年广东省深圳市初二学业水平地理生物会考真题试卷(+答案)
- 人机协同智能制造生产线分析报告
- 数据库应用技术-003-国开机考复习资料
评论
0/150
提交评论