In disaster recovery (DR) planning, once you've completed a business impact analysis (BIA), the next step is to perform a risk assessment.
The risk assessment should be able to help you identify events that could adversely impact your organization. To get started with a risk assessment, begin by identifying the most critical business processes from the business impact analysis. An excellent document to assist you in preparing a risk assessment comes from the National Institute for Standards and Technology (NIST). The risk analysis involves risk identification, assessing the likelihood of the event occurring, and defining the severity of the event's consequences. The sequence in which these measures are implemented depends to a large extent upon the results of the risk assessment. Once the risks have been identified, you'll want to identify the potential effects, symptoms and consequences resulting from the event. Quantitative methods, which assign a numeric value to the risk, usually require access to reliable statistics to project the future likelihood of risk.


Once all relevant risks have been analyzed and assigned a qualitative category, you can then examine strategies to deal with only the highest risks, or you can address all risk categories. Read our guide on how to prepare a risk assessment, and then download our free risk assessment template. The BIA helps identify the most critical business processes and describes the potential impact of a disruption to those processes, and a risk assessment identifies internal and external situations that could negatively impact the critical processes. Read our guide, and then download our free risk assessment template, which is available as a Word doc or PDF. The document is Special Publication 800-30, Risk Management Guide for Information Technology Systems. It may also be useful to conduct a vulnerability assessment, which helps identify situations in which the organization may be putting itself at increased risk by not performing certain activities.
This will depend on management's risk appetite, which is their willingness to deal appropriately with risks. The risk assessment will also help you determine what steps, if properly implemented, could reduce the severity of the event.


An example may be the increased risk of virus attacks by not using the most current antivirus software. The strategies you define for risks can next be used to help design business continuity and disaster recovery strategies. Use our risk analysis template to list and organize potential threats to your organization. Finally, the risk analysis results are summarized in a report to management, with recommended mitigation activities. In our risk analysis template, you will find columns that allow you to assign qualitative terms to each of the risks to your organization.
Regardless of the methodology, the results should map to the critical business processes identified in the business impact analysis, and can help define strategies for responding to the identified risks.



U.s. department of homeland security citizenship and immigration services
Homeland security emergency kit


Comments

  1. 17.05.2015 at 22:21:32


    And see what you networks, cordless phones.

    Author: BBB
  2. 17.05.2015 at 12:29:33


    Massive mother quite fast type circumstances, but not for bag - for a particular person.

    Author: TITANIC