Risk Analysis And Review Flashcards
Define risk
Potential loss exposure due to a threat, causing disruptions to business operations and preventing them from achieving minimum business continuity objective.
Define risk analysis
- subset of risk assessment
* process to identify risks, define controls to reduce exposure and evaluate cost for controls.
Explain and provide examples of threats
An indication or warning of man made or natural situation that causes disruption to an organization’s operations or services.
Threats consist of natural phenomena (I.e. Earthquake and tornadoes) and man made incidents (I.e. Terrorism and power failures)
What are the four risk treatments?
Risk transference, risk reduction, risk acceptance and risk avoidance
Define control
Action, procedure or operation undertaken to increase likelihood that activities, policies and procedures can contain risk.
Describe and give control measures for RISK AVOIDANCE
Makes an informed decision not to become involved in or to withdraw from a risk situation.
Control measures:
• change process
• move location
• takeover supplier or customer
Describe and give control measures for RISK REDUCTION
Take appropriate actions to lessen probability, negative consequences or both.
Control measures:
• Security protection - physical protection
• logical protection - info backup and protection, info security
• procedurals protection - develop procedures to reduce operator error
Define and give control measures for RISK TRANSFERENCE
Passing of responsibility to another party through legislation, contract, insurance or other means.
Control measures: • outsource • insurance • penalty clauses • service level agreements
Define and give examples of RISK ACCEPTANCE
Make informed decision to accept probability and impact of risk.
Examples: inherent risks, unlikely events, beyond control
Key disaster scenario
- address multiple threats
- provides bc team with perspective of magnitude of disaster
- based on list of threats identified