Flashcards in Concepts and Terms Deck (36):
Products, processes, and/or personnel that are critical to the organization's operations.
What is the central feature of the risk analysis process?
Assets may be categorized as _____________ and _____________.
Tangible and intangible
Examples include: facilities, hardware, software, supplies, documentation, personnel, reputation, and morale
The projected loss (in dollars) that one can expect to lose in a year as result of emergencies
Annual Loss Exposure
Plan that includes measures to keep an organization in operation in the face of emergency and may include procedures that involve the temporary or permanent relocation of personnel and/or functions
Business Continuity (BC) and Continuity of Operations (COOP)
Integral part of the business continuity planning process (COOP). Used to identify critical functions, to assess the impact of a disaster or other emergency on those functions over time, to determine the other elements of the business on which those critical functions depend, and to help develop and prioritize recovery strategies.
Business Impact Analysis (BIA)
The process of developing the capability to offset the effects of business disruption.
Business Recovery Planning
The process involves arranging alternatives for critical business functions and planning for business or service survival.
Business Recovery Planning.
Four-pronged process developed and applied at the state and local government level and has been applied to business continuity.
Comprehensive Emergency Management (CEM)
The four elements of Comprehensive Emergency Management (CEM) are:
The undesirable result of a threat's action against the asset, which results in measurable loss to the organization.
A wide variety of events that cause significant disruption to the normal activities of an organization as a whole.
A planned, systematic response that permits an organization to continue making its products or providing its services during an emergency.
Allows the organization to capitalize on the expertise of personnel from various disciplines who plan for and manage the situation.
Location from which the emergency response can be directed.
Emergency Operations Center (EOC)
Planning considerations that must be in place for a company to effectively response to and manage an emergency event.
A command and control mechanism used by many public safety agencies.
Incident Command System (ICS)
Incident Command Systems (ICS) normally consists of six primary elements:
A measure of the probability of a loss-causing event
Likelihood of Occurrence
Actions involving lasting, often permanent, reduction of exposure to, probability of, or potential loss from hazard events
Actions taken before an event to plan, organize, equip, train, and exercise in order to deal with emergencies that cannot be avoided or entirely mitigated.
Involves near-term and long-term actions taken to return the organization to a pre-emergency level of operation or, in some cases, to a new level of operation.
May include implementation of continuity of operation or business resumption plans, activation of emergency relocation sites, and reconstitution or restoration at the original location or a new permanent location.
Entails the implementation of the emergency plan to deal with the short-term effects of the event.
May include incident identification, emergency notification, activation and deployment of emergency teams, and evacuation of personnel.
The potential for causing losses due to the presence of a threat and vulnerability.
Derived from the analysis of the threat and corresponding vulnerabilities along with the probability of their interaction.
A procedure used to estimate potential losses that could result from variuos vulnerabilities and the damage from the action of certain threats
Identifies both the critical assets that must be protected and the environment in which these assets are located.
The disclosure of high probability vulnerabilities.
Physical controls, mechanisms, policies and procedures designed to protect assets from threats
A person, thing, event or idea that poses some danger to an asset.
May compromise the confidentiality, integrity, or availability of an asset by exploiting vulnerabilities or weaknesses in safeguards system.
Actions of a threat
Weaknesses in the safeguards system, or the absence of safeguards.