Beruflich Dokumente
Kultur Dokumente
Presented by :
Introduction to Risk Assessment and Business Impact Analysis CD1
Introducing
Timetable : Day 1
Time Session
09:00 09:15 Section 0 : Introduction & Timetable
09:15 10:15 Section 1 : Introduction to Business Continuity Management
System
10:15 10:30 Tea & Coffee Break
10.30 12:30 Section 2 : Business Impact Analysis
Timetable : Day 2
Time Session
09:00 10:15 Section 4 : Risk Assesment
10:15 10:30 Tea & Coffee Break
10:30 12:30 Section 4 : Risk Assement exercise
Course objectives
Introduction to
1 Business Continuity
Management System
What is BCM ?
What is BCM ?
BCM Lifecycle
Exercise 1.1
Business Impact
2 Analsyis
Criticallity
8 hr Vital
24 hr Critical
3 day Essential
5 day Important
10 day Non Critical
30 day Deferrable
Impact vs Time
Incident
MTPoD vs RTO
Invocation Lead Time
Investigatio
Incidient n process Decision Recovery Process
Normal Catch up Normal
reporting (Damage making (RTO)
process assessment process
)
Disruption
Maximum Tolerable Period of Disruption (MTPoD)
Exercise 2.2
Continuity Recovery
3 Requirement
Analysis
Necessary Resources
Exercise 3.1
4 Risk Assessment
Risk assessment
Risk identification
Communication Monitor
and and
Consultation Risk analysis Review
Risk evaluation
Risk treatment
Risk assessment
Risk identification
all significant threats potentially affecting the critical
activities are identified
understand the vulnerabilities of critical activities and
supporting resources
the risks are owned
T T
T R RR
Ctrl
T
V V
Asset
T V V
Ctrl Ctrl
RR RR T
Exercise 4.1
Likelihood
Risk assessment
Risk analysis
with varying degrees of detail depending upon the risk,
the purpose of the analysis, and the information, data
and resources available
qualitative or quantitative, or a combination of these.
an iterative process, being repeated as more data
become available.
reviewed and revised risk could be split or aggregated
Risk assessment
Risk evaluation
categorized and prioritized
compare levels of risk with the risk appetite
Risk Control
Manage and reducing the Risk by controlling the threat
and vulnerability
Substitute object which harmless
Eliminate risk
Engineering control Security System, Back up, Gen Set
Procedural control
Risk treatment
Avoid risk
Cannot influence and/or manage
Too costly
Seek risk
Desirable potential consequence
Pursue an opportunity
Modify risk
Optimize potential opportunities
Minimize threats
Changing likelihood and consequences
Transfer risk
Risk sharing insurance, partnership
Outsource
Retain risk
Acceptable residual risk
Exceed threshold but too costly
Exercise 4.3
Exercise 4.4
Exercise 5.1
Q&A