up

2020-01-21 - Impact and Risk

I realized this morning that I did the wrong chapter in preparation :(

• Business Impact Analysis
• Evaluating Risk

Team Content Notes

• Open CPA2
• Share notes / reflections
• Create a file called Content Notes
• Make note of anything that will be useful to your BCP

Types of Risk

• External
• Facility-wide
• Data system risk
  • SPoF
• Departmental Risks
  • Like a fire in payroll

Risk = Impact * Probability

BIA case-study

• Disaster
  • Any event that interrupts a critical business function
• Business Interruption
  • Something that disrupts the normal flow of Business Operations
• Risk
  • The potential for something to occur

Risk Layers

• Layer 1 - External
  • Floods, earthquakes,
  • Disrupts customers and suppliers
• Layer 2 - Risks to your local facility
  • Services like electricity
• Layer 3 - Data systems
  • Servers and such
• Layer 4 - Individual Department
  • Everyone in the department gets the flu
  • Jim brings his dog into the office
• Layer 5 - Risks to the individual desk / work area
  • Hard drive failure
  • Jims dog knocks over your coffee

Likelyhood

• 0 - no chance at all.
• 1 to 3 - little chance
• 4 to 6 - nominal chance
• 7 to 9 - very likely
• 10 - This will happen

Impact

• 0 - no impact at all
• 1 to 3 - inconvenient to some people or departments
• 4 to 6 - significant loss of service to some people or departments
• 7 to 9 - loss of a mission-critical service
• 10 - Golden Parachute Scenario

Cost of Mitigation

• 10 - little to no cost
• 7 to 9 - cost can be approved by a supervisor
• 4 to 6 - cost requires department head
• 1 to 3 - Senior management approval required
• 0 - you can’t afford it.

Class Activity - Risk Analysis