DEVELOPING A RISK ANALYSIS. What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying.

Slides:



Advertisements
Similar presentations
IT Service Continuity Management
Advertisements

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
Service Design – Section 4.5 Service Continuity Management.
TMS-RA04-A-01-02Page 1 of 20 The Risk Assessment Process.
Managing Claims for Psychological Injury Presented by: Greg Larkin Melanie Pickering.
INTRODUCTION AS (3.3) Apply business knowledge to address a complex problem in a given global business context.
BRC Storage & Distribution Safety and Quality Management System Training Guide
Disasters How to Plan Ahead to Minimize Damage Before, During, and After Disaster Strikes.
Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.
Disaster Prevention and Recovery Presented By: Sean Snodgrass and Theodore Smith.
Factors to be taken into account when designing ICT Security Policies
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Data Protection Act. Lesson Objectives To understand the data protection act.
Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.
Protecting ICT Systems
Crisis Management How would you ‘cope’?. What disasters could your house face?
Information Security Management BS 7799 now ISO 17799:2000 Paul M Kane nic.AC wwTLD Meeting Argentina April 2005.
Disaster Planning and Security Policies. Threats to data DeliberateTerrorism Criminal vandalism/sabotage White collar crime Accidental Floods and fire,
Disaster Recovery Strategies & criteria for evaluation of information management strategies.
Human Resources Crisis Management and Contingency Management HL ONLY.
WMD & Emergency Planning Steps Session 12. Emergency Planning Steps Vulnerability Assessment Mitigation Efforts Emergency Response Planning Recovery.
HAZARDS AN DISASTERS HUMAN RESPONSE. Responses to the risk of hazard events – adjustments before Discuss the usefulness of assessing risk before deciding.
 FFC backs up all of its data each day. It stores its most recent daily backup once a week at a company owned offsite location. FFC also stores the most.
Crisis management - planning and action Contingency planning: Organizations' prepare contingency plans in recognition of the fact that things do go wrong.
MODULE SIX. AIM To understand the causes and spread of infection and be able to apply the principles of infection prevention and control.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Engin Ali ARTAN Industrial Engineering
Chapter 15: Risk Management
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
SECURITY CONSULTING /DISASTER RECOVERY SERVICE The “Must Have Plans” for a Business in the World of Tomorrow.
Alaa Mubaied Risk Management Alaa Mubaied
BAER and the Resource Advisor Or, why are we still here 2 months after the fire was put out?
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Bailey Ryan.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
2.8 Crisis Management and Contigency Planning Chapter 17.
A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.
Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,
1 /13 Risk Management What is Risk ?. 2 /13 Risk Management What is Risk ? Risk is the possibility of suffering loss. (Carnegie Mellon SEI definition)
RISK MANAGEMENT FOR COMMUNITY EVENTS. Today’s Session Risk Management – why is it important? Risk Management and Risk Assessment concepts Steps in the.
Risk Assessment and Risk Management James Taylor COSC 316 Spring 2008.
2007 Office of Risk Management Annual Conference 2007 David M. Shapiro Disaster Planning & Recovery Consultants
Contingency planning. Contingency planning is the process of preparing an organisation for unexpected or unwanted events.
Welcome to the ICT Department Unit 3_5 Security Policies.
CompTIA Security+ Study Guide (SY0-401)
Unit 12 Strategy in Action Professor John Tribe
Risk Assessments.
2.8 Crisis Management and Contigency Planning
Starter Task One: Complete the gapped worksheet, identifying which description matches the correct key word. Task Two: Briefly answer the questions outlined.
Unit 7 – Organisational Systems Security
Community buildings in a changing landscape
Disaster Recovery Plan
Planning and Security Policies
Unit 4 – Impact of the use of IT on Business Systems
Learning Objectives TOPIC: Topic 2: Human Resources
Business Continuity Planning
DATA LOSS PREVENTION Mr. Collins Oduor.
Developing and testing the Plan
COMPANY NAME Business Continuity Plan Date Presented by.
Risk parameters (consequence)
LO3 Review mechanisms to control organisational IT security
Risk Management Marketing I
Risk Title/Description
Chapter 14 Risk and resilience.
Presentation transcript:

DEVELOPING A RISK ANALYSIS

What is a risk analysis? A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying the preventative measures that can be taken and then applying controls to minimise the risk.

What needs to be taken into account when producing a risk analysis? You need to identify potential risks Understand the likelihood of risk occurring What are the short and long term consequences of threat How well equipped are you to deal with the threat

Identifying potential risks e.g. viruses / fire / natural damage / hacking / systems failure / fraud, etc

Likelihood of risk occurring some things such as power cut are inevitable but explosions much less likely - senior managers have to assess the likelihood of each risk occurring and put in the necessary security

Short and long term consequences of threat resources (staff equipment, etc) need to be directed towards recovering the data / may have to pay compensation / financial loss due to loss of business through not being able to take orders / embarrassment/ prosecution / loss of integrity / bankruptcy / cost of replacing equipment

How well equipped is the company to deal with the threat has to be reviewed periodically because of changing needs - disaster recovery program – backup strategy

Exam Questions Describe in detail two of the factors an organisation needs to consider when producing a risk analysis (4) A Bank is very dependent on its ICT system for its administration. The Bank is undertaking a risk analysis. Describe in detail two of the factors the bank should take into account when deciding how much to spend to control and minimize the risk to data. (2x2) Other than how well the company is equipped to deal with the risk, describe in detail three of the factors an organisation needs to consider when producing a risk analysis (6)