IS09-RM and BCP - Risk Management and Business Business...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
Risk Management and Business Continuity Planning Pintu R Shah
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
In this unit. . • Risk analysis • Various terminologies associated with risk management • Risk assessment techniques anaging risk Pintu R Shah MPSTME SVKM's NMiMS • Managing risk • Steps for risk management • Business impact analysis • Various terminologies associated with BIA • Different types of continuity planning, testing and revising the plan
Background image of page 2
Introduction Risk is defined as the effect of uncertainty on objectives (whether positive or negative). • CMU’s SEI defines continuous risk management as, processes, methods and tools for managing risks in a project. It provides a disciplined environment for pro active decision making to Pintu R Shah MPSTME SVKM's NMiMS – Assess continuously what could go wrong – Determine which risk are important to deal with – Implement strategies to deal with those risks • Risk management is the process of identifying vulnerabilities and threats to an organization’s resources and assets and deciding what countermeasures, if any, to take to reduce the level of risk to an acceptable level based on the value of the asset to an organization.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Risk analysis • To effectively identify and deal with the many threats facing their systems, security 'professionals must perform several distinct actions, as follows: etermine which of an organization's assets are most Pintu R Shah MPSTME SVKM's NMiMS – Determine which of an organization's assets are most valuable. – Identify any risks to those assets. – Determine how likely each risk is to occur. – Take some action to manage the risk. • Collectively, these actions are referred to as the risk analysis process.
Background image of page 4
Identifying and Valuing Assets • The first step in the risk analysis process is to identify the information assets in your organization (hardware, software, and data) and place values on them. You may choose from several valuation methods. Some of the more common techniques include the following: Replacement cost valuation puts a dollar value on an asset Pintu R Shah MPSTME SVKM's NMiMS corresponding to the cost the organization would incur if the asset had to be replaced at market prices. Original cost valuation uses the original purchase price of an asset as that asset's value. Depreciated valuation techniques use the original cost less some allowance for the deterioration in value of the asset since the time it was purchased. Qualitative valuation techniques don't use dollar values but rather assign priorities to assets based upon their value to the organization.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Identifying and Assessing Risks After you identify and value your assets, the next step is to identify the risks facing those assets. Some key risk assessment terms: – A vulnerability is a weakness in a system that may be exploited to
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/04/2011 for the course IT 100 taught by Professor Rickdas during the Spring '11 term at University of Mumbai.

Page1 / 25

IS09-RM and BCP - Risk Management and Business Business...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online