Effective Techniques for Risk Measurement. Agenda
|
|
- Blaze Black
- 3 years ago
- Views:
From this document you will learn the answers to the following questions:
What does each impact category determine the credibility of?
What is the Technique # 4?
What does the Overview of the Approach do about the effect on critical resources?
Transcription
1 Effective Techniques for Risk Measurement Steven Ross Executive Principal Risk Masters, Inc. Agenda The Failure of Current Techniques A Fresh Approach to Risk Measurement The Theory Behind the Techniques A Practical Example
2 The Failure of Current Techniques Measuring and Managing Risk It is axiomatic that If it can t be measured, it can t be managed And yet, standard techniques for continuity risk management do not address risk measurement Risk Management is an aspect of many disciplines Finance Insurance Military Enterprise Risk Management In Business Continuity Management we fall back on the simplistic classic formula
3 The Classic Formula Risk = Impact Probability, where Impact = Expected cost per incident Probability = Expected number of incidents/time (usually one year) The classic formula deals with exposure, not risk Annualized loss expectancy from predictable causes Risk is the measure of the uncertainty of loss Failure of the Classic Formula We do not know what the impact of rare events will be Therefore, we fall back on worst case But the worst case is only one of many outcomes of a given incident The rate of occurrence of catastrophic events is unknowable Thus differentiated probability is meaningless How many airplanes have ever flown into buildings? Tsunamis that killed hundreds of thousands? No matter the number of occurrences, it might happen today
4 Failure of the Classic Formula, continued Thus, Risk = Impact Probability is the product of the unknown and the unknowable! No wonder the classic formula fails As a result, we get useless risk assessments that tell us that Tornadoes are a risk in Kansas Ice storms are not a risk in Miami Unmitigated risks are the greatest of all Electromagnetic pulse Animal or insect infestation And yet all the major standards are based on the classic formula What the Standards Say BS Risk is an average effect by summing the combined effect of each possible consequence weighted by the associated likelihood of each consequence ISO Risk estimation [is the] process to assign values to the probability and consequences of a risk NFPA 1600 Risk assessment categorize[s] threats, hazards, or perils by both their relative frequency and severity
5 And Do Not Say None of them even mention risk measurement None address the underlying rationale for Multiplication of impact and probability Limiting risk to only impact and probability Towards a New Formula Risk = ʄ (impact, probability)
6 Towards a New Formula Risk = ʄ (impact, probability, credibility, resources, scale, duration, mean time to repair, mean time to recurrence ) And many other factors that Can be described but not quantified Attract differing viewpoints as to values and weighting A Fresh Approach to Risk Measurement
7 Overview of the Approach Measure the effect on critical resources, not the threats to them Categorize the impacts Scale the categories Determine the credibility of each level of risk Consider frequency of occurrence In each step, there are variables to consider for each risk being measured Availability of people, premises, information, networks, raw materials Destruction, inaccessibility, unavailability, unusability, incapacity Total loss, significant damage, moderate damage, minimal damage Credible or not credible Examples of risks that would not fit into the classic formula Office facilities VOIP telephony Loss of all Not credible that intact but not if the Internet is personnel vs. all personnel are accessible down loss of a few lost but credible people to lose some Often, occasionally, rare Bad weather often, terrorism rarely Technique #1 Focus on Resources Measure the effect on critical resources, not the threats to them The set of causes is infinite and unknowable The set of resources is finite and known, e.g., Working premises Human resources Data Equipment Information systems Voice and data networks Raw materials Thus the measurement of risk is the consequential effect of disruption of these resources
8 Technique #2 - Categorization Destruction (the resource no longer exists) Consider the smoking hole Inaccessibility (the resource exists but we cannot get to it) Consider offices on the fiftieth floor when the elevator does not work Unavailability (the resource exists but is rendered inoperable) Consider hacks that stop Internet web sites Unusability (the resource exists but it is malfunctioning) Consider a VOIP telephone systems if Internet connectivity is lost Incapacity (the resource exists and functions as expected, but not at a sufficient level) This usually occurs at a gradual pace, but consider a computer virus that slows a network to a crawl Technique #2 Categorization, continued There are other categories that might apply in specific circumstances Not all categories apply to all resources Unusable people?
9 Technique #3 - Scale Each of the impact categories might occur at different levels, e.g., Total loss (i.e., worst case) Most of the resource affected Some of the resource affected Unit damage Inconsequential effect Each of these presents its own distinct risk profile Technique #4 - Credibility Some risks exist but need not be taken seriously, in context If a risk is credible, then some response is required If only risk acceptance The test of credibility is entirely subjective, based on the perspective of the observer Multiple observers might provide a better measurement Fuzzy but correct sets of data points are better than precisely wrong ones
10 Technique #5 - Frequency Related to, but not the same as, probability Enables the distinction between high frequency-low impact and low frequency-high impact events Fuzzy terminology is helpful in distinguishing levels of risk, e.g. Routine Frequent Sometimes Rare Never The Theory Behind the Techniques
11 Risk is Not an Absolute Risk measurement depends on Who is doing the measuring What is at risk To what degree of accuracy Within which bounds Let s do an experiment! Accuracy and Precision The goal of risk measurement should be accuracy, forsaking precision Fuzzy mathematics enables this A methodology for systematically handling concepts that embody imprecision and vagueness
12 Fuzzy Sets and Systems The mathematics of fuzzy set theory was originated by L. A. Zadeh in 1965 Fuzziness describes objects or processes that are not amenable to precise definition or precise measurement Fuzzy systems Processes that are too complex to be modeled by using conventional mathematical methods Vaguely defined and have some uncertainty in their description The uncertainty and fuzziness arising from interrelated humanistic types of phenomena such as Subjectivity Thinking Reasoning Cognition Perception Fuzzy Sets and Systems Fuzziness in thinking and reasoning processes is an asset since it makes it possible to convey a large amount of information with a very few words Uncertainty characterized by structures that lack sharp (well-defined) boundaries A modeling link between the human reasoning process, which is vague, and computers, which accept only precise data
13 An Example of Fuzziness Conventionally, we might say that temperature is an absolute (e.g., 20 o, 30 o 100 o ) But we do not perceive temperature that way Rather as very cold, cold, moderate, hot, etc. The determination of the temperature is subjective, with varying degrees of certainty An Example of Fuzziness, continued Temp. in Farenheit Very cold Cold Cool Moderate Warm Hot Brain baking Note that all the rows add up to 1 (or 100%)
14 An Example of Fuzziness, continued Similarly, we do not experience risk in a discrete manner In real life (e.g., buying property insurance) we consider Extent of loss (total loss, partial damage) Types of incidents (fire, flood, earthquake) Resources protected (jewelry, furs) We rarely consider probability An Example of Fuzziness, continued Risk Category Total Loss Most Some Individual Units Inconsequential Destruction Inaccessibility Unavailability Unusability Incapacity We have introduced confidence in place of probability The high value points to the consensus measure of risk Values may be attributed by a single analyst or by a panel Important that the panel members have a roughly equivalent degree of expertise And that there is consistency in the definition of terms
15 A New Formula It is important that all values in a set add up to 1 Thereby assuring the completeness of the fuzzy set Risk = ʄ 0,1 destruction, inaccessibility, unavailability, unusability, incapacity Put another way, adding confidence to one fuzzy description of risk takes away from the others A Practical Example
16 The Context Company has a data center in an office park or campus The company Backs up data daily and stores if off-site Has a recovery hot site Has a diverse network What is the risk of an incident affecting its data center? Resources and Categories Resources Equipment Data Network People Risk Categories Destruction Fire Fire Examples of potential causes Fire Earthquake Inaccessibility Campus incident Not applicable Campus incident Campus incident Unavailability Hacking, virus Software failure CO failure Pandemic Unusability Maintenance error Maintenance error Internet failure Not applicable Incapacity Maintenance error Maintenance error Internet overload Strike Outside the data center Note that the examples are indications of credibility, not systematic statements of threats or hazards
17 Scaling and Credibility Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Equipment Destruction Credible Credible Credible Not credible Not credible Inaccessibility Credible Credible Credible Not credible Not credible Unavailability Credible Credible Credible Credible Not credible Unusability Credible Credible Credible Credible Not credible Incapacity Credible Credible Credible Credible Not credible Data Destruction Not credible Not credible Credible Credible Credible Inaccessibility Credible Not credible Credible Credible Not credible Unavailability Credible Credible Credible Credible Credible Network Destruction Not credible Not credible Not credible Credible Credible Inaccessibility Credible Credible Credible Credible Credible Unavailability Credible Credible Credible Credible Credible Unusability Credible Credible Credible Credible Not credible Incapacity Credible Credible Credible Credible Credible People Destruction Not credible Not credible Credible Credible Does not apply Inaccessibility Not credible Credible Credible Credible Does not apply Unavailability Credible Credible Credible Credible Credible Scaling and Credibility Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Not credible because backed Equipment Destruction Credible Credible Credible Not credible Not credible Inaccessibility Credible Credible Credible up data would Not credible not be totally Not credible lost Unavailability Credible Credible Credible Credible Not credible Unusability Credible Credible Credible Credible Not credible Incapacity Credible Credible Credible Credible Not credible Data Destruction Not credible Not credible Credible Credible Credible Inaccessibility Credible Not credible Credible Credible Not credible Unavailability Credible Credible Credible Credible Credible Network Destruction Not credible Not credible Not credible Credible Credible Inaccessibility Credible Credible Credible Credible Credible Unavailability Credible Credible Credible Credible Credible Unusability Credible Credible Credible Credible Not credible Incapacity Credible Credible Credible Credible Credible People Destruction Not credible Not credible Credible Credible Does not apply Inaccessibility Not credible Credible Credible Credible Does not apply Unavailability Credible Credible Credible Credible Credible
18 Scaling and Credibility Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Equipment Destruction Credible Credible Credible Not credible Not credible Inaccessibility Credible Credible Credible Not credible Not credible Unavailability Credible Credible Credible Credible Not credible Unusability Credible Credible Credible Credible Not credible Incapacity Credible Credible Credible Credible Not credible Data Destruction Not credible Not credible Credible Credible Credible Inaccessibility Credible Not credible Credible Credible Not credible Unavailability Credible Credible Credible Credible Credible Network Destruction Not credible Not credible Not credible Credible Credible Inaccessibility Credible Credible Credible Credible Credible Unavailability Credible Credible Credible Credible Unusability Credible Unusability Credibleand Incapacity Credible do Credible Not credible Incapacity Credible not Credible apply to people Credible Credible Credible People Destruction Not credible Not credible Credible Credible Does not apply Inaccessibility Not credible Credible Credible Credible Does not apply Unavailability Credible Credible Credible Credible Credible Scaling and Credibility Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Hard to see an inconsequential Equipment Destruction Credible Credible Credible Not credible Not credible Inaccessibility Credible impact Credible on equipment Credible Not credible Not credible Unavailability Credible Credible Credible Credible Not credible Unusability Credible Credible Credible Credible Not credible Incapacity Credible Credible Credible Credible Not credible Data Destruction Not credible Not credible Credible Credible Credible Inaccessibility Credible Not credible Credible Credible Not credible Unavailability Credible Credible Credible Credible Credible Network Destruction Not credible Not credible Not credible Credible Credible Inaccessibility Credible Credible Credible Credible Credible Unavailability Credible Credible Credible Credible Credible Unusability Credible Credible Credible Credible Not credible Incapacity Credible Credible Credible Credible Credible People Destruction Not credible Not credible Credible Credible Does not apply Inaccessibility Not credible Credible Credible Credible Does not apply Unavailability Credible Credible Credible Credible Credible
19 Frequency Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Equipment Destruction Rare Rare Infrequent Not credible Not credible Inaccessibility Rare Rare Rare Not credible Not credible Unavailability Rare Rare Infrequent Infrequent Not credible Unusability Rare Rare Sometimes Sometimes Not credible Incapacity Rare Rare Infrequent Sometimes Not credible Data Destruction Not credible Not credible Infrequent Frequent Frequent Inaccessibility Rare Not credible Sometimes Sometimes Not credible Unavailability Rare Rare Rare Frequent Frequent Network Destruction Not credible Not credible Not credible Rare Rare Inaccessibility Rare Rare Sometimes Frequent Frequent Unavailability Rare Rare Sometimes Sometimes Frequent Unusability Infrequent Infrequent Infrequent Sometimes Not credible Incapacity Rare Rare Infrequent Infrequent Frequent People Destruction Not credible Not credible Rare Infrequent Does not apply Inaccessibility Not credible Rare Infrequent Infrequent Does not apply Unavailability Rare Rare Sometimes Frequent Does not apply Frequency Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Equipment Destruction Rare Rare Infrequent Not credible Not credible Inaccessibility Rare Rare Rare Not credible Not credible Unavailability Rare Rare Infrequent Infrequent Not credible Unusability Rare Rare Sometimes Sometimes Not credible Incapacity Rare Rare Infrequent Sometimes Not credible Data Destruction Not credible Not credible Infrequent Frequent Frequent Inaccessibility Rare Not credible Sometimes Sometimes Not credible Unavailability Rare Rare Rare Frequent Frequent Network Destruction Not credible Risk Factors Not credible Not credible Risk RareScales Rare Inaccessibility Rare Sometimes Frequent Frequent Unavailability RareResource Category Rare Total Sometimes Most Sometimes Some Individual UnitsInconsequential Frequent Unusability Infrequent Infrequent Infrequent Sometimes Not credible Equipment Inaccessibility Incapacity Rare Rare Infrequent Infrequent Frequent People Destruction Not credible Not credible Rare Infrequent Does not apply Inaccessibility Not credible Rare Infrequent Infrequent Does not apply Unavailability Rare Rare Sometimes Frequent Does not apply Not surprisingly, those risk factors with the greatest impact are those that are often the rarest
20 Frequency Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Equipment Destruction Rare Rare Infrequent Not credible Not credible Inaccessibility Rare Rare Rare Not credible Not credible Unavailability Rare Rare Infrequent Infrequent Not credible Unusability Rare Rare Sometimes Sometimes Not credible Incapacity Rare Rare Infrequent Sometimes Not credible Data Destruction Not credible Not credible Infrequent Frequent Frequent Inaccessibility Rare Not credible Sometimes Sometimes Not credible Unavailability Rare Rare Rare Frequent Frequent Network Destruction Not credible Not credible Not credible Rare Rare Inaccessibility Rare Rare Sometimes Frequent Frequent Unavailability Rare Rare Sometimes Sometimes Frequent Unusability Infrequent Infrequent Infrequent Sometimes Not credible Incapacity Rare Rare Infrequent Infrequent Frequent People Destruction Not credible Not credible Rare Infrequent Does not apply Inaccessibility Not credible Rare Infrequent Infrequent Does not apply Unavailability Rare Rare Sometimes Frequent Does not apply Not surprisingly, those risk factors with the greatest impact are those that are often the rarest Frequency Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Equipment Destruction Rare Rare Infrequent Not credible Not credible Inaccessibility Rare Rare Rare Not credible Not credible Unavailability Rare Rare Infrequent Infrequent Not credible Unusability Rare Rare Sometimes Sometimes Not credible Incapacity Rare Rare Infrequent Sometimes Not credible Data Destruction Not credible Risk Not Factors credible Infrequent Frequent Risk Scales Frequent Inaccessibility Rare Not credible Sometimes Sometimes Not credible Unavailability Rare Rare Rare Frequent Frequent Incapacity Does not People apply Does Unavailability not apply Does not apply Does not apply Does not apply Network Destruction Not credible Not credible Not credible Rare Rare Inaccessibility Rare Rare Sometimes Frequent Frequent Unavailability Rare Rare Sometimes Sometimes Frequent Unusability Infrequent Infrequent Infrequent Sometimes Not credible Incapacity Rare Rare Infrequent Infrequent Frequent People Destruction Not credible Not credible Rare Infrequent Does not apply Inaccessibility Not credible Rare Infrequent Infrequent Does not apply Unavailability Rare Rare Sometimes Frequent Does not apply Resource Category Total Most Some Individual Units Inconsequential But some less impactful events may pose the greatest overall risk
21 Frequency Risk Factors Risk Scales Resource Category Total Most Some Individual Units Inconsequential Equipment Destruction Rare Rare Infrequent Not credible Not credible Inaccessibility Rare Rare Rare Not credible Not credible Unavailability Rare Rare Infrequent Infrequent Not credible Unusability Rare Rare Sometimes Sometimes Not credible Incapacity Rare Rare Infrequent Sometimes Not credible Data Destruction Not credible Not credible Infrequent Frequent Frequent Inaccessibility Rare Not credible Sometimes Sometimes Not credible Unavailability Rare Rare Rare Frequent Frequent Network Destruction Not credible Not credible Not credible Rare Rare Inaccessibility Rare Rare Sometimes Frequent Frequent Unavailability Rare Rare Sometimes Sometimes Frequent Unusability Infrequent Infrequent Infrequent Sometimes Not credible Incapacity Rare Rare Infrequent Infrequent Frequent People Destruction Not credible Not credible Rare Infrequent Does not apply Inaccessibility Not credible Rare Infrequent Infrequent Does not apply Unavailability Rare Rare Sometimes Frequent Does not apply But some less impactful events may pose the greatest overall risk Impact and Ranking Risk Factors Impact Resource Category Catastrophic Significant Some Minor Inconsequential Equipment Destruction Inaccessibility Unavailability Unusability Incapacity Data Destruction Inaccessibility Unavailability Network Destruction Inaccessibility Unavailability Unusability Incapacity People Destruction Inaccessibility Unavailability This is an example of a risk assessment derived from fuzzy risk measurement What does this tell us? Insufficient recoverability established for Company s data center and equipment After that, their worst cases are inaccessibility and unavailability, not destruction of other resources
22 Thank You What you don t know is far more important than what you do know Nassim Nicholas Taleb, The Black Swan
An Empirical Assessment of IT Disaster Risk
An Empirical Assessment of IT Disaster Risk William Lewis, Jr., Richard T. Watson, and Ann Pickren Disasters have historically been associated with catastrophic events such as floods, fires, hurricanes,
More informationComputer Security Lecture 13
Computer Security Lecture 13 Risk Analysis Erland Jonsson (based on material from Lawrie Brown) Department of Computer Science and Engineering Chalmers University of Technology Sweden Security Management
More informationDisaster Recovery Planning Process
Disaster Recovery Planning Process By Geoffrey H. Wold Part I of III This is the first of a three-part series that describes the planning process related to disaster recovery. Based on the various considerations
More informationBusiness Continuity Planning Guide
Business Continuity Planning Guide For Small Businesses Prepared by the City of Vaughan Emergency Planning Department 1 Business Continuity Planning Business Continuity Planning (BCP) is a planning process
More informationNatural Disasters & Assessing Hazards and Risk. Natural Hazards and Natural Disasters
Page 1 of 9 EENS 3050 Tulane University Natural Disasters Prof. Stephen A. Nelson Natural Disasters & Assessing Hazards and Risk This page last updated on 19-Aug-2014 Natural Hazards and Natural Disasters
More informationSCHEDULE 25. Business Continuity
SCHEDULE 25 Business Continuity 1. Scope 1.1 This schedule covers TfL s requirements in respect of: any circumstance or event which renders, or which TfL considers likely to render, it necessary or desirable
More informationDisaster Recovery Plan Checklist
Disaster Recovery Plan Checklist Your guide for setting up or updating a Disaster Recovery Plan for your business. ArcSource Disaster Recovery Plan Checklist 1. Compile Your Internal Contacts Information
More informationStatewide Disaster Recovery Coordinator Meeting. October 31, 2012
Statewide Disaster Recovery Coordinator Meeting October 31, 2012 Meeting Agenda ----- Topics ----- Opening Remarks and Introductions 10 minutes Short Subjects: Program Update 15 minutes Disaster Recovery
More informationITMF Disaster Recovery and Business Continuity Committee Report for the UGA IT Master Plan
ITMF Disaster Recovery and Business Continuity Committee Report for the UGA IT Master Plan I. Executive Summary Planning for continued operation during unforeseen catastrophic events, and for returning
More informationCRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE
1 CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE Gavin McLintock P.Eng. CISSP PCIP 2 METCALFE POWER STATION 16 April 2013 Sophisticated physical attack 27 Days outage $15.4 million
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationSensitivity of an Environmental Risk Ranking System
Sensitivity of an Environmental Risk Ranking System SUMMARY Robert B. Hutchison and Howard H. Witt ANSTO Safety and Reliability CERES is a simple PC tool to rank environmental risks and to assess the cost-benefit
More informationConstructing a successful business continuity plan
Constructing a successful business continuity plan By Alan Berman Alan Berman Being prepared is the cornerstone of having a business continuity plan regardless of the size of a company. Ultimately, getting
More informationSCHEDULE 25. Business Continuity
SCHEDULE 25 Business Continuity 1. Scope 1.1 This schedule covers TfL s requirements in respect of: any circumstance or event which renders, or is likely (in TfL s absolute discretion (subject to paragraph
More informationPhase A Aleutian Islands Risk Assessment. Options and Recommended Risk Matrix Approach. April 27, 2010
Phase A Aleutian Islands Risk Assessment Options and Recommended Risk Matrix Approach April 27, 2010 Agenda for Risk Matrix Discussion Introductions Where we are in AIRA Phase A Risk Matrix Background
More informationRisk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology
Risk Management and Internal Audit Specialized Training Course Audit Risk Assessment Methodology May 20, 2015 Internal FR 2 Risk and Risk Assessment Defined Risk Institute of Internal Auditors (IIA) The
More informationBusiness Continuity and the Cloud. Aaron Shaver US Signal, Solution Architect
Business Continuity and the Cloud Aaron Shaver US Signal, Solution Architect Overview What is BC/DR? Why should businesses have a strategy? Why do many business choose not to? How does the cloud change
More informationComputer Security course
Computer Security course Risk Analysis Erland Jonsson (based on material from Lawrie Brown) Department of Computer Science and Engineering Chalmers University of Technology Sweden Security Management Overview
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationBusiness Continuity Management
Annex A Business Continuity Management Programme Business Continuity Management Policy 1. Introduction This Business Continuity Management (BCM) Policy defines the scope of the SPCB s ability to maintain
More informationBusiness Impact Analysis (BIA) and Risk Mitigation
Texas Emergency Management Conference 2015 Business Impact Analysis (BIA) and Risk Mitigation Alan Sowell, COOP Unit Supervisor Paul Morado, COOP Unit Planner BIA Implementation Process BIA Private Sector
More informationRisk Management approach for Cultural Heritage Projects Based on Project Management Body of Knowledge
1 Extreme Heritage, 2007 Australia, 19-21 July 2007, James Cook University, Cairns, Australia Theme 6: Heritage disasters and risk preparedness approach for Cultural Heritage Projects Based on Project
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationSELECTING A COMPETENT FIRE RISK ASSESSOR
SELECTING A COMPETENT FIRE RISK ASSESS by a representative of the IFE Fire Risk Assessors' and Auditors' Register Professional Review Panel Introduction Previous speakers have identified, and examined,
More informationSTANDARD. Risk Assessment. Supply Chain Risk Management: A Compilation of Best Practices
A S I S I N T E R N A T I O N A L Supply Chain Risk Management: Risk Assessment A Compilation of Best Practices ANSI/ASIS/RIMS SCRM.1-2014 RA.1-2015 STANDARD The worldwide leader in security standards
More informationStatement of. before the. Committee on Homeland Security Subcommittee on Oversight and Management Efficiency U.S. House of Representatives
Statement of Judson M. Freed Director, Emergency Management and Homeland Security Ramsey County, Minnesota on behalf of the National Association of Counties before the Committee on Homeland Security Subcommittee
More informationFairfield Public Schools
Mathematics Fairfield Public Schools AP Statistics AP Statistics BOE Approved 04/08/2014 1 AP STATISTICS Critical Areas of Focus AP Statistics is a rigorous course that offers advanced students an opportunity
More informationA Guide to Hazard Identification and Risk Assessment for Public Health Units. Public Health Emergency Preparedness Protocol
A Guide to Hazard Identification and Risk Assessment for Public Health Units Public Health Emergency Preparedness Protocol Emergency Management Unit Public Health Division Ministry of Health and Long-Term
More informationThe Strategic National Risk Assessment in Support of PPD 8: A Comprehensive Risk-Based Approach toward a Secure and Resilient Nation
The Strategic National Risk Assessment in Support of PPD 8: A Comprehensive Risk-Based Approach toward a Secure and Resilient Nation Overview The Strategic National Risk Assessment (SNRA) was executed
More informationDISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS
Appendix L DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS I. GETTING READY A. Obtain written commitment from top management of support for contingency planning objectives. B. Assemble
More informationHAZARD VULNERABILITY & RISK ASSESSMENT
Hazard Vulnerability Analysis Purpose and Scope A Hazard Vulnerability Analysis (HVA) evaluates risk associated with a specific hazard. During this analysis, the hazard is evaluated for its probability
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationTESTIMONY JACQUES E. DUBOIS CHAIRMAN AND CEO, SWISS RE AMERICA HOLDING ON BEHALF OF SWISS RE BEFORE
TESTIMONY OF JACQUES E. DUBOIS CHAIRMAN AND CEO, SWISS RE AMERICA HOLDING ON BEHALF OF SWISS RE BEFORE THE UNITED STATES SENATE COMMITTEE ON BANKING, HOUSING AND URBAN AFFAIRS OVERSIGHT OF THE TERRORISM
More informationDisaster Recovery Plan (DRP) / Business Continuity Plan (BCP)
Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite
More informationBusiness Interruption Insurance
So! You have suffered a financial loss, have you..? And you think it is covered by your Business Interruption insurance policy? This article introduces you to Business Interruption (BI) insurance and the
More informationIntroduction to Business Continuity Planning. PCDC Introduction. Objectives. MPCA Series on Business Continuity Planning
Introduction to Business Continuity Planning MPCA Series on Business Continuity Planning Joan Thomas, MPA, ABPC, MEP Primary Care Development Corporation April 28, 2010 PCDC Introduction Public Private
More informationToronto Public Library Disaster Recovery recommended safeguards and controls
BCE Security Solutions Restricted Attachment 1 Toronto Public Library Disaster Recovery recommended safeguards and controls Final Prepared by: Bell Security Solutions Inc. Professional Services 333 Preston
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationPREPARING YOUR BUSINESS FOR THE EVERYDAY DISASTERS. White Paper by Donna R. Childs
PREPARING YOUR BUSINESS FOR THE EVERYDAY DISASTERS White Paper by Donna R. Childs On May 30, the 2009 hurricane season begins and while forecasters expect an ordinary level of storm activity this year,
More informationContingency planning. DAU Marts 2013
ning DAU Marts 2013 Agenda Introduction Process definition Activation and notification Recovery Reconstruction Evaluation Examples Do and Don t Why bother? Information provided by information technology
More informationIntegration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand
Integration of Risk Management and Internal Audit Chartered Institute of Management Accountants, New Zealand Contents Understanding the three lines of defense governance model What is Risk? Risk Management
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationPROPERTY INSURANCE: RISK QUALITY ASSESSMENT
PROPERTY INSURANCE: RISK QUALITY ASSESSMENT Stuart Kenyon BEng (Hons) C.Eng C.Sci MIChemE Elciem Ltd What makes a company a good insurance risk, and how can the insured reduce their insurance premiums?
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More informationPower Problems? Let Us Know!
Power Problems? Let Us Know! Power Problems? Contact Us! by phone: 1-800-75-CONED, 1-800-752-6633 through the Web: www.coned.com If you have power problems, please contact us right away Con Edison is committed
More informationRisk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC
Annex 1 TITLE VERSION Version 2 Risk Management Strategy and Policy SUMMARY The policy provides the framework for the management and control of risk within the GOC DATE CREATED January 2013 REVIEW DATE
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBuilding the business case for continuity and resiliency
Global Technology Services Research Analysis Risk Management Building the business case for continuity and resiliency The economics of IT risk and reputation and their importance to business continuity
More informationThe challenge, of course, is that no two family s objectives will be the same. However, a potential hierarchy of objectives might be as follows:
The growth of the wealth management sector over the last 20 years has been fuelled by the promise to clients of a new, holistic and strategic approach. At the heart of the proposition is more intelligent
More informationAirmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market
REPORT Airmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market 1. Executive summary Increasingly complex supply chains, together with greater
More informationfor Human Service Providers Scott Ellis Scott Elliott Erin Sember-Chase 1
for Human Service Providers Scott Ellis Scott Elliott Erin Sember-Chase 1 Goal The purpose of this webinar is to increase awareness and knowledge about the need for disaster/emergency continuity planning
More informationMCII. Rethinking the role of Insurance: Driving transformation in the context of climate change related loss and damage
MCII Rethinking the role of Insurance: Driving transformation in the context of climate change related loss and damage Dr. Koko Warner, Executive Director hosted at UNU-EHS Session IV: Implications of
More informationHow To Manage A Financial Institution
BUSINESS CONTINUITY MANAGEMENT GUIDELINE April 2010 Table of Contents Preamble...3 Introduction...4 Scope...5 Coming into effect and updating...6 1. Continuity and resumption of business...7 2. Sound and
More informationValidation and Calibration. Definitions and Terminology
Validation and Calibration Definitions and Terminology ACCEPTANCE CRITERIA: The specifications and acceptance/rejection criteria, such as acceptable quality level and unacceptable quality level, with an
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationPROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management
PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE This Framework has been developed in support of both the Business Continuity and Crisis Management Policy and the Emergency and Fire Evacuation
More informationImplementing and Auditing a Successful Business Continuity Plan
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI ing and Auditing a Successful Plan Agenda Introductions Training Overview and Objectives
More informationAPICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES
APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS ABOUT THIS REPORT This report examines the role that supply chain risk management plays in organizations
More information32 Contingencies MAR/APR.06
32 Contingencies MAR/APR.06 New Catastrophe Models for Hard Times B Y P A T R I C I A G R O S S I A N D H O W A R D K U N R E U T H E R Driven by the increasing frequency and severity of natural disasters
More informationRisk - Based Inspection Frequencies
Risk - Based Inspection Frequencies Glenn A. Washer, PhD University of Missouri Columbia, MO April 23, 2013 Northwest Bridge Inspector s Conference 1 NCHRP 12-82 Developing Reliability Based Bridge Inspection
More informationInteractive-Network Disaster Recovery
Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,
More informationBUSINESS CONTINUITY PLANNING GUIDELINES
BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business
More informationStorms Assessment LESSON
LESSON 8 Storms Assessment What will happen to the helix above a hot lamp? TERRY G. McCREA/SMITHSONIAN INSTITUTION INTRODUCTION You have now completed Storms, the first part of Catastrophic Events. After
More informationDevelopment of An Analysis Tool For Performing Civil Aviation Security Risk Assessment
Development of An Analysis Tool For Performing Civil Aviation Security Risk Assessment Allan R. Hunt AKELA, Inc. 5276 Hollister Avenue, Suite 263 Santa Barbara, CA 93111 Karl F. Kellerman FAA Office of
More informationDescriptive Statistics and Measurement Scales
Descriptive Statistics 1 Descriptive Statistics and Measurement Scales Descriptive statistics are used to describe the basic features of the data in a study. They provide simple summaries about the sample
More informationGovernment Degree on the Safety of Nuclear Power Plants 717/2013
Translation from Finnish. Legally binding only in Finnish and Swedish. Ministry of Employment and the Economy, Finland Government Degree on the Safety of Nuclear Power Plants 717/2013 Chapter 1 Scope and
More informationClimate Change: A Local Focus on a Global Issue Newfoundland and Labrador Curriculum Links 2010-2011
Climate Change: A Local Focus on a Global Issue Newfoundland and Labrador Curriculum Links 2010-2011 HEALTH Kindergarten: Grade 1: Grade 2: Know that litter can spoil the environment. Grade 3: Grade 4:
More informationClovis Municipal School District Information Technology (IT) Disaster Recovery Plan
Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information
More informationBusiness Continuity Planning (BCP) & Disaster Recovery Planning (DRP).
Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP). Ed Fortin President Fortin Consulting Paul Godden Consultant & Quotation Author Friday 24 th February 2012 Business Continuity Planning
More informationContinuity Planning and Disaster Recovery
Responsible Officer: AVP - Information Technology Services & UC Chief Information Officer Responsible Office: IT - Information Technology Services Issuance Date: 7/27/2007 Effective Date: 7/27/2007 Scope:
More informationDisaster Recovery & Business Continuity. James Adamson Library Systems Office
Disaster Recovery & Business Continuity James Adamson Library Systems Office Library Management Information Data Services Financial Procurement Cataloging Inventory/searching Circulation Central Library
More informationHOW TO CREATE A VITAL RECORDS PROTECTION PLAN. New York State Unified Court System Division of Court Operations Office of Records Management
HOW TO CREATE A VITAL RECORDS PROTECTION PLAN New York State Unified Court System Division of Court Operations Office of Records Management June 2003 TABLE OF CONTENTS Purpose of a Vital Records Protection
More informationFORMULATING YOUR BUSINESS CONTINUITY PLAN
WHITE PAPER Page 0 Planning for the Worst Case Scenario: FORMULATING YOUR BUSINESS CONTINUITY PLAN 9 Wing Drive Cedar Knolls, NJ 07927 www.nac.net Page 1 Table of Contents Overview... 2 What is Disaster
More informationBETTENDORF PUBLIC LIBRARY INFORMATION CENTER EMERGENCY RESPONSE AND FACILITY CLOSURE POLICY
BETTENDORF PUBLIC LIBRARY INFORMATION CENTER EMERGENCY RESPONSE AND FACILITY CLOSURE POLICY PURPOSE This policy serves to provide guidelines for staff and patrons to be used in response to an event or
More informationInsurance & Risk Management Update: November 2011
Insurance & Risk Management Update: November 2011 Jeffrey A. Lind, CPCU, CIC Clark Insurance November 17, 2011 Topics Current state of the insurance marketplace Property & Liability Flood Risk Hurricane
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationBusiness Continuity Glossary
Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;
More information2008-2009 2008-2009 TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY
2008-2009 The Second Annual Trends in Business Continuity and Crisis Communications Survey has been completed with over 700 participants from a wide range of industries and organizational sizes. The Disaster
More informationChapter 5 RISK MANAGEMENT ANALYSIS CHAPTER 5 RISK MANAGEMENT ANALYSIS PAGE 49
Chapter 5 RISK MANAGEMENT ANALYSIS CHAPTER 5 RISK MANAGEMENT ANALYSIS PAGE 49 This page intentionally left blank. PAGE 50 MINNESOTA GO MNDOT TRANSPORTATION ASSET MANAGEMENT PLAN RISK MANAGEMENT ANALYSIS
More informationWhite Paper Business Continuity and the Role of Communication
White Paper Business Continuity and the Role of Communication Matthes Derdack discusses new perspectives on business critical events that should influence the way we look at business continuity planning.
More informationEnsure Absolute Protection with Our Backup and Data Recovery Services. ds-inc.com (609) 655 1707
Ensure Absolute Protection with Our Backup and Data Recovery Services ds-inc.com (609) 655 1707 Ensure Absolute Protection with Our Backup and Data Recovery Services STAY PROTECTED WITH OUR BACKUP AND
More informationMål og mening med risikoanalyser Noen refleksjoner
Mål og mening med risikoanalyser Noen refleksjoner Terje Aven University of Stavanger, Norway ESRA 10. Mai 2012 K P Third party risk Neighbours Process plant Hydrocarbon releases, explosions LNG plant
More informationNew Zealand Society for Earthquake Engineering. Saturday 11 April 2015 Rotorua
New Zealand Society for Earthquake Engineering Saturday 11 April 2015 Rotorua Annual Likelihood National Severe weather Hazard Risks 10 % Once a decade 1 % Once a century Large rural flood Major transport
More informationCornell University PREVENTION AND MITIGATION PLAN
Cornell University PREVENTION AND MITIGATION PLAN Table of Contents Table of Contents Section 1 Prevention-Mitigation Introduction...2 Section 2 Risk Assessment...2 2.1 Risk Assessment Components...2 2.2
More informationHank Christen 02/09/01. The DMAT Safety Officer By Hank Christen, Fl-1 DMAT
Hank Christen 02/09/01 The DMAT Safety Officer By Hank Christen, Fl-1 DMAT Introduction: The DMAT Safety Officer is a member of the Command Staff, and is directly supervised by the DMAT Unit Commander
More informationCyber Security: Guidelines for Backing Up Information. A Non-Technical Guide
Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:
More informationWHY DO I NEED DATA PROTECTION SERVICES?
WHY DO I NEED DATA PROTECTION SERVICES? Data processing operations have evolved with breathtaking speed over the past few years, expanding from very large mainframe operations to small business networks.
More informationLinguistic Preference Modeling: Foundation Models and New Trends. Extended Abstract
Linguistic Preference Modeling: Foundation Models and New Trends F. Herrera, E. Herrera-Viedma Dept. of Computer Science and Artificial Intelligence University of Granada, 18071 - Granada, Spain e-mail:
More information9. Position No. K0040766
DA 281-2 Rev. 4-13 State of Kansas - Department of Administration OFFICE OF PERSONNEL SERVICES Position Description Read each heading carefully before proceeding. Make statements simple, brief, and complete.
More informationDISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late)
DISASTER RECOVERY 101 3 Steps You Need to Take (Before It s Too Late) Introduction... 4 Disaster Recovery vs. Business Continuity... 4 Why You Need to Read this ebook... 5 Chapter 1: The Risks (aka, The
More informationLocal Government Cyber Security:
Local Government Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Elected Officials Administrative Officials Business Managers Multi-State Information Sharing and
More informationOPERATIONAL RISK MANAGEMENT B130786 STUDENT HANDOUT
UNITED STATES MARINE CORPS THE BASIC SCHOOL MARINE CORPS TRAINING COMMAND CAMP BARRETT, VIRGINIA 22134-5019 OPERATIONAL RISK MANAGEMENT B130786 STUDENT HANDOUT Basic Officer Course (ORM) Introduction Importance
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More informationMgmt 301 Managers as Decision Makers. Exploring Management. [Nathan Neale]
Mgmt 301 Managers as Decision Makers Exploring Management [Nathan Neale] Slide # 1 Slide Title: WSU Online Title Slide [piano introduction] Slide #2 Slide Title: Chapter 4 Managers as Decisions Makers
More information