In risk assessment, potential risks to an organization are listed and then evaluated both for the likelihood of occurrence and the impact to the organization. Once you have identified and evaluated the risks, the next step is to develop a plan of action to address those risks in order of priority. Analyze your selected organization for risks and vulnerabilities. This assignment is comprised of two components: Complete the Risk and Vulnerability Analysis Worksheet: Begin by listing all potential threats to your organization and to the community or state at large that could impact your organization. Review the Threat Identification document for a list of questions to consider when determining your threats. Determine the probability of the threat. This is a subjective consideration, but it is useful nonetheless. Use a simple scale of 1 to 5 with 1 as the lowest probability and 5 as the highest. Evaluate the impact of the threats on several components of the organization. Again, use a scale of 1 to 5 with 1 as the lowest impact and 5 as the highest. Consider the potential: Human Impact—consider the possibility of death or injury. Business Impact—consider the possibility of a business interruption, such as employees and customers being unable to reach the facility or the imposition of fines, penalties, or legal costs. Property Impact—consider the costs to temporarily replace, to repair, and to fully replace. Assess your resources and ability to respond. Use the same 1 to 5 scale; however, in this scenario, 1 indicates most of the resources are available (low risk) and 5 indicates a lack of resources (high risk). Consider the following types of resources: Internal Resources—Does the organization have the resources and capabilities needed to respond? External Resources—Will external resources be able to respond as quickly as the organization may need them, or will they have other priority areas to serve? Total the probability, impact, and resources to determine which threats should be the focus of your business continuity plan. A higher score indicates the highest impact and risk to the organization. Write a Risk Impact Analysis paper. Describe the process used to analyze the threats to the organization. Bring in research and best practices in business continuity planning to support your process. Using the threats you listed on the Risk and Vulnerability Analysis Worksheet, determine the five highest priority threats that merit further evaluation and risk reduction. Describe and prioritize the high-priority threats. Explain how these threats impact the organization. Identify possible ways to mitigate the impact of the identified threat on the organization.
Threat Identification
The threats
How the threats are detected
Ever since the September 11, 2001 terrorist attacks, businesses have had to critically rethink on the level of adequacy of their disaster recovery arrangements in relation to their business continuity plans as noted by Lam (2002,p.19). The September 11, 2001 tragedy effectively highlighted the importance for organizations to continue with their commercial operations even under the most exceptional of circumstance. My business which has a considerable e-commerce operation is particularly vulnerable to the IT related threats. It is therefore crucial that these threats be identified and eliminated or mitigated before they result to loss of revenue.
In my business, I face several threats. However, the ones that I consider most dominant are technology threats and information threats. These threats can cause a major disruption to the to business continuity planning (BCP) cycle. Technology threats include natural disasters like fire and flooding, system failure, network failure, virus attack as well as network and system flooding (Distributed denial of service attack-DDoS attack ). Information threats on the other hand include hacking incidents, theft, fabrication, fraud, misuse, fire as well as natural disasters. These are factors which can lead to information loss, unauthorized access as well as alteration of information.
In our organization, a worse case scenario analysis indicates that system failure and information hacking are the most common threats that can effectively cripple the operation of the organization.
The threats
Business threat 1: System failure
This is a threat to business continuity that affects technology as a resource.
Failure scenario1: Failure affecting some servers with a repair time of between 1 to 2 days.
The business continuity strategy to avert such a system failure
In order to ensure that operations continue in our organization, there is a need for a third party maintenance and support agreement to be signed with a reliable company. There is also a need to have an emergency third-party support agreement that involves an on-site response within the shortest time possible. There is also a need for our business to have redundant servers on standby.
Failure Scenario 2: Failure affecting all serves with a repair time of several days or weeks
The business continuity strategy to avert such a system failure
In order to ensure that operations continue in our organization when all servers have failed, there is a need to have a secondary/disaster recovery site to be used for the redirection of internet traffic. The disadvantage of this approach is that it is expensive and requires the replication of the infrastructure.
Business threat 2: Information hacking
This is a business threat that targets information as a resource.
Failure scenario 1: Typical hacking incident involving attackers compromising a given serves and then disrupting applications and processes.
The business continuity strategy to avert such a system failure
Have a ready support to conduct the cleaning of the computers system, restore applications as well as process on the server (this strategy is relatively cheap).The company can also have redundant servers on standby.
Failure scenario 1: Worst case scenario involving the compromising of a server by attackers as well as the removing as well as alteration of highly sensitive data.
The business continuity strategy to avert such a system failure
You’re 80% through this paper. Sign up to read the full paper.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.