Page 84 - Cyber Warnings
P. 84
But the problem of having multiple back-up capabilities – is cost and the fact that the staff
might get confused with having to tackle various substitute back-up facilities/equipment and
services.
All this makes it mandatory to keep your defined BC/DR related SOPs updated and
complete.
BCP phases
Planning and Risk Assessment Phase
In this phase all the pertinent information is gathered for use in the Business Impact
Analysis.
The information gathering is done through management interviews, documentation review,
observing the selected processes being performed, conducting follow-up enquiries to
determine the scope of the risks and the corresponding impacts
Risk Assessment Template
Description of Impact Risk Management Residual Risk(s)
Risk Action(s)
Risk Assessment includes enlisting the major categories of risks (with the primary deciding
factor being the criticality of the disruption) as follows -
1. Human Resource disruption/loss
2. Legal sanctions and regulatory breach
3. Financial loss and cash flow disruption
4. Loss of facilities
5. Technology/Systems loss
6. Supply chain interruption
7. Violations of the defined SLAs
8. Reputation damage
9. Loss of customer goodwill
10. Outage imposed on business partners and clients (because your business’
unavailability affects your client’s ability to deliver their upstream services or even
their survival)
84 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
