Proper oversight of customer and proprietary information requires mechanisms that assure a thorough understanding of Assets, Threat types, Hazards and risk environment. A Risk Assessment is a key step in identifying vulnerabilities in the current environment and validating mitigating controls in place needed to lessen or defer impacts brought about by a disruption of operations. The process includes:
Identifying threats against the following major assets:
- Loss of Facilities
- Loss of Personnel
- Loss of IT Infrastructure
- Loss of Critical Records
Educating Recovery Team Leaders on the possible threats to their business unit’s critical functions.
The Risk Assessment survey will be used to gather and document risk information by Asset, Threat and Hazard from each organizational unit area. Each detail page of the Risk Assessment Survey will describe:
- The ‘Asset’ (such as Facility, Personnel, etc.)
- The potential Threats to the asset (such as Natural disasters, Human-caused events, etc.)
- A potential Hazard Item (such as Fire, Flood, Hacker intrusion, etc.)
For each Asset and Threat type, we will document risk response level information for each of the potential Hazard items listed.
- Probability of Occurrence (Likelihood the threat will materialize)
- Loss Impact (Direct impact due to the loss of the function)
- Consequence (Downstream losses as a result of the realized threat)
- Exposure (the passive, inherent factors contributing to vulnerability)
- Level of Control (the active, controllable variables to offset vulnerability, e.g. – the new Fire Suppression system increases the level of control for vulnerabilities due to Fire Hazards.)
Adjusted Loss Expectency (ALE) – The ALE represents the Loss Potential to be realized after considering the probability of occurrence and vulnerability (potential exposure less mitigating factors).
The outcome includes a Threat Analysis Report detailing the risk score of each critical function under review and a Risk Matrix Summary.
For more information about Risk Assessment services please contact: Info@ParadigmSI.com or 8005589568, Ext. 300