Business Continuity and Disaster Recovery - Risk Analysis and Control

In the risk evaluation phase, there are a number of key areas that must be covered. One of the most important is to understand probable threats. In an ideal world, which most of us have noticed does not exist, we would identify and protect ourselves against all threats to ensure that our business continues to survive. Obviously, we are constrained by other factors such as budgets, time and priorities and need to apply cost benefit analysis to ensure we are protecting the most critical business functions.

A second important step is to identify all probable threats and prioritize them. Threats, typically, can be classified in several ways such as internal/external, man-made/natural, primary/secondary, accidental/intentional, controllable/not controllable, warning/no warning, frequency, duration, speed of onset etc. While classifying threats is helpful in terms of understanding their characteristics and potential controls, grouping and understanding by business impact is also important. Obviously, the same impact can result from a number of different threats.

Identifying mission critical business processes and systems is another fundamental building block of the business continuity plan. After your critical business processes and systems and probable threats are established, the next step is to identify vulnerabilities and loss potential. This requires an extensive scan of the organization to identify vulnerabilities and then analysis to understand those vulnerabilities which would have the greatest impact on your critical business processes and the organization. This starts to clarify and quantify potential losses, which helps to establish priorities.

Following the identification of the most probable threats and vulnerabilities, an analysis of existing controls is needed. This spans physical security as well as people, processes, data, communications and asset protection. Some controls such as physical security and data backup are obvious. Other controls required are often less obvious, but they can be identified through the risk evaluation process.

Once the key building blocks of critical business functions, most probable threats, vulnerabilities and controls are identified, the next stage is to develop an understanding of the probability of threats factored by the severity or impact of the threats. This leads to the business impact analysis phase which establishes priorities for protection.

The goal is to minimize threats, impacts and downtime and to mitigate any losses. Fundamentally, the goal is to protect your people, protect your data, protect your vital communications, protect your assets and to protect your brand and reputation. Overall, of course, the goal is to ensure your business continues to operate and to do it in a cost-effective way meeting standards of reasonable and prudent judgment.

About The Author

Robert Mahood has significant technology and management experience in data communications, internet, storage, disaster recovery and data recovery. He is currently the president of Midwest Data Recovery. www.midwestdatarecovery.com

bmahood@midwestdatarecovery.com, 312 907 2100 or 866 786 2595

Related News

data recovery - The Australian Times (satire) data recovery The Australian Times (satire), Australia -Oct 8, 2008 Looking for Data recovery? Search over 15000 sites with one click. Your source for everything under the sun! Looking for Data recovery? ... Kroll Ontrack extends service for Oracle-based enterprises - Continuity Central (press release) Kroll Ontrack extends service for Oracle-based enterprises Continuity Central (press release), UK -23 hours ago Ontrack Data Recovery from Kroll Ontrack has launched a new expert resource enabling the recovery of data from Oracle systems. ... Keeping Systems Up and Running: The Vital Tools - MarketWatch Keeping Systems Up and Running: The Vital Tools MarketWatch -Oct 9, 2008 Real-time data recovery: This is a new category that fills in the gap in data protection in between backups. A common source of data loss is files ... CALLTELE Delivers Voice and Data Disaster Recovery Solutions 24/7/365 - ClickPress (press release) CALLTELE Delivers Voice and Data Disaster Recovery Solutions 24/7/365 ClickPress (press release), UK -Oct 7, 2008 They provide clients with Voice and Data Disaster Recovery Solutions that are a significant facet of emergency preparedness for business. ... Media Recovery Changes Name to DataSpan - MarketWatch Media Recovery Changes Name to DataSpan MarketWatch -14 hours ago The new name and identity realign the company's position as a leader in data storage products and services, with more than 35 years of experience and ... Data Recovery: When Does "Gone" Really Mean "Gone" - MarketWatch Data Recovery: When Does "Gone" Really Mean "Gone" MarketWatch -Oct 1, 2008 Amidst all of the panic and emotion an accidental deletion can bring is an essential question: When is "gone" really "gone" and when is data recovery... Data Recovery: When Does "Gone" Really Mean "Gone"International Business Times USB Drives Pose Security Threat: Erase Their Sensitive Data With ...MarketWatch all 11 news articles Dell Simplifies Disk-Based Backup and Recovery with Integrated ... - MarketWatch Earthtimes (press release) Dell Simplifies Disk-Based Backup and Recovery with Integrated ... MarketWatch -Oct 8, 2008 Data management capabilities including data de-duplication, distributed protection for disaster recovery, synthetic full backups, and file and E-mail ... Backing up Virtual Machines and Windows Server '08enterpriser.in Dell Releases Automated D2D Data Protection SolutionIDM.net.au Symantec Joins Hands With Dell To Deliver Innovative Backup ...RTT News Search Storage - MarketWatch all 53 news articles NEF Case Study - Hospital - TMCnet NEF Case Study - Hospital TMCnet -11 hours ago The hospital had three priorities that had to be met high-speed, efficient data recovery and network reliability. In addition, these provisions had to be ... SQL Server How To: Transaction Log Maintenance for Painless Data ... - Enterprise IT Planet SQL Server How To: Transaction Log Maintenance for Painless Data... Enterprise IT Planet, CT -Oct 7, 2008 Perhaps more important than performance is the transaction log's role in data recovery. Thanks to the transaction log, you can recover changes right up to ... Clinical Data Utilizing the DRX9000(TM) Will Be Presented at the ... - MarketWatch Clinical Data Utilizing the DRX9000(TM) Will Be Presented at the ... MarketWatch -12 hours ago Non-treatment or control groups were not included making efficacy outcome versus placebo or spontaneous recovery difficult to determine. ...