• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,225
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
54
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • BCM Institute Leading global Business Continuity (BC) & Disaster Recovery (D R) Institute. Established in 2005. Offers a wide range of quality BC and DR courses. Certified over 1,250 professionals from 36 countries.
  • This table is a guide on the severity of the impact caused by the threat that occurred.

Transcript

  • 1. Welcome
  • 2. Navigating Through Uncertainties of Risk
    Dr Goh Moh Heng
    PhD BCCE DRCE BCCLA
    President
    2
  • 3. BCM Institute
    Started in January 2005.
    Provide competency based BC-DR training to all levels.
    Certify BC-DR professionals globally.
    Started Certification programme in April 2007.
    More than 1500 professionals from 850 organizations and 40 countries.
  • 4. Professional Certification
    Business Continuity
    IT Disaster
    Recovery
    BCM Audit
    Membership
  • 5. Business Continuity Management or Risk Management? Aligning Expectations for Business Strategies
    Dr. Goh Moh Heng PhD BCCE DRCE BCCLAPresident, BCM Institute and Managing Director, GMH Continuity Architects
  • 6. Agenda
    BC Planning Methodology
    Risk Analysis and Review
    Risk Assessment Process
    Step-by-stepAchieving Certification
  • 7. BCM Planning Methodology
    Source:
    Goh, Moh Heng (2008): Analyzing and Review the Risk for Business Continuity Planning ISBN: 978-981-05-9215-8
  • 8. Risk Analysis & Review
  • 9. Identify Assets & Threats
    • Identify Organisational Assets
    • 10. Identify Threats
  • Identify Organisational Assets
    Assets essential to carry out mission
    Examples:
    Facilities
    People
    Data
    Software
    Applications
    Equipment
  • 11. Identify Threats
    Man-Made
    Toxic and radioactive contamination
    Sabotage (both external and internal)
    Riot, civil disorder and coup
    Fraud and embezzlement
    Accidental explosion (on and offsite)
    Water leak and plumbing failure
    Workplace violence
    Terrorism
    Aircraft crash
    Vandalism
    Arson
    Physical asset theft
    Misuse of resources
    Building and physical security weakness
    Fire
    Natural
    Tornado (wind storm)
    Thunderstorm and hail storm
    Lightning and electrical storm
    Snow and winter ice storm
    Typhoon and hurricane
    Flood and other water-based incident
    Earthquake
    Mudslide
    Volcanic eruption and ash fallout
    Tsunami
    Large natural fire
    Epidemic and pandemic
  • 12. Identify Threats
    Business
    Power outage
    Labor dispute
    Employee turnover and single point of failure
    Unavailability of key personnel
    Human error
    Gas outage
    Water outage
    Loss of transportation
    Single source suppliers
    Information Technology
    Voice and data telecommunication failure
    IT equipment failure
    Human error from programmers and users
    Security vulnerability
    Data and software sabotage
    In-house developed application failure
    HVAC failure
    Defective software
  • 13. Analyse Risks
    Estimate the risk likelihood of occurrence
    Identify risk impact of the threat materializing
    Determine risk (rating) level
  • 14. Descriptor: Risk Likelihood of Event
  • 15. Descriptor: Risk Impact of Event
  • 16. Risk Analysis Process
    Controls
    What is cost for the Controls to be implemented?
    What Controls are in place?
    Risk
    Rating
    What is the potential loss exposures to business?
    How does the threat affect business operations?
    What is the likelihood that the threat will adversely affect business operations?
    Threats
    Risk Likelihood
    What is the effects on people, infrastructure, facilities, and systems?
    Risk Impact
    What are the adverse events that can occur?
  • 17. Risk Evaluation
    Assess Risk Rating and prioritized for further treatment
  • 18. Risk Rating andLevel Matrix
  • 19. Risk Evaluation: Risk Rating
  • 20. Evaluation Criteria
    Criteria Examples:
    People
    Processes
    Infrastructure
    Weighting for different criteria
  • 21. Risk Treatment
    Explore Risk Treatment Strategies for risks deemed unacceptable
    Document reasons for selection of strategy for each risk treatment
  • 22. Risk Analysis Process
    Controls
    What is cost for the Controls to be implemented?
    What Controls are in place? What risk treatment?
    Risk
    Rating
    What is the potential loss exposures to business?
    How does the threat affect business operations?
    What is the likelihood that the threat will adversely affect business operations?
    Threats
    Risk Likelihood
    What is the effects on people, infrastructure, facilities, and systems?
    Risk Impact
    What are the adverse events that can occur?
  • 23. Risk Treatment Strategies
    Risk Acceptance
    Risk Avoidance
    Risk Transfer
    Risk Reduction
  • 24. Risk Treatment Strategies
    Transfer
    Avoid
    Reduce /
    Active Control
    Reduce (if Cost
    Justifiable)
    Accept
  • 25. Risk Reduction
    Fire
    Pandemic
    Business Continuity Plan (BCP)
  • 26. Risk Analysis and Business Continuity Planning
    Process
    Risk Treatment Strategies
    Treatment for risks that could potentially interrupt business operations
  • 27. Risk Treatment
    27
    04-
  • 28. Implement & Monitor
    Present Recommendations to management for approval
    Implement recommendations
    Monitor results
    Adjust as necessary
  • 29. Risk Analysis Process
  • 30.
  • 31. THANK YOU
    Dr Goh Moh Heng
    President
    Mobile: +65 96711022
    Tel: +65 63231500
    Fax: +65 63230933
    Email: moh_heng@bcm-institute.org