Capacity buildiing for small businesses

1. Steps in the risk analysis
1. Prioritize threats
2. Define vulnerabilities
3. Estimate impacts on staff and mission

2. 1. Prioritise the threats
• It is a question of determining which threat
is the strongest and which is the weakest
• Why?
• How do we do it?

3. 1. Prioritise the threats
Impact
Probability 1 2 3
3 2 3 3
2 1 2 3
1 1 1 2

4. 2. Define vulnerabilities
By group list the vulnerabilities related
to each threat you have defined above.

5. 2. Define vulnerabilities
It is now necessary to define the level of
vulnerability for each threat
Vulnérability Level
All possible measures are taken and are effective 1
Measures are in place but do not effectively address the
threats
2
No measures are in place 3

6. 3. Define the impact on people and
operations
Assess the impact that the occurrence of a
threat would have
Impact Level
Risk of minor injuries with no need for treatment /
negligible delay in operations
1
Risk of injuries requiring friendly care without lasting
sequelae / Significant delay in operations
2
Risk of loss of life or serious injury resulting in long-term
sequelae / Cancellation of operations. 3

7. Calculate the risks associated with your activity
Using the matrix below, calculate the risk
level: R = M xV x I
Threat Threat level Vulnerability
level
Impact on
operations
and
employees
Risk (/27)
M 1 2 3 3 18
M 2 2 3 1 6
M 3 2 1 2 4

8. Calculer les risques liés à votre activité
Using the matrix below, calculate the risk level: R = M xV x I
Vulnérabilité
Impact
1 2 3
1
2
3

9. Risque Niveau
Bas 1 à 13
Moyen 14 à 20
Fort 21 à 27

10. To do security
We need information...
• How do we find it?
• What is the difference between information
and rumour?
• How can we use the information we collect
effectively?

11. Information management
Sources of information
List the sources of information
How do you categorise them
How do you ensure that the information is
reliable.