Security risk management is one of the most important services that VARs and consultants can provide for clients. Developing an effective risk management strategy and risk analysis process can make the difference between a client that overcomes an IT security breach and one that is overcome by it. Discover how to use risk management metrics to assess IT security risks and help your clients plan accordingly.
As you're thinking about your company and its critical functions, which we'll review following this section, you should keep a rating scale in mind. Later, after you've compiled your list, you can assign a "criticality rating" to each business function. It's important to have an idea of your rating system in mind before you review your business functions so you can spend the appropriate amount of time and energy on mission-critical functions and less time on minor functions. For example, when you sit down with the finance group, you want to keep them focused on defining the mission-critical business functions while listing all business functions that would be needed for business continuation.
Understanding security risk management
How to perform security risk management
Recovery time requirements
Reprinted from Chapter four of Business Continuity and Disaster Recovery Planning for IT Professionals by Susan Snedaker. Printed with permission from Syngress, a division of Elsevier. Copyright 2007. For more information about this title, please visit www.syngress.com.