DEVELOPING A RISK ANALYSIS

What is a risk analysis?

• A Risk analysis is concerned with identifying the risks that an organisation is exposed to, identifying the preventative measures that can be taken and then applying controls to minimise the risk.

What needs to be taken into account when producing a risk analysis?

•You need to identify potential risks 

•Understand the likelihood of risk occurring 

•What are the short and long term consequences of threat 

•How well equipped are you to deal with the threat 

Identifying potential risks

•e.g. viruses / fire / natural damage / hacking / systems failure / fraud, etc

Likelihood of risk occurring

•some things such as power cut are inevitable but explosions much less likely - senior managers have to assess the likelihood of each risk occurring and put in the necessary security

Short and long term consequences of threat

•resources (staff equipment, etc) need to be directed towards recovering the data / may have to pay compensation / financial loss due to loss of business through not being able to take orders / embarrassment/ prosecution / loss of integrity / bankruptcy / cost of replacing equipment

How well equipped is the company to deal with the threat

•has to be reviewed periodically because of changing needs - disaster recovery program – backup strategy

Exam Questions

•Describe in detail two of the factors an organisation needs to consider when producing a risk analysis (4)

•A Bank is very dependent on its ICT system for its administration. The Bank is undertaking a risk analysis. Describe in detail two of the factors the bank should take into account when deciding how much to spend to control and minimize the risk to data. (2x2)

•Other than how well the company is equipped to deal with the risk, describe in detail three of the factors an organisation needs to consider when producing a risk analysis (6)