Chapter 22: Risk Management and Business Impact Analysis
Business Impact Analysis
RTO / RPO
MTBF
MTTR
Mission-critical functions
Identification of critical systems
Single point of failure
Impacts on
Life
Property
Safety
Finance
Reputation
Privacy Impact Assessment
Privacy Threshold Assessment
Risk Management Concepts
Threat Assessment
Environmental
Manmade
Internal / External
Risk Assessment
SLE
ALE
ARO
ALE = SLE * ARO
Asset value
Risk register
Likelihood of occurrence
Supply chain assessment
Impact assessment
Qualitative assessment
Quantitative assessment
Testing
Penetration testing
Vulnerability testing
Risk Response Techniques
Avoid (Refuse)
Transfer
Mitigate
Accept
Change Management
Configuration control
Security Controls
Deterrent
Preventive
Detective
Corrective
Compensating
Technical
Administrative
Physical