3. IT IS NOT POSSIBLE
TO PROTECT AGAINST
EVERY RISK!
4. IT IS NOT POSSIBLE
TO PROTECT AGAINST
EVERY RISK!
THAT’S WHY COMPANIES USES A RISK MANAGEMENT
APPROACH
5. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
6. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
• It helps to identify threats.
• It helps to select cost-
effective controls via a cost
benefit analysis.
• Formulates a business
continuity plan to recover
from a major disaster.
5-STEP RISK
MANAGEMENT
APPROACH
7. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
STEP 1
Determine the value and
importance of assets such as
data, hardware, software and
networks.
“List down all assets and its
value including even staff,
facilities, business information,
cost of replacement and loss
of use.”
8. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
STEP 2
Recorded the weaknesses in
the current protection system
in view of all potential threats.
“List down all potential threats
that can happen to the assets
by reviewing current systems.”
9. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
STEP 3
Assess the probability of
damage and specify the
tangible and intangible losses
that may result.
“List down the cost of damage
to the assets.”
10. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
STEP 4
Provide a description of
available controls that should
be considered, their probability
of successful defence and
costs.
“List down all assets and its
value.”
11. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
STEP 5
Compare cost and benefits.
Consider the likelihood of
damage occurring and the
successful protection from that
damage. Finally, decide which
controls to install.
“Compare the cost required
and the benefits to decide.”
12. Step 1: Assessment of Assets
Step 2: Vulnerability of Assets
Step 3: Loss Analysis
Step 4: Protection Analysis
Step 5: Cost-Benefit Analysis
13. IF YOU CAN’T
CONTROL THEM,
BACK UP!
SYSTEM FAILURE CAN CAUSE MINOR IRRITATIONS TO
BUSINESS CLOSEDOWN.
15. TYPES OF BACKUP METHODS
3
1. CONTINUOUS BACKUP
• Periodic in partial data increments
• Can be local / remote
2. FULL BACKUP
• Periodic in complete data copy
• Can be local / remote
3. MIRROR BACKUP
• Instant replica of data
• Can be local / remote
17. DISASTER RECOVERY CONCEPTS
2
1. HOTSITE VENDORS
• External vendors that provides
access to a fully configured
backup centre.
• Able to instantly ‘hot swap’.
2. COLDSITE VENDORS
• Provide empty space with
special flooring, ventilation and
facilities.
• In emergency, companies move
to the coldsite.