Risk Assessment is the process of identifying and analyzing the effects of the worst events that could happen within each department of the company before they happen.   What would happen to the business in the event of a natural disaster and no power for telecommunications or computers, no utilities or water?  What are the legal or financial ramifications if flooding or fire destroyed corporate records? Are you prepared for IT failures, or an influenza pandemic, etc.  You are beginning to get the picture. 

Assessment, Planning and Analysis of Risks

The first step is correctly identifying all risks.  Understand the business requirements, priorities, and exposures in terms of the loss of voice, data, power, It and other utilities. Or the loss of key staff, physical locations, key suppliers etc.   

The second step is to determine the likelihood of each risk and develop the business impact analysis in the event these risks do indeed occur.  Identify the core business processes and clearly map out the core objectives.  Implementing risk reduction measures can take place once the risks are identified. 

All identifiable risks and their impact should be shown to the highest level of management and both the department heads and top management should sign off on the identified “risk” list.  Once the risks are identified,  and priorities determined, recovery plans are developed, and implemented to reduce the impact of each potential risk.

The goal should be to have tight security within the organization – Both physical security and data information security. 

The ISO 17799 is often used as a generic term to describe what are actually two different documents: ISO 17799, which is a set of security controls (a code of practice), and BS7799 / ISO 27001, which is a standard 'specification' for an Information Security Management System (an ISMS).  Consider these documents and seek certification if relevant.  These are the internationally recognized standard for business continuity management and planning.

Information Technology - Vital Risk Assessments Area

Information technology has created an environment that require systems be tested and examined.   This assessment is used to identify any possible holes in computer security that may be susceptible to intrusion.  Assessing vulnerable internet security areas is only one of the many functions of a well thought out business continuity plan.                                       

Information systems are one the most vulnerable aspects of most business.  Assessing the risk that is present in the network is important to correct the security problems that are possible targets for hackers and disgruntled employees.  Experts recommend monthly assessments to the network, and immediately after new adjustments have been made.  Protecting the security of the information and data can have direct effects on the future of the business.  In minutes, cyber criminals can find their way in to steal sensitive information.  The systems can and should be set up to keep employees out of critical and confidential areas of data.

There are many companies that help with the vulnerability testing of the network.  The service assessment packages are typically sold in yearly subscriptions.  Included are usually twelve monthly tests with four to six "on demand" vulnerability or risk tests.  Full scans of the network are what will be received.  Each IP address is assessed, so nothing will be left out.  The company then receives a risk report as to where the problems are in the system and how to fix the vulnerable areas.  Just about any operating system and database can be assessed for risks.  Most mail servers are also able to be assessed.  Host intrusion services and firewall control assessments are added features that can be easily added to the basket of service.  When testing the vulnerability of the networks, it is a good time to assess the other departments in the business as well.