Difficulties faced in this section-
This section of work relating to risk Management was reasonably easy to understand all the concepts involved, the difficult thing was really to put everything together and make sense of the different ideas discussed in this section. Without actually having a lecture it is sometimes difficult to relate certain concepts to real situations which would help me understand each topic better. The length and amount of information dicussed in this section was also a little bit overwhelming to get a grip on everything. It is difficult to know what information and ideas which are mostly relevant and how they all link together.
I found the following questions answered in my blog difficult to find answers to and really just understand what the question was asking as i could not find any reference to it in the notes for this section.
1) What is the best value that should be assessed when evaluating the worth of an information asset to the organisation - replacement cost or loss income while repairing or replacing?
The best value that should be assessed while evaluating the worth of an information asset can vary throughout different organisations and type of information asset. A efficient machine or piece of equipment can be priceless in some organisation's as it is the linch pin of the organisation, income losses could be quite severe. Replacement costs may not be greatly expensive but the difficulty in finding another is sometimes difficult and time consuming. Repairing and replacing these assets can also be quite costly in terms of sales revenue, most of the times these occurencies are inconveniences that are not needed in an organiation.
2) What is the likelihood value of a vulnerability that no longer must be considered?
Likelihood is 'the probability that a specific vulnerability within an organisation will be successfully attacked'. When doing risk assessment's a numerical value is assigned to vulnerability and one which is no longer really considered is close to zero.
3) In what instances is baselining or benchmarking superior to Cost Benefit Analysis?
In my view these concepts are relatively different. A CBA refers to either helping appraise , or assess the case for a project, programme or policy proposal. It can also refer to an approach to help make economic decisions of any kind. Whereas baselining and benchmarking relates to comparing various factors within organisation's.
4) How can we find out what organisations risk appeitie is? Why is this important?
An organisation's risk appetite is "the amount of risk exposure, or potential adverse impact from an event, that the organisation is willing to accept/retain". To work out an organisation's risk appetite they must ask themselves the following questions :
- Where do we feel we should allocate our limited time and resources to minimise risk exposures?
- What level of risk exposure requires immediate action? Why?
- What level of risk requires a formal response strategy to mitigate the potentially material impact? Why?
- What events have occured in the past and at what level were they managed? Why?
Each question is followed by a 'why' because the organisation should be able to articulate the quantitative and/or qualitative basis for the appetite. The overall aim of the organisation is to keep the risk within the organisations accepted range.
"http://www.continuitycentral.com/feature0170.htm'
No comments:
Post a Comment