Читать книгу (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide - Mike Chapple - Страница 167

The next phase of the BIA is the identification of risks posed to your organization. During this phase, you'll have an easy time identifying some common threats, but you might need to exercise some creativity to come up with more obscure (but very real!) risks.

Risks come in two forms: natural risks and person-made risks. The following list includes some events that pose natural threats:

 Violent storms/hurricanes/tornadoes/blizzards

 Lightning strikes

 Earthquakes

 Mudslides/avalanches

 Volcanic eruptions

 Pandemics

Person-made threats include the following events:

 Terrorist acts/wars/civil unrest

 Theft/vandalism

 Fires/explosions

 Prolonged power outages

 Building collapses

 Transportation failures

 Internet disruptions

 Service provider outages

 Economic crises

Remember, these are by no means all-inclusive lists. They merely identify some common risks that many organizations face. You may want to use them as a starting point, but a full listing of risks facing your organization will require input from all members of the BCP team.

The risk identification portion of the process is purely qualitative. At this point in the process, the BCP team should not be concerned about the likelihood that each type of risk will materialize or the amount of damage such an occurrence would inflict upon the continued operation of the business. The results of this analysis will drive both the qualitative and quantitative portions of the remaining BIA tasks.