Therefore, you must create a plan that identifies potential events, the risk of those
events (the probability of occurrence and potential impact), the response plan, and what
you??™ll do to mitigate those risks.
Identifying Risk
It??™s often difficult to know where to start. All too often, people rush in and throw any solution
in place before taking a moment to consider the situation. Risk identification should
be a formal, documented part of a disaster recovery plan.
Note that I??™m calling this risk identification and not risk management. I??™m not advocating
a long, drawn-out process or an exhaustive analysis of financial risk. There is a
place for that sort of thing, and it certainly has value, but when creating a disaster recovery
plan, you need to keep things simple and iterative in order to get the process moving.
If you hire a risk-management firm to help you analyze your company before you move
on to establishing response and mitigation plans, it could be six months before anything
is actually done. And in the technology world, your environment may have already
changed.
Pages:
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497