nTip Don??™t waste time analyzing and documenting obvious risks that have been addressed already. Known
issues and deficiencies have the highest risk rating possible. If you know you aren??™t currently backing up
your system and you know you really should be, it??™s comical to think that you should take the time to identify
the impact of not having a backup??”just do something. That doesn??™t mean you shouldn??™t include it in the
documentation of your overall plan, but don??™t bother analyzing what you already know.
I??™ve defined risk as a combination of likelihood of occurrence vs. the impact of occurrence.
It sounds like I might have a mathematical formula in mind; I do. Don??™t worry,
though; you won??™t need a degree in statistical analysis or actuarial science. I have very
simple formulas in mind. I do think it??™s important to quantify things somehow, and not
just because I??™m a database geek and like to quantify things. Without quantification, setting
a priority list is simply a judgment call. If left this way, you open the door for political
squabbling as to who is in the best position to make the judgment call (I??™ll discuss this
more in Chapter 12).
Pages:
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498