IT:AD:Risk Asessment

Summary

  • Assess → Respond → Monitor
  • Qualitative (High/Medium/Low) v. Quantitive (number based) Assessments
    • Business are more Quantitative Numbers.
  • Single Loss Expectancy (SLE)
  • Annulized Rate of Occurance (ARO)
  • Annulised Losss of Of Expectancy (ALE)

Likelihood (1-5) versus Consequences (1-5)

Likelihood (Rare|Unlikely|Moderate|Likely|Almost Certain) Consequences (INsignificant|Minor|Sig|Major|Severe)

Low to High..

  • ISO-30000-1209

RISKS can be:

  • Eliminated, Substituted, Controlled (isolation and guarding), Administered (training/work scheduling), Personal Protective Equipement (PPE).
  • CCSB: Accept, Avoid, Mitigate, Transfer the risk.