Planning for Disaster: Assessing Risks to Your Business Data

It’s only a matter of time before a disaster affects your business’s ability to access data. If you have a plan, you’ll be halfway down the road to recovery when disaster strikes. This article reviews the basics of disaster recovery planning. Download the PDF for more information about disaster planning as well as a risk assessment. 

MentorIt’s only a matter of time before a disaster affects your business’s ability to access data. If you have a plan, you’ll be halfway down the road to recovery when disaster strikes. This article reviews the basics of disaster recovery planning. 

Before we get started, it’s important to review some important terminology used in disaster recovery planning: 
  • Assets: Generally speaking, anything that’s valuable to your organization. In the context of data disaster recovery planning, you’re interested in tracking your organization’s data assets (for example, sales data, customer records, and product designs) and data processing assets (for example, servers, workstations, and network devices). 
  • Vulnerabilities: Weaknesses that might allow for the failure of a control that affects the confidentiality, integrity, or availability of your data assets. For example, if your server runs an old, unpatched operating system, that’s a technical vulnerability. In addition, physical vulnerabilities may pose a risk to your data (for example, the use of a water-based fire suppression system near critical electronic equipment). 
  • Threats: Potential events that may actually compromise your data if a corresponding vulnerability exists. For example, a skilled hacker is a threat that may be able to exploit an unpatched operating system vulnerability. Similarly, a hurricane, a tornado, or another severe storm constitutes a threat that might exploit a leaky roof vulnerability. 
As you can see, assets, vulnerabilities, and threats are all closely related. A risk occurs when an asset has a vulnerability and there is the presence of a corresponding threat. This is often expressed using the following mathematical equation: 
Risk = Asset x Threat x Vulnerability 
You’ll further explore the mathematics behind risk assessment when learning about quantitative risk assessment later in this article. For now, let’s explore techniques you can use to identify assets, vulnerabilities, and threats.
 
Click the download button above to read the full article.

 

Have a question about disaster planning? Connect with a SCORE mentor online or in your community today!

About the Author

HP Circle Logo Closeup© 2007 Hewlett-Packard Development Company, LP
The HP Small Business Connection brings together products, services, and solutions designed with your business in mind.