Introduction

In this chapter, we're going to discuss the concept and practical application of risk management. We'll look at the broad business perspective, the practical business continuity and disaster recovery planning perspective, and the IT-centric perspective. We'll look at risk management to understand the overall process, then delve into the risk assessment process. This is where the first phase of project work begins.

To help you keep track of where we are in our overall planning process, you'll see an image similar to that shown in Figure 30.1 at the outset of each chapter. As you can see in Figure 30.1, we've completed the basic project initiation steps (see Chapter 29) and we're moving into risk management. Clearly, we can't create a viable BC/DR plan until we know which specific threats the company faces. Every company faces numerous common threats such as the potential for a server failure or power outage; but each company also faces numerous threats that are either unique to the organization or unique in their potential impact. Throughout this chapter, we'll discuss risk management from a BC/DR perspective, but there may be risks your business faces that are not mentioned. In Chapter 28, we provided a fairly extensive list of potential threats to be addressed, but the list is not exhaustive and you'll need to look at your own business with other knowledgeable members of your company to determine what risks you'll need to assess. We'll cover many of those threats in more detail in this...