Security-based impact analysis is an important component of disaster-recovery which involves a systematic procedure of information gathering and analysis in an organization. The information collected facilitates in the determination of potential impacts to the organization in a situation that the processes as well as the functions of the organization are affected by a disaster. For a Security-based impact analysis to be effective, the following steps must be followed: project initiation, information acquisition, information analysis, document findings and reporting the presentation to the senior management (Bendix & Graham, 2008).
During the phase of project initiation, the sponsorship of the senior management must be sort. The management is also presented with the goals, the scope as well as the objectives of the project and if they are acknowledged, a team is formed to work on the project.
In information acquisition phase, all relevant information concerning the organization is gathered. This includes the information systems as well as processes in the organization. In the phase of information analysis, a careful evaluation of information is done which facilitates in identification of vital information systems as well as processes. The phase of document findings involves documentation of findings in the format of a report. The report comprises of an executive summary, the objectives, the scope, collection and analysis of data methodology, findings summary, graphs and charts indicating probable losses and recommendations (Plewes & Whitney, 2007).
The report is finally presented to the senior management and the findings should be explained clearly by security managers and appropriate recommendations given. The security manager uses the report to stress the need for disaster recovery to the senior management and show the need to support it.
Possible organizational, financial, and operational constraints that are associated with Security-based impact analysis include budget and effective analysis of available data. Several manual in addition to computerized approaches are adopted in this regard.
Risk Assessment and evaluation
On successful identification of potential risk, it is important to rate the risk on the basis of its importance and the possibility that it will occur. The most important risk with the highest possibility is given priority
Assigning values to risks (prioritizing)
Assignment of value to a risk is done by plotting the risk in a heat map using significance and its possibility of occurrence. The results obtained are the basis of prioritizing the risk (Bendix & Graham, 2008).
Assessment of damage is a very critical undertaking in a situation that a disaster has occurred because it is the basis of disaster recovery and restoration. The extent of damage is also determined at this stage.
Bendix, S. & Graham, R., (2008). Environmental Assessment, Ann Arbor, Mich., 288 pp.
Plewes, M. & Whitney, R., (2007). Environmental Impact Assessment in Canada: Processes and Approaches, Canada: University of Toronto.