The business continuity management (BCM) has several tools, one of them is the Risk Analysis. But what must be included for a good RA?
Well I have to say after 20 years doing this studies in my country that the very first thing is that the social/political/economic situation is the very first, why?
When we started in our country was a very different enviroment tha it is today, just this week we have had two bombing attemps in two different cities; so in 1993 this situation was uninmaginable, today a fact.
So what I am saying is for DCs where today the most precious valuable is located (information), the RA must consider all of those issues that can be "far far away", lets go into them
Natural disaster: floods, earthquake, tsunamies, tornados, volcanos, ........
Human: terrorism, sabotage (digital as well), war, Information , fire, trespassing,.....
Biological: viruses, .....
Exists multitude of methodologies that you can use for this task, however my suggestion before you choose one of them is to set which are the priority treaths that you want to evaluate in the RA, so with the adecuate method in the RA you will be able to get the better assestment.
So if we want to prevent all of them it will cost a lot, lot, lot of money; so we have after all of them have been detected to set the priority to keep mitigate, this can be done during the Business Impact Analysis (BIA) other excellent tool to help us in getting the BCM appropiate for our facility.
Just in this point, the security proffesional has to meet the architectural, security teams to address each vulnerabilty in the found in the field to understand which combined solution alternatives should be use to mitigate the weakness of this site.
The DC designer must include all the recomendations (benefit-cost) and give enough weigth in the total design (new or refurbish) for this facility; today a DC is not longer CRACs, UPS, generators, structured cabling, and so, but an integral design in:
* IT transport
All of them have to be taken in consideration,
or what is your opinion?
Roberto Sanchez, RCDD