Mitigation Strategies Steve Elliot President CEO Elliot Consulting

  • Slides: 17
Download presentation
Mitigation Strategies Steve Elliot President & CEO Elliot Consulting, LLC © 2018 Elliot Consulting,

Mitigation Strategies Steve Elliot President & CEO Elliot Consulting, LLC © 2018 Elliot Consulting, LLC. All Rights Reserved

Warren Buffett © 2018 Elliot Consulting, LLC. All Rights Reserved

Warren Buffett © 2018 Elliot Consulting, LLC. All Rights Reserved

Threats & Hazards • Threat - A man-made or natural situation or condition that

Threats & Hazards • Threat - A man-made or natural situation or condition that can cause disruption to an organization’s operations or services • Hazard - A dangerous phenomenon, substance, human activity or condition that may cause loss of life, injury or other health impacts, property damage, loss of livelihoods and services © 2018 Elliot Consulting, LLC. All Rights Reserved

Vulnerabilities & Risk • Vulnerability - Degree to which an organization is exposed to

Vulnerabilities & Risk • Vulnerability - Degree to which an organization is exposed to the actions or effects of a risk, event or other occurrence • Risk - A possible event that could cause harm or loss, or affect the ability to achieve objectives. Risk is measured by the probability of a threat, the vulnerability of the asset to that threat, and the impact it would have if it occurred. • Risk score = Probability (Likelihood) x Impact © 2018 Elliot Consulting, LLC. All Rights Reserved

Hazards & Vulnerabilities - Causes Natural Earthquakes Tornado/Wind Hurricanes Floods Volcanoes Rain/Snow/Ice Storms Wildfires

Hazards & Vulnerabilities - Causes Natural Earthquakes Tornado/Wind Hurricanes Floods Volcanoes Rain/Snow/Ice Storms Wildfires Political Human Technological Strikes Workplace Violence Software Outage Riots Sexual Harassment Data Loss/Corrupt Civil Disorder Fraud/Embezzlement Hardware Outage Bomb Threat Terrorism HVAC Biological Threat Sabotage Network Outage Nuclear Threat Machinery Failure Acts of War Power Outage Security Privacy Viruses/Ransomware Data Theft Denial of Service Attacks Counterfeiters Accidents Human Error Fire/Explosion Water Damage Building Collapse Environmental Loss Of: Executives Key Staff Subject Matter Expert © 2018 Elliot Consulting, LLC. All Rights Reserved Emerging Threats Pandemics Drought PR Incidents Product Liability Cloud Computing Cyber Security

Potential Effects Loss of • the Physical Facilities Loss of • the Information and

Potential Effects Loss of • the Physical Facilities Loss of • the Information and Systems Loss of • the Critical Business Operations Loss of • the People Challenge and Confirm your Assumptions © 2018 Elliot Consulting, LLC. All Rights Reserved

What Should We Do? © 2018 Elliot Consulting, LLC. All Rights Reserved

What Should We Do? © 2018 Elliot Consulting, LLC. All Rights Reserved

2 Approaches to Address Risks Continuity Planning Disaster Recovery Proactive Process Reactive Process Enterprise-wide

2 Approaches to Address Risks Continuity Planning Disaster Recovery Proactive Process Reactive Process Enterprise-wide IT / Facilities-Focus Strategic Plan Break-Fix Plan Business and People Things and Recovery Time © 2018 Elliot Consulting, LLC. All Rights Reserved

Risk Assessment © 2018 Elliot Consulting, LLC. All Rights Reserved

Risk Assessment © 2018 Elliot Consulting, LLC. All Rights Reserved

Mitigate Risks Four main ways that you can mitigate risks: - Avoidance - Transfer

Mitigate Risks Four main ways that you can mitigate risks: - Avoidance - Transfer - Acceptance - Reduction © 2018 Elliot Consulting, LLC. All Rights Reserved

Risk Avoidance • Relocate your facility • Divide operations between multiple sites • Eliminate

Risk Avoidance • Relocate your facility • Divide operations between multiple sites • Eliminate a risk process • Stop working with hazardous materials © 2018 Elliot Consulting, LLC. All Rights Reserved

Transfer Risks • Buy insurance / review coverages • Outsource the risk to 3

Transfer Risks • Buy insurance / review coverages • Outsource the risk to 3 rd party suppliers • Sell off a division or product © 2018 Elliot Consulting, LLC. All Rights Reserved

Acceptance of Risks • Decision to do nothing about a potential risk • Accept

Acceptance of Risks • Decision to do nothing about a potential risk • Accept the risk probabilities and impact • Management is willing to roll the dice • Cost/Benefit Analysis shows the impact cost is less than the mitigation cost • Probability is so low that investing in a long-term mitigation strategy isn’t necessary © 2018 Elliot Consulting, LLC. All Rights Reserved

Reduction of Risks • Split production between multiple sites • Supplier Diversity (Workload /geography)

Reduction of Risks • Split production between multiple sites • Supplier Diversity (Workload /geography) • Physical Mitigation (Hardening Facility) • Alternative Access (Work Remotely) © 2018 Elliot Consulting, LLC. All Rights Reserved

Local Hazard Mitigation Planning © 2018 Elliot Consulting, LLC. All Rights Reserved

Local Hazard Mitigation Planning © 2018 Elliot Consulting, LLC. All Rights Reserved

Document Your Decisions Hazards & Vulnerabilities Winter Storms / Snow / Ice Tropical Storm

Document Your Decisions Hazards & Vulnerabilities Winter Storms / Snow / Ice Tropical Storm / Hurricane IT - Hardware Outage(Servers, Printers, etc. ) Loss of Key Staff IT - Critical Application(s) Outage IT - Network Outage (Data) Economic Recession Tornado Building Fire / Explosion / Bomb Threat Power / Utility Failure & Resulting Damage Probability Impact Score Level of Risk 4 3 3 3 2 2 2. 5 3. 7 4. 3 3. 7 3. 3 4. 7 3. 3 14. 7 14. 0 13. 0 11. 0 10. 0 9. 3 8. 3 Very High Medium Medium © 2018 Elliot Consulting, LLC. All Rights Reserved Revenue Risk Strategy A, R T Ac T, R R Options?

Steve Elliot, President & CEO Elliot Consulting, LLC 813 -792 -8833 selliot@elliot-consulting. com www.

Steve Elliot, President & CEO Elliot Consulting, LLC 813 -792 -8833 selliot@elliot-consulting. com www. elliot-consulting. com © 2018 Elliot Consulting, LLC. All Rights Reserved