Reliability
-
Upload
chellamuthu-k -
Category
Technology
-
view
670 -
download
7
description
Transcript of Reliability
Industrial Safety and
Risk Assessment
Risk assessment is the process of enumerating risks, determining theirclassifications, assigning probability and impact scores, and associating controls with each risk.
“The trick is for the right people to use the right tools at the right
time, each time!”
Risk Assessments measure the risk, the potential loss, and the probability that the loss will occur.
Risk (R) =Loss value (L) * Probability (P) (or)
R=L*P
Risk: potential events that have a negative impact on the Integrity, Confidentiality, and Availability of information.
Vulnerability: condition of a missing or ineffectively administered safeguard or control that allows a risk to occur with a greater impact or frequency or both.
Impact – the potential effect a risk may have on an asset.
Control – measures taken to prevent, detect, minimize, or eliminate risk to protect the Integrity, Confidentiality, and Availability of information.
Probability – the likelihood of the event occurring, rated from 0n to 1
Risk is a Common place
What to Investigate
Types of Risk Assessment
Qualitative – measure in terms like “high, medium, and low” for probability and impact. Look at relative value, risk.
Quantitative – measure in dollars and formulas.
The government has switched to more qualitativeprocesses – quantitative processes tend to take
a very long time and while they generate “hard” data, they are rarely completed!
High, medium, and low mean something different to everyone.
Assign understandable values, then seek group agreement.
Document thought process if necessary or appropriate.
"The greatest opportunity for the discovery and correction of undesired deviations takes place while the Risk
is being performed."
Performing a Risk Assessment
Define the purpose of the assessment Identify the product or system Select assessment approach Gather information Develop attack scenarios Estimate risk parameters Produce assessment report
Promoting the Risk Assessment
Elements of good risk assessments
1. Provides clear instructions2. Is composed of Segmented Questions3. Simplifies user Response4. Allows for user Commentary Area5. Identifies support contacts6. Focuses on leaders as well as executors7. Provides feedback to users and Risk leaders8. Has a broad Scope9. Supports draft operating mode10.Identifies User for follow up if necessary and applicable
Risk Assessment Foundation
A strong foundationis essential to thesuccess of a riskassessment!
Dealing with risk
Accept the risk
• You accept responsibility and acknowledge awareness of the risk.• Not always an acceptable alternative• Formal acknowledgement can be a useful tool!
Dealing with risk
Address and control the risk
Determine appropriate controls,from both a risk remediation and acost and effort to implement standpoint
Meta Process
Sponsor Scope Team Risk enumeration Risk classification and rating Control identification Report Action plan and execution
Sponsorship
A key factor in the success of risk assessment is having an effective sponsor.
The sponsor should be in charge of the area or system being assessed.
Sponsors should be willing to take responsibility for the assessment and to use its findings.
Scope
Carefully scope your assessment
Write a scope statement and makesure your group understands it.
Use scope to keep on topic duringbrainstorming, but do not limitbrainstorming.
Choosing a team
Diversity Expertise Sanity Leadership Numbers
Reporting Reports should include risks, probability
and impact ratings, and controls for eachrisk.
Reports should be signed off on by theproject sponsor and the areas that mustimplement controls.
Choose a reasonable implementationtimeframe and follow up!
Formal Risk Assessment
Suggest a risk Classify the risk Rate Probability Rate Impact Suggest controls
Formal Risk Assessment Introduction - team members introduce themselves and very
briefly describe their area of responsibility or expertise relevant to the scope of the assessment.
Brainstorm - Risks are brainstormed, no idea will be rejected or negatively discussed in the initial brainstorm.
Identification - risks categorized as affecting Confidentiality, Integrity, or Availability
Prioritization - risks are prioritized by their impact, and probability
Controls - controls are identified and recommended based on the risks identified. Controls are prioritized based on cost, priority, and capability to implement.
Report - a report is prepared by the facilitator and approved by the team.
Sign-off - the project lead is given the document and signs off on it.
Steps Involved in Risk Assessment1. Make sure the risk assessment process is practical and realistic.2. Involve as many people as possible in the process, especially those at
risk.3. Use a systematic approach to ensure all relevant risks and hazards are
addressed.4. Look at the big picture; don’t waste time on the obviously minor risks;
and don’t obscure the process in too much detail.5. Start by identifying the hazards.6. Assess the risks from those hazards, taking into account the
effectiveness of the existing controls;7. Be realistic, not idealistic. Look at what actually occurs and exists in the
workplace and, in particular, include non-routine operations.8. Identify who is at risk. Include all workers, including visitors, contractors
and the public.9. Start with the simple methods, use more systematic methods as
necessary.10. Always record the assessment in writing, including all assumptions you
make, with the reasons why.
Disadvantages
Accuracy Responsiveness Ease of Use
“Risk Assessment is necessary to be Safe Always in All ways”
Thank You