|
|
|
|
|
Risk Analysis
Risk Analysis identifies the assets, threats, vulnerabilities and countermeasures of a service. This functionality is provided by means of Valuemation Risk Assessment matrix, where 'violation risk' of a service (or a configuration item) is calculated on the basis of 'probability disruption' and 'disruption impact'.
|
The Risk Analysis matrix resembles ticket prioritization in Incident Management. It is, however, calculated by a special workflow:
- The 'Disruption Impacts All' objects represent Impact. They specify the impact of the disruption of a service.
- The 'Disruption Probabilities All' objects represent Urgency. They specify how probable it is that this kind of service will fail.
- The 'Violation Risks All' objects represent Priority. The judgment is made on the basis of the previous Risk Analysis matrix.
Default Configuration:
Probability (V) / Impact (>) |
1 |
2 |
3 |
null |
1 |
1 |
2 |
3 |
4 |
2 |
2 |
3 |
3 |
4 |
3 |
2 |
3 |
4 |
4 |
null |
4 |
4 |
4 |
4 |
The risk values will be assigned to all services (templates and instances) and CIs (system records).
How does it works?
- At any time a user defines or updates the 'Disruption Probability\ or 'Disruption Impact' of a service/CI, the 'Violation Risk' value must be recalculated.
- Regular checking of these values for all systems / CIs should be done by regular evaluation of BC (Business Criticality).
Additional risk calculations based on a data range (amount of days) can be done in ZIS availability module.
Note: Please see also the relation to the Availability Management in the 'ITSCM links to other managers' topic.