A Quantitative Decision Support Model for Security and Business Continuity Management

Abstract

Risks and the business impact of a critical event are often difficult to quantify. In many cases, the strategic decisions with regard to mitigating risk and minimising financial damage must be taken on the basis of qualitative estimates and expert opinion. However, formulating a continuity and security strategy requires quantitative support across several dimensions: temporal, financial and systemic thresholds must be defined to ensure the optimum level of investment. The paper outlines a strategic decision support model for quantifying risk and business impact. It is further shown how the resulting risk management decisions of the firm can be optimised, and how typical problems of event (disaster) frequency and severity can be resolved. The paper builds on earlier research in audit, insurance and business continuity management to present an innovative approach towards this well-known problem.