Operational risk management
Operational risk means risk related to the processes and systems that can interrupt the business's operations. Managing operational risk is one of the key roles of the information security manager. Some of the key aspects that an information security manager must understand regarding operational risks are as follows:
- Recovery time objective (RTO)
- Recovery point objective (RPO)
- Service delivery objective (SDO)
- Maximum tolerable outage (MTO)
- Allowable interruption window (AIW)
Let's discuss each of these in detail.
Recovery time objective (RTO)
The RTO is a measure of the user's tolerance to system downtime. In other words, the RTO is the extent of acceptable system downtime. For example, an RTO of 2 hours indicates that an organization will not be overly impacted if its system is down for up to 2 hours.
Recovery Point Objective (RPO)
The RPO is a measure of the user's tolerance to data loss...
