11 June 2016

♜Strategic Management: Resilience (Definitions)

"The ability to recover from challenges or to overcome obstacles. In a social-ecological context this refers to the innovation capacity of the organization to successfully address societal and environmental challenges." (Rick Edgeman & Jacob Eskildsen, "Social-Ecological Innovation", 2014)

"The quality of being able to absorb systemic 'shocks' without being destroyed even if recovery produces an altered state to that of the status quo ante." (Philip Cooke, "Regional Innovation Systems in Centralised States: Challenges, Chances, and Crossovers", 2015)

"The ability of an organization to quickly adapt to disruptions while maintaining continuous business operations and safeguarding people, assets, and overall brand equity. Business resilience goes a step beyond disaster recovery, by offering post-disaster strategies to avoid costly downtime, shore up vulnerabilities, and maintain business operations in the face of additional, unexpected breaches." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A capability to anticipate, prepare for, respond to, and recover from significant multi-hazard threats with minimum damage to social well-being, the economy, and the environment." (Carolyn N Stevenson, "Addressing the Sustainable Development Goals Through Environmental Education", 2019)

"The ability of a project to readily resume from unexpected events, threats or actions." (Phil Crosby, "Shaping Mega-Science Projects and Practical Steps for Success", 2019)

"The ability of an infrastructure to resist, respond and overcome adverse events" (Konstantinos Apostolou et al, "Business Continuity of Critical Infrastructures for Safety and Security Incidents", 2020)

"The capacity to respond to, adapt and learn from stressors and changing conditions." (Naomi Borg & Nader Naderpajouh, "Strategies for Business Sustainability in a Collaborative Economy", 2020)

"The word resilience refers to the ability to overcome critical moments and adapt after experiencing some unusual and unexpected situation. It also indicates return to normal." (José G Vargas-Hernández, "Urban Socio-Ecosystems Green Resilience", 2021)

"Operational resilience is a set of techniques that allow people, processes and informational systems to adapt to changing patterns. It is the ability to alter operations in the face of changing business conditions. Operationally resilient enterprises have the organizational competencies to ramp up or slow down operations in a way that provides a competitive edge and enables quick and local process modification." (Gartner)

[Operational resilience:] "The ability of an organization to absorb the impact of any unexpected event without failing to deliver on its brand promise." (Forrester)

[Business resilience:] "The ability to thrive in the face of unpredictable events and circumstances without deteriorating customer experience or sacrificing the long-term viability of the company." (Forrester)

06 June 2016

♜Strategic Management: Risk Transfer/Transference (Definitions)

"Shifting currently or potentially risky activities to another company." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A form of risk treatment involving the agreed distribution of risk with other parties" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"A risk response strategy whereby the project team shifts the impact of a threat to a third party, together with ownership of the response." (Project Management Institute, "The Standard for Portfolio Management 3rd Ed.", 2012)

"Transferring all or part of the cost of a risk to a third party (most commonly an insurance provider)." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"One of the risk treatment options is to transfer the risk to or to share it with a third party. Transferring or sharing the risk, however, does not change ownership of the risk, which remains with the organisation itself, regardless of who else shares the risk." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"Project team shifts the impact of a threat to a third party together with ownership of the response." (Cate McCoy & James L Haner, "CAPM Certified Associate in Project Management Practice Exams", 2018)

"A form of risk treatment involving the agreed distribution of risk with other parties." (ISO Guide 73:2009). 

♜Strategic Management: Control (Definitions)

"The process of comparing actual performance with planned performance, analyzing variances, evaluating possible alternatives, and taking appropriate corrective action as needed." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

"Comparing actual performance with planned performance, analyzing variances, assessing trends to effect process improvements, evaluating possible alternatives, and recommending appropriate corrective action as needed." (Cynthia Stackpole, "PMP® Certification All-in-One For Dummies®", 2011)

"Controls set out how you propose to stick to your plan in the face of the challenges of the real world, and what you will do when reality forces your project to deviate from plan." (Mike Clayton, "Brilliant Project Leader", 2012)

"The power to direct the management and policies of a business enterprise." (Mark L Zyla, "Fair Value Measurement", 2012)

"As per the IIA definition, any action taken by the management, the board, and other parties to manage risk and increase the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to provide reasonable assurance that objectives and goals will be achieved." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"Controls can be strategic, tactical or operational. Strategic controls are very high level, such as risk avoidance, transfer, reduction and acceptance. Tactical controls determine a general course of action, such as detective, preventative, corrective and directive Operational controls determine the actual treatment, such as technical or logical, procedural or people and physical or environmental." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"Safeguards used to minimize the impact of threats." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"Actions or changes put in place to reduce a weakness or potential loss. A control is also referred to as a countermeasure." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed, 2015)

"Safeguard that is put in place to reduce a risk, also called a countermeasure." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"Manual or automated mechanisms to ensure events or activities are tracked and potentially limited in their scope or impact." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"A measure that is modifying risk." (ISO Guide 73:2009)

"Means of managing a risk, ensuring that business objectives are achieved, or ensuring that a process if followed" (ITIL)

05 June 2016

♜Strategic Management: Risk Analysis (Definitions)

"The evaluation, classification, and prioritization of risks." (Sandy Shrum et al, "CMMI®: Guidelines for Process Integration and Product Improvement", 2003)

"The process of identifying, characterizing, and prioritizing risks." (Richard D Stutzke, "Estimating Software-Intensive Systems: Projects, Products, and Processes", 2005)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (Tilo Linz et al, "Software Testing Practice: Test Management", 2007)

"The process of measuring and analyzing the risks associated with financial and investment decisions. Risk refers to the variability of expected returns (earnings or cash flows)." (Jae K Shim & Joel G Siegel, "Budgeting Basics and Beyond", 2008)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (Requirements Engineering Qualifications Board, "Standard glossary of terms used in Requirements Engineering", 2011)

"A formal definition of risks based on asset identification, threat enumeration, and consequence evaluation." (Mark Rhodes-Ousley, "Information Security: The Complete Reference, Second Edition, 2nd Ed.", 2013)

"Systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"The process to comprehend the nature of risk and to determine the level of risk." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"A process undertaken to comprehend the nature of risk and to determine the level of risk." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The process to comprehend the nature of risk and to determine the level of risk" (ISO Guide 73:2009). 

"The process of assessing identified project or product risks to determine their level of risk, typically by estimating their impact and probability of occurrence (likelihood)" (ISTQB)

25 May 2016

♜Strategic Management: Business Model (Definitions)

"A high-level visual representation of how an organization serves, or intends to serve, its customers and stakeholders." (Bettina M Davis & Wendy L Combsand, "Demystifying Technical Training: Partnership, Strategy, and Execution", 2009)

"A current or future state representation of some aspect of an enterprise, typically from a process, data, geographic, event, organizational or financial perspective." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"A method by which a company generates revenue to sustain itself." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"A set of choices that ultimately describes an organization's logic, from how it operates to the way it creates and captures value, including economic or social value." (David K Pham, "From Business Strategy to Information Technology Roadmap", 2016)

"Colloquial term used to express how an organisation seeks to turn a profit or create added value. It describes the structure linking intended strategy, its operational and functional requirements and anticipated performance. There are many types of business model but they can be classified into one-sided, multi-sided/platform, social and collective." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

"The specific way in which a business is organized to generate revenue and profits in a sustainable manner." (Pamela Schure & Brian Lawley, "Product Management For Dummies", 2017)

"A set of choices that ultimately describes an organization's logic, from how it operates to the way it creates and captures value, including economic or social value." (Tiffany Pham et al, "From Business Strategy to Information Technology Roadmap", 2018)

"The overall logic of a business and the basis on which it generates revenues and profits." (Robert M Grant, "Contemporary Strategy Analysis" 10th Ed., 2018)

♜Strategic Management: Value Stream Mapping [VSM] (Definitions)

"A process improvement tool that is used in lean manufacturing. The value stream map captures processes, material flows of a given product family and helps to identify waste in the system." (Bimal P Nepal & Leslie Monplaisir, "Lean and Global Product Development in Auto Industry", 2009)

"Value Stream Mapping (VSM) is one of the most known lean methods to analyze the current state of a production and to visualize and design a future state map. The VSM method is based on the use of specific symbols and icons for the visualization of the production sequences." (Dominik T Matt & Erwin Rauch, "Implementing Lean in Engineer-to-Order Manufacturing: Experiences from a ETO Manufacturer", 2014)

"A way to keep track of goods and material as they move through the product-creating process that helps a business boost productivity and reduces wastes." (Kijpokin Kasemsap, "Applying Lean Production and Six Sigma in Global Operations", 2016)

"A method to keep track of products and material as they move through the product-creating process that helps a business enhance productivity and reduce wastes." (Kijpokin Kasemsap, "Lean Thinking in Global Health Care: Theory and Applications", 2017)

"Value stream mapping is a technique used to analyze the flow of materials, services and information required to bring a service to a consumer." (Parminder Singh Kang et al, "Continuous Improvement Philosophy in Higher Education", 2020)

"Is a lean management technique for analyzing, designing, and managing the flow of data and information from an end-customer perspective to achieve value for them." (Anna Wiedemann et al, "Transforming Disciplined IT Functions: Guidelines for DevOps Integration", 2021)

"A pencil-and-paper tool used in two stages: a) Follow a product’s production path from beginning to end and draw a visual representation of every process in the material and information flows. b) Then draw a future state map of how value should flow. The most important map is the future state map." (Lean Enterprise Institute)

"Value stream mapping (VSM) is the process of charting out or visually displaying a value stream so that improvement activity can be effectively planned." (Gartner)

24 May 2016

♜Strategic Management: Value Stream (Definitions)

"A value stream is a set of actions needed to bring a product to an organization's customers." (Andrew Pham et al, "From Business Strategy to Information Technology Roadmap", 2016)

"A value stream is a sequence of activities needed to design, produce and provide a specific service and along which information, material and value flow. A value chain is a set of linked activities that transform inputs into outputs that in turn add to at least one of the ecological, societal or economic bottom lines and help create competitive advantages. Linked to Six Sigma and Lean methodologies the goal is to create sustainable competitive advantages." (Rick Edgeman, "Lean and Six Sigma Innovation and Design", Encyclopedia of Information Science and Technology, Fourth Edition, 2018)

"Value Streams represent the series of steps that an organization uses to build Solutions that provide a continuous flow of value to a Customer. " (Dean Leffingwell, "SAFe 4.5 Reference Guide: Scaled Agile Framework for Lean Enterprises" 2nd Ed., 2018)

"A sequence of processes through which a product follows all the steps necessary for transformation and delivery to the customer." (Sorinel Căpușneanu et al, "Throughput Accounting: Decisional Informational Support for Optimizing Entity Profit", 2019)

"The set of all steps from the start of value creation until the delivery of the end result to customer." (Semra Birgün & Zeynep Altan, "A Managerial Perspective for the Software Development Process: Achieving Software Product Quality by the Theory of Constraints", 2019)

"All activities, both value added and non value added, required to bring a product from raw material into the hands of the customer, a customer requirement from order to delivery, and a design from concept to launch. Value stream improvement usually begins at the door-to-door level within a facility, and then expands outward to eventually encompass the full value stream." (Lean Enterprise Institute)

"An operating unit that controls one or more production flows." (Microsoft, "Dynamics for Finance and Operations Glossary")

"The value stream is defined as the specific activities within a supply chain required to design, order and provide a specific product or service." (Gartner)

16 May 2016

♜Strategic Management: Strategic Plan (Definitions)

"A long-range plan that serves as a business’s road map for the future. It includes the product lines and services, the number of employees, technology requirements, industry trends, competitor analysis, revenue and profitability goals, types of customers, and long-range marketing plans." (Gina Abudi & Brandon Toropov, "The Complete Idiot's Guide to Best Practices for Small Business", 2011)

"A high-level document that explains the organization's vision and mission, plus the approach that will be adopted to achieve this mission and vision, including the specific goals and objectives to be achieved during the period covered by the document." (Project Management Institute, "The Standard for Portfolio Management" 3rd Ed., 2012)

"Strategy gives a helicopter view on direction. A strategic plan is a ground-level plan of attack. It represents the first step in strategy implementation." (Vaughan Evans, "The Financial Times Essential Guide to Developing a Business Strategy", 2013)

"The strategic plan is a document that articulates the firm's goals, define the course of actions required to achieve those goals and to indicate how to improve the firm's performance." (Joshua Y Abor, "Entrepreneurial Finance for MSMEs: A Managerial Approach for Developing Markets", 2016)

"A document used to communicate with the organization the organization’s goals, the actions needed to achieve those goals, and all the other critical elements developed during the planning exercise." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A strategic plan defines who you are as a business and lists concrete actions to achieve your goals." (BDC) [link]

"A strategic plan is a document used to communicate with the organization the organizations goals, the actions needed to achieve those goals and all of the other critical elements developed during the planning exercise." (Balanced Scorecard Institute) [link]

"A visual representation of an organization’s strategy and the objectives that must be met to effectively reach its mission. A strategy plan can be used to communicate, motivate and align the organization to ensure successful execution." (Intrafocus)

05 May 2016

♜Strategic Management: Value Proposition (Definitions)

"The benefit received for the investment made." (Janice M Roehl-Anderson, "IT Best Practices for Financial Managers", 2010)

"A three- to five-sentence statement that conveys to customers the value and benefits that a business brings to them. The value proposition should convey why the customer should purchase that business’s products and services over the competition’s." (Gina Abudi & Brandon Toropov, "The Complete Idiot's Guide to Best Practices for Small Business", 2011)

"The analysis of the benefits of using the specific model (tangible and intangible), including the customers' value proposition." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"The promise of value to be delivered by an organization. Typically addresses which customer needs the organization will meet and how it will price its offerings." (Andrew Pham et al, "From Business Strategy to Information Technology Roadmap", 2016)

"A statement about how customers will benefit from a product or service." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

"A statement of the value that your product brings to your customer. The main reason that a customer should buy from you." (Pamela Schure & Brian Lawley, "Product Management For Dummies", 2017)

"A short statement (pre-project) that describes the tangible results or value a decision maker can expect from implementing a recommended course of action and its resulting benefit to the organization. It is expressed in a quantified fashion in the Business Case, where Value = Benefits – Cost (where Cost includes Risk). (See Business Case.) Vision Statement: It provides a view of the future desired state or condition of an organization. (A vision should stretch the organization to become the best that it can be.) The Vision Statement provides an effective tool to help develop objectives." (H James Harrington & William S Ruggles, "Project Management for Performance Improvement Teams", 2018)

"A statement that identifies clear, measurable, and demonstrable benefits consumers get when buying a particular product or service. It should convince consumers that this product or service is better than others on the market." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The promise of value to be delivered by an organization. Typically addresses which customer needs the organization will meet and how it will price its offerings." (Tiffany Pham et al, "From Business Strategy to Information Technology Roadmap", 2018)

♜Strategic Management: Risk Register (Definitions)

"A record of a company’s risks." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"The document containing the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning. The risk register details all identified risks, including description, category, cause, probability of occurring, impact(s) on objectives, proposed responses, owners, and current status." (Project Management Institute, "Practice Standard for Project Estimating", 2010)

"Formal document and management tool that records all risks identified by the project team, along with the team’s assessment of the risks, plans to manage the risks, and progress against the plans." (Mike Clayton, "Brilliant Project Leader", 2012)

"A document in which the results of risk analysis and risk response planning are recorded." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"A documented collection of the risks impacting an activity or organization." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"A record of information about identified risks." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"Formal record of identified risks." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"A repository in which outputs of risk management processes are recorded." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide )", 2017

"A component that captures details of individual project risks, including a list of identified risks, potential risk owners, and potential risk responses." (Cate McCoy & James L Haner, "CAPM Certified Associate in Project Management Practice Exams", 2018)

"A document in which the iterative results of the risk identification, risk analysis, and risk response planning processes are recorded." (H James Harrington & William S Ruggles, "Project Management for Performance Improvement Teams", 2018)

"A record of information about identified risks." (ISO Guide 73:2009)

15 April 2016

♜Strategic Management: Storytelling (Definitions)

"Narrating sequences of events in an artistic manner for a group of audience orally or in written words." (Mehrak Rahimi, "Digital Storytelling in Language Classes", Encyclopedia of Information Science and Technology 4th Ed., 2018)

"The act of sharing a tale or a series of events, often in a trajectory that give perspective on context and culture." (Catherine Hayes & Ian Corrie, "Learner-Centred Pedagogy Framing Authentic Identity and Positionality in Higher Education", 2020)

"Art of conveying events or phenomena in different formats, in order to entertain, inform, instruct, demonstrate, or persuade." (Tamara E Martin et al, "The Use of Storytelling to Promote Literacy Skills in Biology Education: An Intervention Proposal", 2021)

"Storytelling is a communication tool that creates meanings and emotions on audience. It is a tool to create and maintain bonds for humans as well as organizations." Beris A Özoran, "Digital Storytelling and Public Relations: An Analysis Through Case Studies", 2021)

"Storytelling is one of the most effective communication methods in telling the organizations themselves. Corporate stories are powerful and permanent narratives that express the corporate identity. In stories, perceptions are reshaped. The vision, mission, and values of the organization are narrated." (Deniz Özer, "Corporate Cults: Corporate Identity and Storytelling in the Context of Archetypal Symbolism", 2021)

"The art of telling tales and a great tool to teach language incorporating culture." (Carmela B Scala, "How to Foster Equality in the Language Classroom", 2021)

"The process of using fact and narrative to communicate something to your audience. Some stories are factual, and some are embellished or improvised in order to better explain the core message." (Stavroula Kalogeras, "Transmedia Storytelling Edutainment and the New Testament Lesson", 2021)

"The social and cultural activity of creating and sharing stories. Today, it is re-considered as an important communication tool useful in many domains such as organizational leadership and branding." (Laura R Grünberg, "In Need for More Tailored Feminist Stories in a Time of Crisis", 2021)

14 April 2016

♜Strategic Management: Business Continuity (Definitions)

"The ability of a business to continue to operate in the face of disaster." (Tom Petrocelli, "Data Protection and Information Lifecycle Management", 2005)

"A business function that attempts to prevent any major disruptions to business processes, both through planning, to avoid unplanned outages in the first place, and then through implementing solutions that minimize the effects of unplanned outages if they do occur." (David G Hill, "Data Protection: Governance, Risk Management, and Compliance", 2009)

"The continuance of business operations regardless of disasters that befall it." (Yvette Ghormley, "Business Continuity and Disaster Recovery Plans", 2009)

"The degree of uninterrupted stability of an organization’s systems and operations in spite of potentially disruptive events." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Capability of the organization to continue delivery of products at acceptable predefined levels following disruptive incident" (ISO 22301:2012, 2012)

"The processes and procedures that an organization puts in place to ensure that they can continue to provide essential functions during and after a disaster." (Rebecca Hamilton & Diane Brown, "Disaster Management and Continuity Planning in Libraries: Changes since the Year 2000", 2016)

"Capability of an organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. Business continuity embraces all the operations in a company, including how employees function in compromised situations." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The capability of the organisation to continue delivery of products and services at acceptable pre-defined levels following a disruptive incident." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"The act of ensuring that core business units and critical services operate at an acceptable level after some unexpected interruption or a crisis incident." (Athanasios Podaras et al, "Regression-Based Recovery Time Predictions in Business Continuity Management: A Public College Case Study", 2021)

"Business process responsible for managing risks that could seriously affect the business" (ITIL)

13 April 2016

♜Strategic Management: Churn (Definitions)

"In a subscription service, the ratio of customers lost to customers gained." (Ralph Kimball & Margy Ross, "The Data Warehouse Toolkit" 2nd Ed., 2002)

"Reflects the tendency of subscribers to switch services." (Glenn J Myatt, "Making Sense of Data: A Practical Guide to Exploratory Data Analysis and Data Mining", 2006)

"The phenomenon of customers leaving your business to go to a competitor. Churn implies the customer might or might not return. “Churn reduction” is another way of saying customer retention and is a major goal of CRM programs. Churn is most often used in conjunction with commodity businesses such as telcos, utilities, and airlines." (Evan Levy & Jill Dyché, "Customer Data Integration", 2006)

"Reflects the tendency of subscribers to switch services." (Glenn J Myatt, "Making Sense of Data: A Practical Guide to Exploratory Data Analysis and Data Mining", 2007)

"Also known as customer attrition, this is a term used by businesses to describe the loss of clients or customers." (Martin Oberhofer et al, "The Art of Enterprise Information Architecture", 2010)

"A customer switches to a competitor's service." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[viral churn:] "A situation in which individuals cancel their services because other people in their network have canceled their service. Common reasons include being made aware of better options and pull-through by leveraging positive network externalities." (Evan Stubbs, "Delivering Business Analytics: Practical Guidelines for Best Practice", 2013)

"A term that refers to a customers going to a different provider. Depending on the context, it may refer to a total migration away from the organization in question to a reduction in consumption." (Evan Stubbs, "Delivering Business Analytics: Practical Guidelines for Best Practice", 2013)

10 April 2016

♜Strategic Management: Risk Assessment (Definitions)

"An evaluation of the risks and possible bad outcomes an organization faces and the likelihood these may occur." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"identifying and aggregating the risks facing the organization." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The overall process of risk identification, risk analysis, and risk evaluation." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"'analyze assets’ value, identify threats and evaluate their vulnerability to those threats" (ITIL)

"the overall process of risk identification, risk analysis and risk evaluation" (ISO Guide 73:2009) 

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. (NIST SP 800-137)

"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses." (NIST SP 800-18)

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system." (NIST SP 800-171)

♜Strategic Management: Contingency Plan (Definitions)

"An identification of alternative strategies to be used to ensure project success if specified risk events occur." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

[contingency planning:] "A management process that analyses disaster risks and establishes arrangements in advance to enable timely, effective and appropriate responses." (ISDR, 2009)

"Specific planning designed to create a quick response after the occurrence of a risk event." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A plan that identifies alternative approaches to be used if the corresponding risk events occur." (Bonnie Biafore, "Successful Project Management: Applying Best Practices and Real-World Techniques with Microsoft® Project", 2011)

"A plan developed to mitigate the outcome of a risk, once the risk has materialised." (Mike Clayton, "Brilliant Project Leader", 2012)

"Mitigation plan alternative course(s) of action devised to cope with project risks." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"A plan that allows an organization to respond appropriately to a specific type of unplanned event."(Rebecca Hamilton & Diane Brown, "Disaster Management and Continuity Planning in Libraries: Changes since the Year 2000", 2016)

"A plan for continued operation and execution of the most essential functions of a mission in the event of a disruptive failure, such as a natural disaster or a major cyberattack." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"A plan put in place before any potential emergencies, with the mission of dealing with possible future emergencies. It pertains to training personnel, performing backups, preparing critical facilities, and recovering from an emergency or disaster so that business operations can continue." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

[contingency planning:] "Management policies and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A plan that is maintained for disaster response, backup operations, and post-disaster recovery to ensure the availability of critical resources and to facilitate the continuity of operations in an emergency situation." (NIST SP 800-57 Part 1)

"Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the continuity of operations plan (COOP) or disaster recovery plan (DRP) for major disruptions." (CNSSI 4009-2015)

Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 24 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.