| Organizations are used to assess their information systems by performing risk assessments . After a risk assessment has taken place, countermeasures must be applied to mitigate and lower risks: setting up a business continuity plan (BCP) is a crucial part of risk mitigation phase. Because resources (personnel, budget, time, etc.) are limited, it is common for an entity to choose to protect first a process which constitutes an individual high-money-loss source or which is most likely to be affected by incidents. However, some incidents affecting less important processes may propagate to more critical ones. We aim at developing tools and methodologies for predicting and visualizing the global consequences of local events, by investigating the functional dependencies between processes and by defining business requirements on temporal slots (both from the BCP). The result of our investigation will support the IT management in carrying out more effective risk mitigation. |
