Security Risk Assessment Preparation ◾ 83
© 2011 by Taylor & Francis Group, LLC
Reuse information from other assessments
Determine critical systems quickly
Determine critical systems laboriously
4.3.1.1 Approach 1: Find the Information Elsewhere
Many organizations may have already performed business continuity planning
(BCP). As part of a BCP eort, they would have already identied and priori-
tized critical systems within the organization. e security risk assessment team
can reuse this information, provided that it is still considered up to date and
relevant by the organization. Furthermore, the BCP documentation is likely to
have additional information that can be used elsewhere, such as likely threats,
asset valuation, and other a ...