IT Service Continuity Management

Slides:

Advertisements

Similar presentations

Conducting your own Data Life Cycle Audit

Advertisements

Chapter 7- slide 1 Prof. Anita Beecroft, Kwantlen Polytechnic University, B.C. Prof. Tim Richardson, University of Toronto Chapter 7 Enterprise Infrastructure,

Slide 1 Incident Management. Slide 2 Goal - Primary Objective To restore normal service operation as quickly as possible with minimum disruption to the.

Slide 1 Configuration Management. Slide 2 Goal – Primary Objective To provide a logical model of the IT infrastructure by identifying,controlling, maintaining.

CHAPTER 5: LEARNING OUTCOMES

Museum Presentation Intermuseum Conservation Association.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

1 The Basics of Business Continuity Presented by Mary F. Sandy, CBCP Business Continuity/Disaster Recovery Class DePaul University ©Mary F. Sandy, 2006.

Objectives To introduce software project management and to describe its distinctive characteristics To discuss project planning and the planning process.

Module N° 7 – Introduction to SMS

Technical System Options

EMS Checklist (ISO model)

1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.

Service Level Agreement

How to commence the IT Modernization Process?

2 3 There are two basic areas where there is a need to have resources available. Internal:  Financial  Personnel  Assets  Time External  Consultants.

Business Continuity Training & Awareness by Sulia Toutai (ANZ)

© Prentice Hall CHAPTER 15 Managing the IS Function.

Business Plug-In B4 MIS Infrastructures.

Service Design – Section 4.5 Service Continuity Management.

Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Business Continuity Mark Holloway Former Head of Change Management at Co-operative Food.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

Business Continuity Planning and Disaster Recovery Planning

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Security Controls – What Works

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Computer Security: Principles and Practice

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FIVE INFRASTRUCTURES: SUSTAINABLE TECHNOLOGIES CHAPTER.

CHAPTER FIVE INFRASTRUCTURES SUSTAINABLE TECHNOLOGIES CHAPTER FIVE INFRASTRUCTURES SUSTAINABLE TECHNOLOGIES Copyright © 2015 McGraw-Hill Education. All.

Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.

1 Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border.

Company Program. Disaster Recovery A Disaster Recovery Plan is a plan for business continuity in the event of a disaster that destroys part or all of.

Business Crisis and Continuity Management (BCCM) Class Session

DTS Disaster Recovery Service Fact and Fallacy By Marianne Chick, CBCP DTS Disaster Recovery Planner.

© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.

Overview of Systems Audit

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

CHAPTER FIVE INFRASTRUCTURES SUSTAINABLE TECHNOLOGIES

INFORMATION SECURITY PLANNING & IMPLEMENTATION Today’s Reference: Whitman & Mattord, Management of Information Security, 2 nd edition, 2008 Chapter 3.

HBCU National Workshop June 24, 2011 Disaster Recovery Reggie Brinson Assoc. VP/Chief Information Officer Clark Atlanta University.

Incident Management By Marc-André Léger DESS, MASc, PHD(candidate) Winter 2008.

David N. Wozei Systems Administrator, IT Auditor.

Business Continuity & Disaster recovery

 FFC backs up all of its data each day. It stores its most recent daily backup once a week at a company owned offsite location. FFC also stores the most.

Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.

1 Crisis Management / Emergency Management Overview.

The Handover Process P6.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.

Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.

Phases of BCP The BCP process can be divided into the following life cycle phases: Creation of a business continuity and disaster recovery policy. Business.

Slide Number 1 Business Continuity Plan International Rectifier.

Disaster Recovery and Business Continuity Planning IBK3IBV01 College 7 Paul J. Cornelisse.

Health Emergency Risk Management Pir Mohammad Paya MD, MPH,DCBHD Senior Technical Specialist Public Health in Emergencies Asian Disaster Preparedness Center.

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

Disaster Recovery: Can Your Business Survive Data Loss? DR Strategies for Today and Tomorrow.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

Information Security Crisis Management Daryl Goodwin.

Chapter 8 : Management of Security Lecture #1-Week 13 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

The Survival Plan.

Presentation transcript:

IT Service Continuity Management Associated with RISK.

Goal – Primary Objective IT Service Continuity Management Goal – Primary Objective To support the overall Business Continuity management process by ensuring that the required IT technical services and facilities can be recovered within required and agreed business time-scales

Why Continuity Management IT Service Continuity Management Why Continuity Management Ensuring business survival by reducing the impact of a disaster or major failure Reducing the vulnerability and risk to the business by effective risk analysis and risk management Preventing the loss of Customer and User confidence Producing IT recovery plans that are integrated with and fully support the organisation’s overall Business Continuity Plan

IT Service Continuity Management Considerations IT Service Continuity options need to be understood and the most appropriate solution chosen in support of BCM requirements Roles and responsibilities need to be identified and supported from a senior level IT recovery plans and Business Continuity plans need to be aligned regularly reviewed, revised and tested

The Business Continuity Life-cycle Overview IT Service Continuity Management The Business Continuity Life-cycle Overview Stage 1 – Initiation Initiate Business Continuity Manager Stage 2 – Requirements and Strategy Stage 3 - Implementation Stage 4 - Operational Management

Stage 2 – Requirements and Strategy IT Service Continuity Management Stage 2 – Requirements and Strategy Business Impact Analysis Identification of Critical Business Processes and Speed of Recovery Risk Assessment and Methodology Threats to Assets CRAMM – CCTA’s Risk Analysis Management Methodology (Central Computer and Telecommunications Agency) Business Continuity Strategy Based on Top Risks

IT Service Continuity Management Risk Analysis (CRAMM) ANALYSIS Assets Threats Vulnerabilities Risks MANAGEMENT Countermeasures

IT Service Continuity Management Risk Analysis Asset Categorise and RANK 1-10 Hardware Software People Buildings etc. Threat List and RANK 1-3 Vulnerability against Assets Matrix RANK 1-3 Risk = Asset * Threats * Vulnerability

IT Service Continuity Management IT Recovery Options Do nothing Manual back-up – revert to pen and paper Reciprocal arrangements with another company Gradual recovery - Cold Standby Intermediate recovery - Warm Standby Immediate recovery - Hot Standby

Gradual Recovery – COLD standby IT Service Continuity Management Gradual Recovery – COLD standby Time to recovery > 72hrs Empty Computer space Remote Portable Nothing in the rooms Requires contracts / procedures in place to set up

Intermediate Recovery – WARM standby IT Service Continuity Management Intermediate Recovery – WARM standby Time to recovery 24hrs to 72hrs Filled Computer space Remote Portable Networked Computers but with NO Data

Immediate Recovery – HOT standby IT Service Continuity Management Immediate Recovery – HOT standby Time to recovery “within the working day” 0hrs to 8hrs Filled Computer Space Remote Portable Networked Computers with Data (but not necessarily up to date)

Benefits of Continuity Management IT Service Continuity Management Benefits of Continuity Management Management of risk and the consequent reduction of the impact of failure Fulfilment of regulatory requirements Potentially lower insurance premiums A more business focussed approach to IT continuity and recovery Reduced business disruption during an incident Increased customer confidence and organisational credibility

IT Service Continuity Management ISCM Exam Tips Know the Disaster Recovery options

IT Service Continuity Management Exam Questions In relation to IT Service Continuity Planning, the severity of a disaster depends upon: A The time of day it occurs B How many people are available to assist in recovery C The type of disaster, whether flood, fire etc D The impact (EFFECT) upon customers’ businesses

IT Service Continuity Management Exam Questions Consider the following statements about IT Service Continuity Planning: The intermediate recovery external option offers a remote installation, fully equipped with all the required hardware, software, communications and environmental control equipment The intermediate recovery external option is often shared between multiple customers and in the event of a disaster may not be available due to over-subscription A Both B Neither C Only 1 D Only 2

IT Service Continuity Management Exam Questions Your organisation has just entered into a Gradual Recovery (Cold Standby) IT service Continuity Agreement. Within the ITIL definition, which of the following lists is INCORRECT for what you could find at the contingency site? A A building, electricity, telecommunications equipment, office space for technical staff B Stand-by generator, telecommunications equipment, system manuals, support staff, water C A building, telecommunications equipment, a computer, support staff, documentation D A building, electricity, water, support staff, system manuals

IT Service Continuity Management Exam Questions Which of the following would you NOT expect to see in an IT Service Continuity Plan? A Contact lists B The version number C Reference to change control procedures D Full Service Level Agreements (SLM)