Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they.

Slides:

Advertisements

Similar presentations

IT Service Continuity Management

Advertisements

Information Technology Disaster Recovery Awareness Program.

Case Study: Business Continuity Planning for Site- Level Disaster Kimberley A. Pyles Northrop Grumman Corporation

1 The process of analyzing all core business functions and establishing an optimized timetable for recovery. Provides baseline for:  Justification for.

1 Continuity Planning for transportation agencies.

9 - 1 Computer-Based Information Systems Control.

Learning Objectives After studying this chapter, you should be able to: Recognize revenue items at the proper time on the income statement. Account for.

Introduction Security is a major networking concern. 90% of the respondents to the 2004 Computer Security Institute/FBI Computer Crime and Security Survey.

Chapter 3: The Project Management Process Groups

Processing Integrity and Availability Controls

Computer Security: Principles and Practice

Disaster Recovery Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Chapter 10 Information Systems Controls for System Reliability—Part 3: Processing Integrity and Availability Copyright © 2012 Pearson Education, Inc.

Software Development Unit 2 Databases What is a database? A collection of data organised in a manner that allows access, retrieval and use of that data.

Introduction to Network Defense

Compare and contrast batch processing and online processing, outlining the meaning, advantages and disadvantages of the two. Which one would you recommend.

Services Tailored Around You® Business Contingency Planning Overview July 2013.

Overview of Systems Audit

Chapter 1 The Information System: An Accountant’s Perspective Accounting Information Systems, 5 th edition James A. Hall COPYRIGHT © 2007 Thomson South-Western,

IT Business Continuity Briefing March 3,  Incident Overview  Improving the power posture of the Primary Data Center  STAGEnet Redundancy  Telephone.

Evolving IT Framework Standards (Compliance and IT)

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

HBCU National Workshop June 24, 2011 Disaster Recovery Reggie Brinson Assoc. VP/Chief Information Officer Clark Atlanta University.

Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.

 Much of the information needed by an organisation comes from within the organisation, and the organisation’s IT systems can be used to extract this.

David N. Wozei Systems Administrator, IT Auditor.

ICT Housekeeping & Planning Term 4 through Term 1.

 FFC backs up all of its data each day. It stores its most recent daily backup once a week at a company owned offsite location. FFC also stores the most.

1 Maintain System Integrity Maintain Equipment and Consumables ICAS2017B_ICAU2007B Using Computer Operating system ICAU2231B Caring for Technology Backup.

The Handover Process P6.

Introducing Bookkeeping Wagga Summary Sometimes people use the same term to define an Accountant and a Bookkeeper, they both take part in the accounting.

Engin Ali ARTAN Industrial Engineering

Disaster Recovery and Business Continuity Planning.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Service Level Agreements Service Level Statements NO YES The process of negotiating and defining the levels of user service (service levels) required.

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

INFO1408 Database Design Concepts Week 16: Introduction to Database Management Systems Continued.

Alaa Mubaied Risk Management Alaa Mubaied

Unit 3: Identifying and Safeguarding Vital Records Unit Introduction and Overview Unit objective:  Describe the elements of an effective vital records.

Security Administration. Links to Text Chapter 8 Parts of Chapter 5 Parts of Chapter 1.

The Business Plan: Creating and Starting the Venture

The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.

Crisis Management Crisis: any situation that has the potential to affect long-term confidence in an organisation or product and may interfere with its.

Chap 8: Administering Security.  Security is a combination Technical – covered in chap 1 Administrative Physical controls SE571 Security in Computing.

Protecting Your Data With Just Get Backup, LLC. Agenda How important is your data – Acknowledging worst-case scenarios. Understanding that data backup.

Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.

Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.

 understand that administration involves the storing, processing, retrieving and disseminating of information to support the business functions (i.e.

A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.

© The McGraw-Hill Companies, Inc., 2005 McGraw-Hill/Irwin Accounting Information Systems Chapter 7 7.

Disaster Recovery Planning (DRP) DRP: The definition of business processes, their infrastructure supports and tolerances to interruptions, and formulation.

Risk Assessment and Risk Management James Taylor COSC 316 Spring 2008.

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

© The McGraw-Hill Companies, Inc., 2007 Accounting for Special Journals Appendix E.

Welcome to the ICT Department Unit 3_5 Security Policies.

Project Management PTM721S

Information Security Management Goes Global

Information ITIL Technology Infrastructure Library ITIL.

CS457 Introduction to Information Security Systems

Chapter 4: Application Software

Disaster Recovery Policy & Procedures

Business Contingency Planning

Disaster Recovery Plan

LO2 - Be Able to Design IT Systems to Meet Business Needs

2018 FIRST Quarter Results NASDAQ: fult

data backup & system report

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

Revision from last week  Assumptions are potential failure points in a project. They need to be monitored and managed. At the start of the project they should be noted, and used as input for the risk assessment.  If new assumptions evolve, they should be treated in the same manner.  The priority of the Assumption and the priority of the risk should be the same.

Revision from last week  To carry out a risk analysis you must:  identify your assets  identify the threats to these assets  consider probability  estimate your losses  consider safeguards to put in place  do a cost benefit analysis  develop a plan,  and finally put this plan into action.

Evaluate the impact of critical systems on business continuity When creating a disaster recovery plan, business impact statement and business continuity plan, the first step is to understand which parts of a business are critical for operation

What is a critical business system? A system is critical for a commercial organisation if its failure results directly or indirectly in loss of life (for example, an air traffic control system) and/or major financial loss. When developing a disaster recovery plan (DRP) it is essential to identify critical systems and ensure they are restored as soon as possible.

Identifying critical systems and data You will need to collect information about how the system uses:  software  hardware  networks (voice and data)  data  facilities (chairs, tables projectors etc).

An example of critical assessment Consider the critical systems on your personal computer at home. Assess whether the following situations make your systems critical or not. 1. You are working late on a 50-page assignment that must be handed in by 9 30am the next day otherwise you will fail the course. 2. You are using the Internet to book a holiday you intend taking in three months time. 3. You have developed a spreadsheet to calculate your tax return. 4. You have created a database of CDs, records, tapes and videos which you will need to show your insurance company if the collection is destroyed or stolen. 5. You have saved several versions of your favourite computer game. Activity-1 Activity-1

Table 1: Levels of critical systems Item Critical assessment You are working late on a 50- page assignment that must be handed in by 9 30am the next day otherwise you will fail the course. 2. You are using the Internet to book a holiday you intend taking in three months time. 3. You have developed a spreadsheet to calculate your tax return. 4. You have created a database of CDs, records, tapes and videos which you will need to show your insurance company if the collection is destroyed or stolen. 5. You have saved several versions of your favourite computer game.

Table 1: Levels of critical systems Item Critical assessment 1 Critical until 9:30am and then not critical 2 Not critical 3 Critical when completing tax return 4 Critical if event occurs 5 Not critical 1. You are working late on a 50- page assignment that must be handed in by 9 30am the next day otherwise you will fail the course. 2. You are using the Internet to book a holiday you intend taking in three months time. 3. You have developed a spreadsheet to calculate your tax return. 4. You have created a database of CDs, records, tapes and videos which you will need to show your insurance company if the collection is destroyed or stolen. 5. You have saved several versions of your favourite computer game.  Activity-2

Critical systems/data assessment forms Before starting work on the DRP all critical systems must be identified and documented. Users and management complete critical systems/data assessment forms with the guidance of IT staff. Once completed, they form an integral part of the system documentation.

examples of software form Q.1 Which application software do you normally use and how often? Form 1: Reviewing software used SoftwareConstantlyFrequently A few times a day A few times a week Rarely

Example of data used or created by the system System Name:____________________________ Q.2 What types of data activity do you carry out with each system and where does the source data originate? Show as a percentage of total time. System Name: Update corporate data files Create own data files Create shared documents Create own temporary documents Create own longer-term documents From source documents From source documents From other data files From other data files From irrecoverable sources such as telephone calls From irrecoverable sources such as telephone calls Developed at the workstation such as report writing Developed at the workstation such as report writing Other – specify

Impact of system failure When undertaking risk analysis and disaster planning, it is usual to focus on critical systems, software and data. 1. When assessing the impact on a business it is usual to consider the financial impact. 2. There may also be an impact on cash flow 3. If systems are regularly down or slow then customers may eventually go elsewhere

Statutory and business requirements Statutory and commercial requirements must be considered when assessing the impact of a system failure. The Act governing the Australian financial industry promotes financial soundness, stability and appropriate risk management.

The End Activity-3