Assuring Reliable and Secure IT Services Chapter 6

Availability Math Availability of components in series

High-availability Facilities Uninterruptible electric power delivery Physical security Climate control and fire suppression Network connectivity Help desk and incident response procedures

Classification of Threats External attacks Intrusion Viruses and worms

Defensive Measures Security policies Firewalls Authentication Encryption Patching and change management Intrusion detection and network monitoring

A Security Management Framework Make deliberate security decisions. Consider security a moving target. Practice disciplined change management. Educate users. Deploy multilevel technical measures, as many as you can afford.

Managing Infrastructure Risks: Consequences and Probabilities Chapter 6 Figure 6 -9 Source: Applegate, Lynda M., Robert D. Austin, and F. Warren McFarlan, Corporate Information Strategy and Management. Burr Ridge, IL: McGraw - Hill/Irwin, HIGH High Consequence Low Probability High Consequence High Probability CRITICAL THREATS LOW Low Consequence Low Probability MINOR THREATS Low Consequence High Probability Consequences PRIORITIZE THREATS 0Probability1

Incident Management and Disaster Recovery Managing incidents before they occur. –Sound infrastructure design –Disciplined execution of operating procedures –Careful documentation –Established crisis management procedures –Rehearsing incident response Managing during an incident. Managing after an incident.