Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure.

Published byZackary Allday Modified over 9 years ago

Similar presentations

Presentation on theme: "1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure."— Presentation transcript:

1 1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure

2 © Robert G Parker – UW-CISA 2010 8 - Management and Operation of Technology Infrastructure 40% of Respondents were using the cloud 20% planned to use the cloud within 24 months 22% were in the process of evaluating the cloud Dealing with changing infrastructure environments and the new technologies that are driving business changes and creating risks and management issues Source: Informationweek Analytics Of the remaining 18%, 6% decided not to use clouds and 12% has no plans to evaluate them. Concerns associated with infrastructure management included : Control of data handling systems that are outside of the formal system, such as the use of spreadsheets (13) S-2

3 User managed data bases that are locally developed and processed within business units but which may lack rigorous processes typically associated with IT-developed solutions such as quality reviews, testing, change management and access controls. Security of data that is or can be stored on portable devices or that is easily moved among stakeholders 8 - Management and Operation of Technology Infrastructure 3 Empowered UsersPortable Devices

4 © Robert G Parker – UW-CISA 2010 8 - Management and Operation of Technology Infrastructure Increasing use of cloud computing without an understanding of the associated risks (Lack of a cloud risk management strategy) Increasing risks associated with the quality and integrity of information processed and presented from these ad hoc systems and applications. Increased risks of subsequent and ongoing problems caused by incomplete, unperformed or erroneous unchecked change management procedures. Lack of ‘Security over information moved between various sites, or stored, on moveble/moblie media Lack of control over portable media Business Risks S-4

5 © Robert G Parker – UW-CISA 2010 8 - Management and Operation of Technology Infrastructure Implement requirements for, and conduct full technology and business risk assessment prior to adopting new technologies Where ad hoc systems and applications are integrated into the enterprise’s information systems, ensure that controls exist and are operation to validate the integrity of the information prior to it further use. Establish, adhere to and monitor rigorous change management procedures Implement procedures, such as encryption over information at rest, in transit and while archives to minimize the risk of an information breach Implement and monitor procedures over when portable may be used, the types of information that may be placed on them and the security and control restrictions over them Operational / Technology Risk Management S-5

6 © Robert G Parker – UW-CISA 2010 S-6 9 - Business Continuity and Pandemic Awareness Business Continuity and Pandemic Awareness

7 © Robert G Parker – UW-CISA 2010 9 - Business Continuity and Pandemic Awareness Information technology departments have an obligation to provide services throughout the enterprise. However, they are frequently challenged in developing and testing effective technology disaster recovery plans due to lack of enterprise planning, lack of funding or denial of the potential severity of the risks. Lack of meaningful preparedness for a pandemic Entity centric continuity plans; inward focus Lack of supply chain resiliency, redundancy Lack of comprehensive continuity plans Plans have not been tested Plans are not being maintained S-7 The Same Issues

8 © Robert G Parker – UW-CISA 2010 S-8 9 - Business Continuity and Pandemic Awareness Lack of meaningful preparedness for a pandemic No single point of contact Conflicting messages, priorities Plans differed by region Different groups defined as high risk Initially insufficient vaccine Numerous individuals not vaccinated No instructions for travellers across Canada Coughing in the crook of your arm campaign was effective We Dodged the Bullet- This Time!

9 © Robert G Parker – UW-CISA 2010 S-9 9 - Business Continuity and Pandemic Awareness Entity centric continuity plans; inward focus Plans do not consider third party infrastructure Plans do not consider up stream and down stream impacts Plans do not address catastrophes Impact on immediate area Impact on foreign operations Risk mitigation strategies and plans Financial and cash flow issues Impact on franchised operations Business Continuity Plans frequently address only recovery of the business and its infrastructure:

10 © Robert G Parker – UW-CISA 2010 S-10 9 - Business Continuity and Pandemic Awareness A Catastrophe Poorly Handled

11 © Robert G Parker – UW-CISA 2010 S-11 9 - Business Continuity and Pandemic Awareness For Want of a Nail The Shoe was Lost

12 © Robert G Parker – UW-CISA 2010 S-12 9 - Business Continuity and Pandemic Awareness For Want of a Shoe The Horse was Lost

13 © Robert G Parker – UW-CISA 2010 S-13 9 - Business Continuity and Pandemic Awareness For Want of a Horse The Battle was Lost Lack of Supply Chain Resiliency, Redundancy

14 © Robert G Parker – UW-CISA 2010 S-14 9 - Business Continuity and Pandemic Awareness For Loss of a Battle The Kingdom was Lost Contingency Planning or Catastrophe Lack of Comprehensive Continuity Plans

15 © Robert G Parker – UW-CISA 2010 S-15 9 - Business Continuity and Pandemic Awareness Plans Have Not Been Tested A BCP or DRP that has not been Tested is Not a Valid Plan It is an Idea of What May Have to be Performed Plans are Not Being Maintained An out of date BCP or DRP Likely does not Reflect the Current Environment, Risks, etc. Relying on an Out of Date Plan Will Likely Not Result in a Successful Outcome

16 © Robert G Parker – UW-CISA 2010 S-16 Business Continuity and Pandemic Awareness Expansion of the Panama Canal to handle super tankers

17 17 Business Continuity and Pandemic Awareness Business Reaction Business Continuity Risk Management Changing external environment not reflected in BCP-DRP plans Lack of understanding of supply chain risks Lack of understanding and knowledge of extend to which up stream and down streams supply and delivery business are addressing their BCP-DRP Lack of effective communication It won’t happen to me Reassess BCP and DRP initiatives Implement plans to link BCP-DRP to enterprise and IT risk management initiatives Ensure supply chain risk are monitored and assessed Implement employee awareness and training programs, newsletters

18 © Robert G Parker – UW-CISA 2010 S-18 10 - Impact of the Economy on Information Technology Impact of the Economy on Information Technology

19 © Robert G Parker – UW-CISA 2010 10 - Impact of the Economy on Information Technology The financial crisis and following recession resulted in the restructuring of many organizations, including, for many, their Information Technology departments. With the recession waning, concern has been expressed over increasing IT departments’ to their previous staffing levels Concerns over adopting new technologies as a means of controlling costs while meeting the increasing needs for IT: Virtualization Cloud Computing BYOC Concern over risks of increased fraud and malicious activity; disgruntled employees and lack of control Concern over controls over outsourcing; Intellectual capital, customer information, other information assets Contract Management -adhering to schedules, providing capacity, saleability S-19

20 © Robert G Parker – UW-CISA 2010 S-20 Thank You For Your Interest and Participation Robert G. Parker

Download ppt "1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Chapter 1 Business Driven Technology

Chapter 1 Business Driven Technology
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?

Buying Better Outcomes Workshop 4 Equalities and Contract Management If you do not take it seriously, why should the supplier?
From Disaster Recovery to Business Resilience Chris Connelly IBM Risk and Resilience COE.

From Disaster Recovery to Business Resilience Chris Connelly IBM Risk and Resilience COE.
Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.

Grow Your Business through Contact Centre Outsourcing Fanny Vaz Director, Personal Market Unit, CTM.
1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed.

1 6 - Outsourcing Outsourcing. © Robert G Parker – UW-CISA 2010 Dealing with issues when a portion or all of the provision of technology services is performed.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
TEL382 Greene Chapter 11. 10/27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.

TEL382 Greene Chapter /27/09 2 Outline What is a Disaster? Disaster Strikes Without Warning Understanding Roles and Responsibilities Preparing For.
The Analyst as a Project Manager

The Analyst as a Project Manager
McGraw-Hill/Irwin © 2005 The McGraw-Hill Companies, Inc. All rights reserved. 13 - 1 13 Chapter The Future of Training and Development.

McGraw-Hill/Irwin © 2005 The McGraw-Hill Companies, Inc. All rights reserved Chapter The Future of Training and Development.
3rd Party Risk Categorization Process

3rd Party Risk Categorization Process
Protection and Disaster Risk Reduction (Place) – (Date) Session 6.1: Integrating Protection into Disaster Risk Reduction.

Protection and Disaster Risk Reduction (Place) – (Date) Session 6.1: Integrating Protection into Disaster Risk Reduction.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
National Public Health Performance Standards Local Assessment Instrument Essential Service:3 Inform, Educate, and Empower People about Health Issues.

National Public Health Performance Standards Local Assessment Instrument Essential Service:3 Inform, Educate, and Empower People about Health Issues.

Similar presentations

Ads by Google