SlideShare ist ein Scribd-Unternehmen logo

Risk Based Approach To Recovery And Continuity Management John P Morency

Als PPT, PDF herunterladen
J
jmorency1952

Presented at 2008 ISACA-NE Annual meeting. Discusses risk management methodology for recovery and continuity management initiatives.

Technologie
1 von 21
A Risk-based Approach to Recovery & Continuity Management John P. Morency, CISA Research Director (978)-901-4123 [email_address]
Fact #1: “Disasters” happen more often than you think …. Source: SunGard Availability Services U.S. data Data Center Eqpt Failure, 483, 34% Weather-related disasters (e.g. hurricanes, floods, blizzards) 274, 20% Network Outage, 79, 5% Power Outage, 209, 14% Software, 27, 2% Terrorism, 176, 12% Building Damage, Gas/Water Break, 12, 1% Flood, 90, 6% Fire/Explosion, 47, 3% Bomb Threat/Evacuation, 27, 2% Earthquake, 19, 1%
Gartner Survey Findings: Last Time Continuity Plan was Exercised N=168 26% 28% 29% 16% 21% 23% 13% 20% 17% 20% 20% 17% 19% 25% 25% 16% 18% 17% 33% 18% 21% 35% 30% 36% 8% 10% 9% 13% 11% 7% 0% 20% 40% 60% 80% 100% Within the last six months Within the last year Within the last two years Never Not sure Disaster Recovery Work area/Workforce Continuity Business Resumption Contingency Planning Emergency/Incident Mgmt. Restoration Two-thirds of organizations have had to use their BCM/DR plans within the last two years.
Fact #2: Post-9/11 Surge in Business Continuity Regulations and Standards Consumer Credit Protection Act OMB Circular A-130 FEMA Guidance Document Paperwork Reduction Act FFIEC BCP Handbook Computer Security Act 12 CFR Part 18 Presidential Decision Directive 67 FDA Guidance on Computerized Systems used in Clinical Trials ANSI/NFPA Standard 1600 Sarbanes-Oxley Act of 2002 HIPAA, Final Security Rule FFIEC BCP Handbook Fair Credit Reporting Act NASD Rule 3510 NERC Security Guidelines FERC Security Standards NAIC Standard on BCP NIST Contingency Planning Guide FRB-OCC-SEC Guidelines for Strengthening the Resilience of US Financial System NYSE Rule 446 California SB 1386 Australia Standards BCM Handbook GAO Potential Terrorist Attacks Guideline Post-9/11 Pre-9/11 1991 - 2001 2002 2008 FPC 65 NYS Circular Letter 7 ASIS State of NY FIRM White Paper on CP NISCC Good Practices (Telecomm) Australian Prudential Standard on BCM HB221 HB292 BS25999 SS507 TR19 CA Z1600 Title IX – 110-53
Fact #3: DR is (Very) Important (source: 2008 Gartner Research Survey)
Business Context -- The IT Risk Pyramid ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Source: Westerman, G. "The IT Risk Pyramid: Where to Start with Risk Management"" MIT CISR Research Briefing, V (1D), Mar 2005 and Westerman, G. & Hunter, R.: IT Risk, Business Consequences, Harvard Business School Press, forthcoming. © 2006 MIT Sloan Center for Information Systems Research – Westerman "Controlling continuity risk not only improves business continuity, but also starts to improve access, integrity, and strategic change risks." Business Agility Availability & Continuity Accessibility Accuracy IT Risks ,[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Seven Risk Management Principles
Recovery & Continuity Business Case “ The Balancing Act”
Two Fundamental Questions ,[object Object],[object Object]
Generic Risk Definition Framework
Assessment Starting Point – ISACA P1 Focus on: TBS
Application Risk Assessment – Part 1
Application Risk Assessment – Part 2 ,[object Object],[object Object],[object Object]
Risk-based BIA Model ,[object Object],[object Object],[object Object]
Affordability Analysis Part I: Leverage DR Spending Benchmark Data Source: Gartner November 2007 IT Spending Growth (%) - 2007 7 6 5 4 3 2 1 0 $1M $5M $10M State & Local Government Low End = $.51M High End = $1.2M Midpoint = $.9M 2007 IT Budget Growth Rate= 2.6% Federal Government Low End = $3.9M High End = $9.9M Midpoint = $6.9M 2007 IT Budget Growth Rate= 5.5%
Gartner IT Spending Benchmark DR Addressable Budget Source: Gartner November 2007
DRM Critical Success Factors (CSFs) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Definition: The actions that are needed in order to improve Disaster Recovery Predictability, Effectiveness and Efficiency Source: Gartner November 2007
Affordability Analysis Part II: Self Assessment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Source: Gartner November 2007
Defining Audit Ready Test Plans
Example - Objective # 4 Test Plan
Business Imperatives ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Empfohlen

The Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALThe Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALJohn Baumgarten
 
V mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryV mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryVMware_EMEA
 
Business Continuity: How to Eliminate Downtime
Business Continuity: How to Eliminate DowntimeBusiness Continuity: How to Eliminate Downtime
Business Continuity: How to Eliminate DowntimeNamtek Consulting Services
 
Deep Dive into Disaster Recovery in the Cloud
Deep Dive into Disaster Recovery in the CloudDeep Dive into Disaster Recovery in the Cloud
Deep Dive into Disaster Recovery in the CloudBluelock
 
Devising an ideal building maintenance strateg1 https://clevair.io/
Devising an ideal building maintenance strateg1 https://clevair.io/Devising an ideal building maintenance strateg1 https://clevair.io/
Devising an ideal building maintenance strateg1 https://clevair.io/Clevair
 
Avoiding The Common Pitfall in DX Execution
Avoiding The Common Pitfall in DX ExecutionAvoiding The Common Pitfall in DX Execution
Avoiding The Common Pitfall in DX ExecutionYokogawa1
 
Disaster Recovery vs. Business Continuity
Disaster Recovery vs. Business ContinuityDisaster Recovery vs. Business Continuity
Disaster Recovery vs. Business ContinuityRapidScale
 
Disaster recovery solution
Disaster recovery solutionDisaster recovery solution
Disaster recovery solutionAnton An
 

Empfohlen

The Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALThe Edge of Disaster Recovery - May Events Presentation FINAL
The Edge of Disaster Recovery - May Events Presentation FINALJohn Baumgarten
 
V mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryV mware quick start guide to disaster recovery
V mware quick start guide to disaster recoveryVMware_EMEA
 
Business Continuity: How to Eliminate Downtime
Business Continuity: How to Eliminate DowntimeBusiness Continuity: How to Eliminate Downtime
Business Continuity: How to Eliminate DowntimeNamtek Consulting Services
 
Deep Dive into Disaster Recovery in the Cloud
Deep Dive into Disaster Recovery in the CloudDeep Dive into Disaster Recovery in the Cloud
Deep Dive into Disaster Recovery in the CloudBluelock
 
Devising an ideal building maintenance strateg1 https://clevair.io/
Devising an ideal building maintenance strateg1 https://clevair.io/Devising an ideal building maintenance strateg1 https://clevair.io/
Devising an ideal building maintenance strateg1 https://clevair.io/Clevair
 
Avoiding The Common Pitfall in DX Execution
Avoiding The Common Pitfall in DX ExecutionAvoiding The Common Pitfall in DX Execution
Avoiding The Common Pitfall in DX ExecutionYokogawa1
 
Disaster Recovery vs. Business Continuity
Disaster Recovery vs. Business ContinuityDisaster Recovery vs. Business Continuity
Disaster Recovery vs. Business ContinuityRapidScale
 
Disaster recovery solution
Disaster recovery solutionDisaster recovery solution
Disaster recovery solutionAnton An
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Allgress Brochure
Allgress BrochureAllgress Brochure
Allgress Brochurelinkedinlion11
 
Building a Robust Foundation for Digital Asset Management
Building a Robust Foundation for Digital Asset ManagementBuilding a Robust Foundation for Digital Asset Management
Building a Robust Foundation for Digital Asset ManagementYokogawa1
 
Machine learning for predictive maintenance external
Machine learning for predictive maintenance externalMachine learning for predictive maintenance external
Machine learning for predictive maintenance externalPrashant K Dhingra
 
How to write an IT DR plan
How to write an IT DR planHow to write an IT DR plan
How to write an IT DR planDatabarracks
 
Business Continuity and Recovery Planning for Power Outages
Business Continuity and Recovery Planning for Power OutagesBusiness Continuity and Recovery Planning for Power Outages
Business Continuity and Recovery Planning for Power OutagesARC Advisory Group
 
Recovery Time Objective and Recovery Point Objective
Recovery Time Objective and Recovery Point ObjectiveRecovery Time Objective and Recovery Point Objective
Recovery Time Objective and Recovery Point ObjectiveYankee Maharjan
 
Continous Audit and Controls with Brainwave GRC
Continous Audit and Controls with Brainwave GRCContinous Audit and Controls with Brainwave GRC
Continous Audit and Controls with Brainwave GRCGraeme Hein
 
SplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunk
 
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...Yokogawa1
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
XMPLR Data Analytics in Power Generation
XMPLR Data Analytics in Power GenerationXMPLR Data Analytics in Power Generation
XMPLR Data Analytics in Power GenerationScott Affelt
 
Boomerang Total Recall
Boomerang Total RecallBoomerang Total Recall
Boomerang Total Recallbdoyle05
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Boomerang Offsite
Boomerang OffsiteBoomerang Offsite
Boomerang Offsitebdoyle05
 
TalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionTalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionBaan
 
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...Cognizant
 
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTWhat is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTEmbitel Technologies (I) PVT LTD
 
'Re-writing' Infrastructure management
'Re-writing' Infrastructure management'Re-writing' Infrastructure management
'Re-writing' Infrastructure managementMovate
 
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Business Cable Collaboration Group
 
Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis... Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis...geekmodeboy
 
Databarracks zerto - webinar - sept2015-slideshare
Databarracks zerto - webinar - sept2015-slideshareDatabarracks zerto - webinar - sept2015-slideshare
Databarracks zerto - webinar - sept2015-slideshareDatabarracks
 

Weitere ähnliche Inhalte

Was ist angesagt?

SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...EnergySec
 
Building a Robust Foundation for Digital Asset Management
Building a Robust Foundation for Digital Asset ManagementBuilding a Robust Foundation for Digital Asset Management
Building a Robust Foundation for Digital Asset ManagementYokogawa1
 
Machine learning for predictive maintenance external
Machine learning for predictive maintenance externalMachine learning for predictive maintenance external
Machine learning for predictive maintenance externalPrashant K Dhingra
 
How to write an IT DR plan
How to write an IT DR planHow to write an IT DR plan
How to write an IT DR planDatabarracks
 
Business Continuity and Recovery Planning for Power Outages
Business Continuity and Recovery Planning for Power OutagesBusiness Continuity and Recovery Planning for Power Outages
Business Continuity and Recovery Planning for Power OutagesARC Advisory Group
 
Recovery Time Objective and Recovery Point Objective
Recovery Time Objective and Recovery Point ObjectiveRecovery Time Objective and Recovery Point Objective
Recovery Time Objective and Recovery Point ObjectiveYankee Maharjan
 
Continous Audit and Controls with Brainwave GRC
Continous Audit and Controls with Brainwave GRCContinous Audit and Controls with Brainwave GRC
Continous Audit and Controls with Brainwave GRCGraeme Hein
 
SplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunk
 
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...Yokogawa1
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
XMPLR Data Analytics in Power Generation
XMPLR Data Analytics in Power GenerationXMPLR Data Analytics in Power Generation
XMPLR Data Analytics in Power GenerationScott Affelt
 
Boomerang Total Recall
Boomerang Total RecallBoomerang Total Recall
Boomerang Total Recallbdoyle05
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Boomerang Offsite
Boomerang OffsiteBoomerang Offsite
Boomerang Offsitebdoyle05
 
TalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionTalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionBaan
 
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...Cognizant
 
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTWhat is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTEmbitel Technologies (I) PVT LTD
 
'Re-writing' Infrastructure management
'Re-writing' Infrastructure management'Re-writing' Infrastructure management
'Re-writing' Infrastructure managementMovate
 
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Business Cable Collaboration Group
 

Was ist angesagt? (20)

SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
 
Allgress Brochure
Allgress BrochureAllgress Brochure
Allgress Brochure
 
Building a Robust Foundation for Digital Asset Management
Building a Robust Foundation for Digital Asset ManagementBuilding a Robust Foundation for Digital Asset Management
Building a Robust Foundation for Digital Asset Management
 
Machine learning for predictive maintenance external
Machine learning for predictive maintenance externalMachine learning for predictive maintenance external
Machine learning for predictive maintenance external
 
How to write an IT DR plan
How to write an IT DR planHow to write an IT DR plan
How to write an IT DR plan
 
Business Continuity and Recovery Planning for Power Outages
Business Continuity and Recovery Planning for Power OutagesBusiness Continuity and Recovery Planning for Power Outages
Business Continuity and Recovery Planning for Power Outages
 
Recovery Time Objective and Recovery Point Objective
Recovery Time Objective and Recovery Point ObjectiveRecovery Time Objective and Recovery Point Objective
Recovery Time Objective and Recovery Point Objective
 
Continous Audit and Controls with Brainwave GRC
Continous Audit and Controls with Brainwave GRCContinous Audit and Controls with Brainwave GRC
Continous Audit and Controls with Brainwave GRC
 
SplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare OperationsSplunkLive! Houston Improving Healthcare Operations
SplunkLive! Houston Improving Healthcare Operations
 
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...
Foundation, Transition, Transform – Koch’s Journey Toward The Plant of the Fu...
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation
 
XMPLR Data Analytics in Power Generation
XMPLR Data Analytics in Power GenerationXMPLR Data Analytics in Power Generation
XMPLR Data Analytics in Power Generation
 
Boomerang Total Recall
Boomerang Total RecallBoomerang Total Recall
Boomerang Total Recall
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Boomerang Offsite
Boomerang OffsiteBoomerang Offsite
Boomerang Offsite
 
TalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionTalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management Solution
 
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
Using Predictive Analytics to Optimize Asset Maintenance in the Utilities Ind...
 
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoTWhat is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
What is Predictive Maintenance? Learn Its Benefits & Role of Industrial IoT
 
'Re-writing' Infrastructure management
'Re-writing' Infrastructure management'Re-writing' Infrastructure management
'Re-writing' Infrastructure management
 
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
Making Smart Telecom & Network Choices: 8 Reasons Business Customers Partner ...
 

Andere mochten auch

Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis... Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis...geekmodeboy
 
Databarracks zerto - webinar - sept2015-slideshare
Databarracks zerto - webinar - sept2015-slideshareDatabarracks zerto - webinar - sept2015-slideshare
Databarracks zerto - webinar - sept2015-slideshareDatabarracks
 
Presentazione Zerto @ VMUGIT UserCon 2015
Presentazione Zerto @ VMUGIT UserCon 2015Presentazione Zerto @ VMUGIT UserCon 2015
Presentazione Zerto @ VMUGIT UserCon 2015VMUG IT
 
Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5BusinesstoVirtual
 
Zerto @ VMUG.IT 20150304
Zerto @ VMUG.IT 20150304Zerto @ VMUG.IT 20150304
Zerto @ VMUG.IT 20150304VMUG IT
 
Using Training to up your Ante by Julian Weiss
Using Training to up your Ante by Julian WeissUsing Training to up your Ante by Julian Weiss
Using Training to up your Ante by Julian WeissPaula Stern
 
Zerto - Software Defined Disaster Recovery
Zerto - Software Defined Disaster RecoveryZerto - Software Defined Disaster Recovery
Zerto - Software Defined Disaster RecoveryVMUG IT
 
ZERTO Introduction to End User Presentation
ZERTO Introduction to End User PresentationZERTO Introduction to End User Presentation
ZERTO Introduction to End User PresentationBusinesstoVirtual
 
Gartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risksGartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risksSatya Harish
 
Benchmark 2014 | Global Results for Desktop Support | HDI 2015
Benchmark 2014 | Global Results for Desktop Support | HDI 2015Benchmark 2014 | Global Results for Desktop Support | HDI 2015
Benchmark 2014 | Global Results for Desktop Support | HDI 2015MetricNet
 
Virtual Replication Built for AWS - Session Sponsored by Zerto
Virtual Replication Built for AWS - Session Sponsored by ZertoVirtual Replication Built for AWS - Session Sponsored by Zerto
Virtual Replication Built for AWS - Session Sponsored by ZertoAmazon Web Services
 
2016 CIO Agenda
2016 CIO Agenda2016 CIO Agenda
2016 CIO AgendaDen Reymer
 
How To Reduce Application Support & Maintenance Cost
How To Reduce Application Support & Maintenance Cost How To Reduce Application Support & Maintenance Cost
How To Reduce Application Support & Maintenance Cost HCL Technologies
 

Andere mochten auch (13)

Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis... Improve your it disaster recovery plan, and your ability to recover from dis...
Improve your it disaster recovery plan, and your ability to recover from dis...
 
Databarracks zerto - webinar - sept2015-slideshare
Databarracks zerto - webinar - sept2015-slideshareDatabarracks zerto - webinar - sept2015-slideshare
Databarracks zerto - webinar - sept2015-slideshare
 
Presentazione Zerto @ VMUGIT UserCon 2015
Presentazione Zerto @ VMUGIT UserCon 2015Presentazione Zerto @ VMUGIT UserCon 2015
Presentazione Zerto @ VMUGIT UserCon 2015
 
Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5Zerto Virtual Replication 4.5
Zerto Virtual Replication 4.5
 
Zerto @ VMUG.IT 20150304
Zerto @ VMUG.IT 20150304Zerto @ VMUG.IT 20150304
Zerto @ VMUG.IT 20150304
 
Using Training to up your Ante by Julian Weiss
Using Training to up your Ante by Julian WeissUsing Training to up your Ante by Julian Weiss
Using Training to up your Ante by Julian Weiss
 
Zerto - Software Defined Disaster Recovery
Zerto - Software Defined Disaster RecoveryZerto - Software Defined Disaster Recovery
Zerto - Software Defined Disaster Recovery
 
ZERTO Introduction to End User Presentation
ZERTO Introduction to End User PresentationZERTO Introduction to End User Presentation
ZERTO Introduction to End User Presentation
 
Gartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risksGartner 2013 it cost optimization strategy, best practices & risks
Gartner 2013 it cost optimization strategy, best practices & risks
 
Benchmark 2014 | Global Results for Desktop Support | HDI 2015
Benchmark 2014 | Global Results for Desktop Support | HDI 2015Benchmark 2014 | Global Results for Desktop Support | HDI 2015
Benchmark 2014 | Global Results for Desktop Support | HDI 2015
 
Virtual Replication Built for AWS - Session Sponsored by Zerto
Virtual Replication Built for AWS - Session Sponsored by ZertoVirtual Replication Built for AWS - Session Sponsored by Zerto
Virtual Replication Built for AWS - Session Sponsored by Zerto
 
2016 CIO Agenda
2016 CIO Agenda2016 CIO Agenda
2016 CIO Agenda
 
How To Reduce Application Support & Maintenance Cost
How To Reduce Application Support & Maintenance Cost How To Reduce Application Support & Maintenance Cost
How To Reduce Application Support & Maintenance Cost
 

Ähnlich wie Risk Based Approach To Recovery And Continuity Management John P Morency

Business Continuity Awareness Week 2009
Business Continuity Awareness Week 2009Business Continuity Awareness Week 2009
Business Continuity Awareness Week 2009Brigitte Theuma
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
Operational Improvements
Operational ImprovementsOperational Improvements
Operational Improvementskrkingsley
 
Advanced Analytics for Asset Management with IBM
Advanced Analytics for Asset Management with IBMAdvanced Analytics for Asset Management with IBM
Advanced Analytics for Asset Management with IBMPerficient, Inc.
 
Managing Information For Climate Change Reporting
Managing Information For Climate Change ReportingManaging Information For Climate Change Reporting
Managing Information For Climate Change ReportingRaphael Hitzke
 
Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2Jorge Sebastiao
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™CPaschal
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™CPaschal
 
The programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth WatsonThe programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth WatsonWorkiva
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Businessat MicroFocus Italy ❖✔
 
Expert handling and management of project and compliance risk
Expert handling and management of project and compliance risk Expert handling and management of project and compliance risk
Expert handling and management of project and compliance risk Rolta
 
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Robert Nardella
 
Drp For Menora
Drp For MenoraDrp For Menora
Drp For MenoraPini Cohen
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSathishKumar960827
 

Ähnlich wie Risk Based Approach To Recovery And Continuity Management John P Morency (20)

Business Continuity Awareness Week 2009
Business Continuity Awareness Week 2009Business Continuity Awareness Week 2009
Business Continuity Awareness Week 2009
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop Final
 
Operational Improvements
Operational ImprovementsOperational Improvements
Operational Improvements
 
Advanced Analytics for Asset Management with IBM
Advanced Analytics for Asset Management with IBMAdvanced Analytics for Asset Management with IBM
Advanced Analytics for Asset Management with IBM
 
Managing Information For Climate Change Reporting
Managing Information For Climate Change ReportingManaging Information For Climate Change Reporting
Managing Information For Climate Change Reporting
 
Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2Risk mgmt key to security certifications v2
Risk mgmt key to security certifications v2
 
RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™RiskWatch for Financial Institutions™
RiskWatch for Financial Institutions™
 
Qatar Proposal
Qatar ProposalQatar Proposal
Qatar Proposal
 
BCBS Information Article By Mike Gowlett
BCBS Information Article By Mike GowlettBCBS Information Article By Mike Gowlett
BCBS Information Article By Mike Gowlett
 
RiskWatch for Credit Unions™
RiskWatch for Credit Unions™RiskWatch for Credit Unions™
RiskWatch for Credit Unions™
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness
 
The programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth WatsonThe programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth Watson
 
Business Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your BusinessBusiness Risk: Effective Technology Protecting Your Business
Business Risk: Effective Technology Protecting Your Business
 
The Cost of Downtime
The Cost of DowntimeThe Cost of Downtime
The Cost of Downtime
 
The Cost of Downtime
The Cost of DowntimeThe Cost of Downtime
The Cost of Downtime
 
Expert handling and management of project and compliance risk
Expert handling and management of project and compliance risk Expert handling and management of project and compliance risk
Expert handling and management of project and compliance risk
 
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
Presentation on DR testing featuring quotes by Robert Nardella in an intervie...
 
Drp For Menora
Drp For MenoraDrp For Menora
Drp For Menora
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 

Kürzlich hochgeladen

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Kürzlich hochgeladen (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Risk Based Approach To Recovery And Continuity Management John P Morency

  • 1. A Risk-based Approach to Recovery & Continuity Management John P. Morency, CISA Research Director (978)-901-4123 [email_address]
  • 2. Fact #1: “Disasters” happen more often than you think …. Source: SunGard Availability Services U.S. data Data Center Eqpt Failure, 483, 34% Weather-related disasters (e.g. hurricanes, floods, blizzards) 274, 20% Network Outage, 79, 5% Power Outage, 209, 14% Software, 27, 2% Terrorism, 176, 12% Building Damage, Gas/Water Break, 12, 1% Flood, 90, 6% Fire/Explosion, 47, 3% Bomb Threat/Evacuation, 27, 2% Earthquake, 19, 1%
  • 3. Gartner Survey Findings: Last Time Continuity Plan was Exercised N=168 26% 28% 29% 16% 21% 23% 13% 20% 17% 20% 20% 17% 19% 25% 25% 16% 18% 17% 33% 18% 21% 35% 30% 36% 8% 10% 9% 13% 11% 7% 0% 20% 40% 60% 80% 100% Within the last six months Within the last year Within the last two years Never Not sure Disaster Recovery Work area/Workforce Continuity Business Resumption Contingency Planning Emergency/Incident Mgmt. Restoration Two-thirds of organizations have had to use their BCM/DR plans within the last two years.
  • 4. Fact #2: Post-9/11 Surge in Business Continuity Regulations and Standards Consumer Credit Protection Act OMB Circular A-130 FEMA Guidance Document Paperwork Reduction Act FFIEC BCP Handbook Computer Security Act 12 CFR Part 18 Presidential Decision Directive 67 FDA Guidance on Computerized Systems used in Clinical Trials ANSI/NFPA Standard 1600 Sarbanes-Oxley Act of 2002 HIPAA, Final Security Rule FFIEC BCP Handbook Fair Credit Reporting Act NASD Rule 3510 NERC Security Guidelines FERC Security Standards NAIC Standard on BCP NIST Contingency Planning Guide FRB-OCC-SEC Guidelines for Strengthening the Resilience of US Financial System NYSE Rule 446 California SB 1386 Australia Standards BCM Handbook GAO Potential Terrorist Attacks Guideline Post-9/11 Pre-9/11 1991 - 2001 2002 2008 FPC 65 NYS Circular Letter 7 ASIS State of NY FIRM White Paper on CP NISCC Good Practices (Telecomm) Australian Prudential Standard on BCM HB221 HB292 BS25999 SS507 TR19 CA Z1600 Title IX – 110-53
  • 5. Fact #3: DR is (Very) Important (source: 2008 Gartner Research Survey)
  • 6.
  • 7.
  • 8. Recovery & Continuity Business Case “ The Balancing Act”
  • 9.
  • 11. Assessment Starting Point – ISACA P1 Focus on: TBS
  • 13.
  • 14.
  • 15. Affordability Analysis Part I: Leverage DR Spending Benchmark Data Source: Gartner November 2007 IT Spending Growth (%) - 2007 7 6 5 4 3 2 1 0 $1M $5M $10M State & Local Government Low End = $.51M High End = $1.2M Midpoint = $.9M 2007 IT Budget Growth Rate= 2.6% Federal Government Low End = $3.9M High End = $9.9M Midpoint = $6.9M 2007 IT Budget Growth Rate= 5.5%
  • 16. Gartner IT Spending Benchmark DR Addressable Budget Source: Gartner November 2007
  • 17.
  • 18.
  • 19. Defining Audit Ready Test Plans
  • 20. Example - Objective # 4 Test Plan
  • 21.

Hinweis der Redaktion

  1. 2007 BCM Survey Results These materials can be reproduced only with written approval from Gartner. Such approvals must be requested via e-mail: vendor.relations@gartner.com. Conference Name Roberta J. Witty Month XX, 2007 Venue City, ST