1 / 15

Business Continuity Management: Justification, Implementation &Testing Presentation at the

Business Continuity Management: Justification, Implementation &Testing Presentation at the SecureIT2006 Conference Paul Rosenthal Professor of Information Systems California State University, Los Angeles. Business Continuity Management: Justification, Implementation &Testing.

grady-fox
Download Presentation

Business Continuity Management: Justification, Implementation &Testing Presentation at the

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Business Continuity Management: Justification, Implementation &Testing Presentation at the SecureIT2006 Conference Paul Rosenthal Professor of Information Systems California State University, Los Angeles

  2. Business Continuity Management: Justification, Implementation &Testing Justification *Cost/benefit analysis * Selling Scenario- Implementation* Operational Team Structure- Testing the Management Level Plan: The Key* Security Pacific Video

  3. Justification of BCM (Security) Projects For all Critical Operational Functions 1. Estimate Losses by length of outage 2. Determine length of outage by backup/ recovery scenario 3. Perform cost/benefit analysis of each feasible scenario 4. Select and sell selected scenario

  4. 1. Estimate Losses by length of outage: Step 1 (Losses) An Electronics Wholesaler

  5. 1. Estimate Losses by length of outage: Step 2 (Recovery)

  6. 2. Determine length of outage by backup/ recovery scenario Recovery analysis for a large bank

  7. 3. Perform cost/benefit analysis of each feasible scenario

  8. Decision Approaches • Probability-based (used in insurance justification) • Analysis-based (used in cost-benefit analysis) • Intuition-based (used by most executives and expert systems) The analysis-based approach based on fiduciary responsibility will be recommended, since the probability approach and the intuition-based approach can lead to catastrophic loss exposures.

  9. Probability-based(used in insurance justification) • Mr. probability Cost of Hot Site Backup $500,000/year (2% of IS budget) Direct Losses over ten days $3,000,000 Probability of loss .01/year Net Direct Loss $300,000/event ROI -40% (Bad Investment)

  10. Analysis-based(used in cost-benefit analysis) • Mr. Application Analyst Direct Impact Loss/Event (10 days) $30,000,000 Delayed Loss of Business/Event $360,000,000 (year to recover ½ sales) Total $ Loss/Event $390,000,000 (½ yearly profit) Probability of Losing our Jobs and Stockholder Suits 100%

  11. Intuition-based(used by most executives and expert systems) Step 1: Define Primary Evaluation Criteria of Key Stakeholders

  12. Perform Ranking of Backup Alternatives using Cyert & March Methodology

  13. Recommendation The authors believe that the prudent fiduciary approach recommended, best represents the approach that should be used by industry and government. The probability and intuitive based approaches can be dangerous, since they occasionally leads organizations to take inappropriate risks.

  14. IMPLEMENTATION:

  15. BCM Testing: The Key • Operational Testing (using backup sites) • Administrative Units • Operational Units • Facilities and Telecommunications • Management Testing • Life-Safety (evacuation drills, …) • Team Simulations (Security Pacific Video)

More Related