![A Risk-based Approach to Recovery & Continuity Management John P. Morency, CISA Research Director (978)-901-4123 [email_address]](https://image.slidesharecdn.com/risk-basedapproachtorecoveryandcontinuitymanagement-johnp-morency-100203074507-phpapp02/85/Risk-Based-Approach-To-Recovery-And-Continuity-Management-John-P-Morency-1-320.jpg)
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (13)
Similar a Risk Based Approach To Recovery And Continuity Management John P Morency
Similar a Risk Based Approach To Recovery And Continuity Management John P Morency (20)
Último
Último (20)
Risk Based Approach To Recovery And Continuity Management John P Morency
- 1. A Risk-based Approach to Recovery & Continuity Management John P. Morency, CISA Research Director (978)-901-4123 [email_address]
- 2. Fact #1: “Disasters” happen more often than you think …. Source: SunGard Availability Services U.S. data Data Center Eqpt Failure, 483, 34% Weather-related disasters (e.g. hurricanes, floods, blizzards) 274, 20% Network Outage, 79, 5% Power Outage, 209, 14% Software, 27, 2% Terrorism, 176, 12% Building Damage, Gas/Water Break, 12, 1% Flood, 90, 6% Fire/Explosion, 47, 3% Bomb Threat/Evacuation, 27, 2% Earthquake, 19, 1%
- 3. Gartner Survey Findings: Last Time Continuity Plan was Exercised N=168 26% 28% 29% 16% 21% 23% 13% 20% 17% 20% 20% 17% 19% 25% 25% 16% 18% 17% 33% 18% 21% 35% 30% 36% 8% 10% 9% 13% 11% 7% 0% 20% 40% 60% 80% 100% Within the last six months Within the last year Within the last two years Never Not sure Disaster Recovery Work area/Workforce Continuity Business Resumption Contingency Planning Emergency/Incident Mgmt. Restoration Two-thirds of organizations have had to use their BCM/DR plans within the last two years.
- 4. Fact #2: Post-9/11 Surge in Business Continuity Regulations and Standards Consumer Credit Protection Act OMB Circular A-130 FEMA Guidance Document Paperwork Reduction Act FFIEC BCP Handbook Computer Security Act 12 CFR Part 18 Presidential Decision Directive 67 FDA Guidance on Computerized Systems used in Clinical Trials ANSI/NFPA Standard 1600 Sarbanes-Oxley Act of 2002 HIPAA, Final Security Rule FFIEC BCP Handbook Fair Credit Reporting Act NASD Rule 3510 NERC Security Guidelines FERC Security Standards NAIC Standard on BCP NIST Contingency Planning Guide FRB-OCC-SEC Guidelines for Strengthening the Resilience of US Financial System NYSE Rule 446 California SB 1386 Australia Standards BCM Handbook GAO Potential Terrorist Attacks Guideline Post-9/11 Pre-9/11 1991 - 2001 2002 2008 FPC 65 NYS Circular Letter 7 ASIS State of NY FIRM White Paper on CP NISCC Good Practices (Telecomm) Australian Prudential Standard on BCM HB221 HB292 BS25999 SS507 TR19 CA Z1600 Title IX – 110-53
- 5. Fact #3: DR is (Very) Important (source: 2008 Gartner Research Survey)
- 8. Recovery & Continuity Business Case “ The Balancing Act”
- 10. Generic Risk Definition Framework
- 11. Assessment Starting Point – ISACA P1 Focus on: TBS
- 12. Application Risk Assessment – Part 1
- 15. Affordability Analysis Part I: Leverage DR Spending Benchmark Data Source: Gartner November 2007 IT Spending Growth (%) - 2007 7 6 5 4 3 2 1 0 $1M $5M $10M State & Local Government Low End = $.51M High End = $1.2M Midpoint = $.9M 2007 IT Budget Growth Rate= 2.6% Federal Government Low End = $3.9M High End = $9.9M Midpoint = $6.9M 2007 IT Budget Growth Rate= 5.5%
- 16. Gartner IT Spending Benchmark DR Addressable Budget Source: Gartner November 2007
- 19. Defining Audit Ready Test Plans
- 20. Example - Objective # 4 Test Plan
Notas del editor
- 2007 BCM Survey Results These materials can be reproduced only with written approval from Gartner. Such approvals must be requested via e-mail: vendor.relations@gartner.com. Conference Name Roberta J. Witty Month XX, 2007 Venue City, ST