SlideShare une entreprise Scribd logo

Qatar Proposal

A
Absar Husain

Business Continuity Management (BCM) involves developing strategies, plans and actions to provide operational and financial protection for a business. It consists of crisis management, business recovery planning, and IT service continuity management. The goal is to resume critical business functions and services to customers in the event of a disruption. BCM aims to stabilize a crisis situation, prepare for recovery operations, and ensure the resumption of critical IT systems, applications, data and networks. It is more than just disaster recovery and includes measures to prevent disasters from occurring.

1  sur  14
Télécharger pour lire hors ligne
What is Business Continuity Management (BCM) Business Continuity Management (BCM) is the development of strategies, plan and actions that provide protection or alternative mode for achieving operational and financial objectives of business. BCM consists of following elements: Crisis Management & Communication; crisis management focuses on stabilizing the situation an preparing the business for recovery operations through planning, leadership and communication. Business Recovery Planning; involves resumption of business critical functions and processes to support delivery of products and services to customers IT Service Continuity Management; It is recovery of critical IT assets, including systems, applications, storage and network assets. Operational Objectives Commercial Objectives Compliance Objectives
BCM Terminology is confused with different terms! Business Continuity Management (BCM) is misinterpreted by different terms: Disaster Recovery Contingency Planning Recovery Planning Emergency Response IT Service Continuity Management (ITSCM) is far more than just Disaster Recovery Planning. ITSCM is aligned to Business Continuity Planning. ITSCM investigates, develops and implements measures to prevents disaster from occurring in the first place. It helps determining “Disaster”. ITSCM addresses risks that could cause impact and threaten the continuity of the business. These could be: loss, damage or denial of access to key infrastructure corruption of key information sabotage or commercial espionage deliberate infiltration attack on critical information systems that may disrupt normal business ITSCM is the “IT component” of BCM
Business Continuity Management (BCM) Activities BCM Programme Manager Understand the Business Analyze & Determine BCM Strategy Developing, Commitments & Supplementing BCM Response Exercise, Test, Maintain the Programme Periodically Define Disaster Define Communication Plan, Roles & Responsibilities Identify assets, functions, processes and systems Interview business stakeholder and key users Interview information systems & support personnel Analyze and determine critical systems, applications, business processes an key personnel Prepare impact analysis of critical systems Prepare critical system ranking form Implement BCM Test and Maintain
Defining a Disaster Defining the pre-conditions that constitute a disaster is part of the ITSCM process The definitions are an integral part of any Service Level Agreement relating to the provision of services What is an IT Disaster? A disaster may be defined as the prolonged loss of an entire computing center Not a component failure and its associated recovery  Worse case scenario of a disaster All equipment and data within the datacenter destroyed Access to the datacenter prohibited due to datacenter damage Staff familiar with the datacenter, equipment, and applications unavailable for the recovery Each organization must provide its own “IT Disaster” definition
Disasters cause immense destruction According to Swiss Re, extreme weather events in the U.S. dominated the list of the most expensive disasters of 2012, with Hurricane Sandy alone costing an estimated $70 billion in total damage and $35 billion in insured losses - See more at: http://www.climatecentral.org/news/us-dominated-global-disaster-losses-in-2012-insurer-reports-15814#sthash.ZOSr1nTC.dpuf Economic losses from natural catastrophes and man-made disasters reached USD 186 billion in 2012 Insured losses amounted to USD 77 billion, making 2012 the third most costly year on record http://www.swissre.com/media/news_releases/nr_20130327_sigma_natcat_2012.html
Some known Causes of Disasters
The Business Value of ITSCM  Regulatory requirements The recovery capability is becoming a mandatory requirement  Positive marketing of contingency capabilities Being able to demonstrate effective ITSCM capabilities enables an organization to provide high service levels to clients and customers and thus win business  Organizational credibility There is a responsibility on the directors of organizations to protect the shareholders’ interest and those of their clients  Competitive advantage Service organizations are increasingly being asked by business partners, customers and stakeholders to demonstrate their contingency facilities and may not be invited to tender for business unless they can demonstrate appropriate recovery capabilities  Potential lower insurance premiums The IT organization can help the organization demonstrate to underwriters or insurers that they are proactively managing down their business risks
Information Security Continuous Monitoring In today’s environment where many, if not all, of an organization’s mission-critical functions are dependent upon information technology, the ability to manage this technology and to assure confidentiality, integrity, and availability of information is mission-critical. Ongoing monitoring is a critical part of that risk management process. In addition, an organization’s overall security architecture and accompanying security program are monitored to ensure that organization-wide operations remain within an acceptable level of risk, despite any changes that occur. Timely, relevant, and accurate information is vital, particularly when resources are limited and organizations must prioritize their efforts. Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Source: NIST Special Publication 800-137
Information Security Continuous Monitoring Process Define Establish Implement Analyze Respond Review/ Update Define Business Impact: an ISCM strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts. Implement Risk Based Audit Plan: collect the security-related information required for metrics, assessments, and reporting. Automate collection, analysis, and reporting of data where possible. Analyze: the data collected and Report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data. Review and Update (Audit): the monitoring program, adjusting the ISCM strategy and maturing measurement capabilities to increase visibility into assets and awareness of vulnerabilities, further enable data-driven control of the security of an organization’s information infrastructure, and increase organizational resilience. Respond/ Disaster Recovery Plan: to findings with technical, management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection. Establish Risk Assessment; an ISCM program determining metrics, status monitoring frequencies, control assessment frequencies, and an ISCM technical architecture.
Risk Management Framework Process Overview Risk Management Framework Categorize Information System Select Security Controls Implement Security Controls Asses Security Controls Authorize Information System Monitor Security Controls Organizational Input Laws, Directives, Policy Guidelines, Strategic Goals and Objectives, Priorities, Resource Availability, etc. Architecture Description Architecture Reference Model, Mission and Business Processes, Information System Boundaries
IT Strategy and IT Roadmap Portfolio IT Strategy: We bring deep understanding and years of experience in developing IT capabilities into engines of business value. Our experienced professionals with many years of professional & management experience work with leadership and IT teams to identify the roles of technology in a business strategy, the capabilities IT can provide and how the IT organization needs to be managed in order to deliver its commitments. We work with our clients to understand the ROI that can be leveraged from current and leading technologies. Our Service Capabilities are: Business IT Alignment: Alignment of IT Strategy to business IT Governance alignment IT Portfolio Lifecycle management IT Leadership Management; advising CIO’s on how to manage the IT organization including staff, vendors, funding, business case, technology and other critical areas. IT Organizational and Cost Assessments Vendor Strategy Development Software Selection Services IT Transformation; We assist you through: IT organizational redesigning projects IT Services Continuity Management Design, implementation and management IT Portfolio and Program Management Services IT Service Operation IT Service Management
Our IT Infrastructure Managed Services Portfolio Customer Service Desk Infrastructure Services (Server) Infrastructure Services (Client) Virtualisation Collaboration  Helpdesk, Single Point of Contact  1st to 3rd Level Support  Telephone & Remote Support  7x24 Application availability and performance monitoring  7x24 on-site intervention  Sever & Storage monitoring  Network monitoring  Data Centre ( HVAC) monitoring  Hardware-Staging, Burn-In-Test’s  Server Virtualisation (VMWare)  Rollouts  Exchange Migration  Windows Migration  Server monthly patching (WSUS)  Complex Hardware Configuration  Disaster Recovery Setup and Tests  Project Management, implementation and sign-off for infrastructure projects  System Management  High availability solutions  ITIL implementation (Incident, Change, Problem and Asset Management)  Server Hardening and on-line backup  Intrusion Prevention, Detection and Response  ISO 27001 Certification Support  User profiles, Group Policies  ThinApp  Data Management  Online Backup for Client  Citrix implementation  Topological Vulnerability Analysis Prevention, Detection and Response  Enterprise Information Management  Secure Sync & Share (Cloud or on- site solutions)  MS SharePoint, Open Source (Liferay) vertical platform solutions  VOIP Implementation and Management
Our Forte: Compliance Driven to Data Driven Risk Management Operations Security & Services Security Compliancy by monitoring & reporting: monitor special privileges, e.g. operations, administrators and manage Identity and Access Management Monitor schedules and Backup of critical information Anti-virus management Malware management Incident, Problem, Change and Configuration Management End-point Security Updates Handle violations, incidents, and breaches, and report where necessary Support high availability Implement and support patch and vulnerability management Respond to attack, and other vulnerabilities, e.g. spam, virus, spyware, phishing
IT Security Management Services Governance • Information Security & Risk Management Strategy • Information Security Governance und Information Security Frameworks • Information Security Management System (ISMS) according to ISO/IEC 27001 Risk Management • Risk Management & Gap Analysis • Crisis Management Compliance • Compliance Checks • Control Framework Security Awareness Training • Create awareness • Emotionalize (convey a positive attitude towards IT security issues) • Motivate (trigger a behavioral change towards the sensitivity of issue) Project Management • Project Portfolio Management & Steering

Recommandé

Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
Aladdin Dandis
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
Aladdin Dandis
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
Aladdin Dandis
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
Aladdin Dandis
 
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Redspin, Inc.
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
Aladdin Dandis
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
Alfred Ouyang
 

Recommandé

Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0Module 2 information security risk management student slides ver 1.0
Module 2 information security risk management student slides ver 1.0
Aladdin Dandis
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0Module 3 business continuity student slides ver 1.0
Module 3 business continuity student slides ver 1.0
Aladdin Dandis
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0
Aladdin Dandis
 
Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0Module 1 bc and dr fundamentals student slides ver 1.0
Module 1 bc and dr fundamentals student slides ver 1.0
Aladdin Dandis
 
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Ensuring Security, Privacy, and Compliance in Healthcare IT - Redspin Informa...
Redspin, Inc.
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
Aladdin Dandis
 
9 Bcp+Drp
9 Bcp+Drp9 Bcp+Drp
9 Bcp+Drp
Alfred Ouyang
 
2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI Workshop
Condition Zebra (CONZebra)
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
anand choudhary
 
IT Disaster Recovery & Business Continuity
IT Disaster Recovery & Business ContinuityIT Disaster Recovery & Business Continuity
IT Disaster Recovery & Business Continuity
mascot4u
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
FixNix Inc.,
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
it grc
it grc it grc
it grc
9535814851
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
Craig Willetts ISO Expert
 
Aligning Risk Management with ITIL
Aligning Risk Management with ITILAligning Risk Management with ITIL
Aligning Risk Management with ITIL
Austin Songer
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
nooralmousa
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paper
CMR WORLD TECH
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
agiliancecommunity
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
Lennart Bredberg
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301
mascot4u
 
NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions
MetricStream Inc
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04
Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
IT in BUSINESS
IT in BUSINESSIT in BUSINESS
IT in BUSINESS
Libcorpio
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
Kathy Pelletier
 
IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business Continuity
Steve Susina
 
Why Software-Defined Storage Matters
Why Software-Defined Storage MattersWhy Software-Defined Storage Matters
Why Software-Defined Storage Matters
Red_Hat_Storage
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
Symantec
 

Contenu connexe

Tendances

The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
nooralmousa
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
DevOps.com
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
Lennart Bredberg
 

Tendances (18)

2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI Workshop
 
Simplifying IT GRC
Simplifying IT GRCSimplifying IT GRC
Simplifying IT GRC
 
IT Disaster Recovery & Business Continuity
IT Disaster Recovery & Business ContinuityIT Disaster Recovery & Business Continuity
IT Disaster Recovery & Business Continuity
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
it grc
it grc it grc
it grc
 
Iso 27001 Checklist
Iso 27001 ChecklistIso 27001 Checklist
Iso 27001 Checklist
 
Aligning Risk Management with ITIL
Aligning Risk Management with ITILAligning Risk Management with ITIL
Aligning Risk Management with ITIL
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paper
 
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk ManagementProtect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
Protect Yourself from Cyber Attacks Through Proper Third-Party Risk Management
 
Agiliance Risk Vision
Agiliance Risk VisionAgiliance Risk Vision
Agiliance Risk Vision
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
 
Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301Business impact.analysis based on ISO 22301
Business impact.analysis based on ISO 22301
 
NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions
 
CISSPills #3.04
CISSPills #3.04CISSPills #3.04
CISSPills #3.04
 
IT in BUSINESS
IT in BUSINESSIT in BUSINESS
IT in BUSINESS
 

En vedette

Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
hhuihhui
 

En vedette (9)

Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
 
IT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business ContinuityIT-Centric Disaster Recovery & Business Continuity
IT-Centric Disaster Recovery & Business Continuity
 
Why Software-Defined Storage Matters
Why Software-Defined Storage MattersWhy Software-Defined Storage Matters
Why Software-Defined Storage Matters
 
Symantec Endpoint Protection
Symantec Endpoint ProtectionSymantec Endpoint Protection
Symantec Endpoint Protection
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
 
Dell EMC Spanning
Dell EMC SpanningDell EMC Spanning
Dell EMC Spanning
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 

Similaire à Qatar Proposal

Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15
David John Bollaert
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
SALES97
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
Protected Harbor
 
Symantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZSymantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZ
Grant Chapman
 

Similaire à Qatar Proposal (20)

Itsm
ItsmItsm
Itsm
 
Strategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdfStrategic Insights on IT & Cyber Risk Assessments.pdf
Strategic Insights on IT & Cyber Risk Assessments.pdf
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15
 
Introduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdfIntroduction to IT compliance program and Discuss the challenges IT .pdf
Introduction to IT compliance program and Discuss the challenges IT .pdf
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
 
Management of Risk and its integration within ITIL
Management of Risk and its integration within ITILManagement of Risk and its integration within ITIL
Management of Risk and its integration within ITIL
 
Symantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZSymantec Managed AV Service - KAZ
Symantec Managed AV Service - KAZ
 
Tft2 Task3 Essay
Tft2 Task3 EssayTft2 Task3 Essay
Tft2 Task3 Essay
 
Mastering IT - A Guide to Managed Services Excellence.pdf
Mastering IT - A Guide to Managed Services Excellence.pdfMastering IT - A Guide to Managed Services Excellence.pdf
Mastering IT - A Guide to Managed Services Excellence.pdf
 
2016 Risk Management Workshop
2016 Risk Management Workshop2016 Risk Management Workshop
2016 Risk Management Workshop
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Enhancing Data Security in Accounting and Bookkeeping Processes.pdf
Enhancing Data Security in Accounting and Bookkeeping Processes.pdfEnhancing Data Security in Accounting and Bookkeeping Processes.pdf
Enhancing Data Security in Accounting and Bookkeeping Processes.pdf
 
IT Services Management
IT Services ManagementIT Services Management
IT Services Management
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 

Qatar Proposal

  • 1. What is Business Continuity Management (BCM) Business Continuity Management (BCM) is the development of strategies, plan and actions that provide protection or alternative mode for achieving operational and financial objectives of business. BCM consists of following elements: Crisis Management & Communication; crisis management focuses on stabilizing the situation an preparing the business for recovery operations through planning, leadership and communication. Business Recovery Planning; involves resumption of business critical functions and processes to support delivery of products and services to customers IT Service Continuity Management; It is recovery of critical IT assets, including systems, applications, storage and network assets. Operational Objectives Commercial Objectives Compliance Objectives
  • 2. BCM Terminology is confused with different terms! Business Continuity Management (BCM) is misinterpreted by different terms: Disaster Recovery Contingency Planning Recovery Planning Emergency Response IT Service Continuity Management (ITSCM) is far more than just Disaster Recovery Planning. ITSCM is aligned to Business Continuity Planning. ITSCM investigates, develops and implements measures to prevents disaster from occurring in the first place. It helps determining “Disaster”. ITSCM addresses risks that could cause impact and threaten the continuity of the business. These could be: loss, damage or denial of access to key infrastructure corruption of key information sabotage or commercial espionage deliberate infiltration attack on critical information systems that may disrupt normal business ITSCM is the “IT component” of BCM
  • 3. Business Continuity Management (BCM) Activities BCM Programme Manager Understand the Business Analyze & Determine BCM Strategy Developing, Commitments & Supplementing BCM Response Exercise, Test, Maintain the Programme Periodically Define Disaster Define Communication Plan, Roles & Responsibilities Identify assets, functions, processes and systems Interview business stakeholder and key users Interview information systems & support personnel Analyze and determine critical systems, applications, business processes an key personnel Prepare impact analysis of critical systems Prepare critical system ranking form Implement BCM Test and Maintain
  • 4. Defining a Disaster Defining the pre-conditions that constitute a disaster is part of the ITSCM process The definitions are an integral part of any Service Level Agreement relating to the provision of services What is an IT Disaster? A disaster may be defined as the prolonged loss of an entire computing center Not a component failure and its associated recovery  Worse case scenario of a disaster All equipment and data within the datacenter destroyed Access to the datacenter prohibited due to datacenter damage Staff familiar with the datacenter, equipment, and applications unavailable for the recovery Each organization must provide its own “IT Disaster” definition
  • 5. Disasters cause immense destruction According to Swiss Re, extreme weather events in the U.S. dominated the list of the most expensive disasters of 2012, with Hurricane Sandy alone costing an estimated $70 billion in total damage and $35 billion in insured losses - See more at: http://www.climatecentral.org/news/us-dominated-global-disaster-losses-in-2012-insurer-reports-15814#sthash.ZOSr1nTC.dpuf Economic losses from natural catastrophes and man-made disasters reached USD 186 billion in 2012 Insured losses amounted to USD 77 billion, making 2012 the third most costly year on record http://www.swissre.com/media/news_releases/nr_20130327_sigma_natcat_2012.html
  • 6. Some known Causes of Disasters
  • 7. The Business Value of ITSCM  Regulatory requirements The recovery capability is becoming a mandatory requirement  Positive marketing of contingency capabilities Being able to demonstrate effective ITSCM capabilities enables an organization to provide high service levels to clients and customers and thus win business  Organizational credibility There is a responsibility on the directors of organizations to protect the shareholders’ interest and those of their clients  Competitive advantage Service organizations are increasingly being asked by business partners, customers and stakeholders to demonstrate their contingency facilities and may not be invited to tender for business unless they can demonstrate appropriate recovery capabilities  Potential lower insurance premiums The IT organization can help the organization demonstrate to underwriters or insurers that they are proactively managing down their business risks
  • 8. Information Security Continuous Monitoring In today’s environment where many, if not all, of an organization’s mission-critical functions are dependent upon information technology, the ability to manage this technology and to assure confidentiality, integrity, and availability of information is mission-critical. Ongoing monitoring is a critical part of that risk management process. In addition, an organization’s overall security architecture and accompanying security program are monitored to ensure that organization-wide operations remain within an acceptable level of risk, despite any changes that occur. Timely, relevant, and accurate information is vital, particularly when resources are limited and organizations must prioritize their efforts. Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. Source: NIST Special Publication 800-137
  • 9. Information Security Continuous Monitoring Process Define Establish Implement Analyze Respond Review/ Update Define Business Impact: an ISCM strategy based on risk tolerance that maintains clear visibility into assets, awareness of vulnerabilities, up-to-date threat information, and mission/business impacts. Implement Risk Based Audit Plan: collect the security-related information required for metrics, assessments, and reporting. Automate collection, analysis, and reporting of data where possible. Analyze: the data collected and Report findings, determining the appropriate response. It may be necessary to collect additional information to clarify or supplement existing monitoring data. Review and Update (Audit): the monitoring program, adjusting the ISCM strategy and maturing measurement capabilities to increase visibility into assets and awareness of vulnerabilities, further enable data-driven control of the security of an organization’s information infrastructure, and increase organizational resilience. Respond/ Disaster Recovery Plan: to findings with technical, management, and operational mitigating activities or acceptance, transference/sharing, or avoidance/rejection. Establish Risk Assessment; an ISCM program determining metrics, status monitoring frequencies, control assessment frequencies, and an ISCM technical architecture.
  • 10. Risk Management Framework Process Overview Risk Management Framework Categorize Information System Select Security Controls Implement Security Controls Asses Security Controls Authorize Information System Monitor Security Controls Organizational Input Laws, Directives, Policy Guidelines, Strategic Goals and Objectives, Priorities, Resource Availability, etc. Architecture Description Architecture Reference Model, Mission and Business Processes, Information System Boundaries
  • 11. IT Strategy and IT Roadmap Portfolio IT Strategy: We bring deep understanding and years of experience in developing IT capabilities into engines of business value. Our experienced professionals with many years of professional & management experience work with leadership and IT teams to identify the roles of technology in a business strategy, the capabilities IT can provide and how the IT organization needs to be managed in order to deliver its commitments. We work with our clients to understand the ROI that can be leveraged from current and leading technologies. Our Service Capabilities are: Business IT Alignment: Alignment of IT Strategy to business IT Governance alignment IT Portfolio Lifecycle management IT Leadership Management; advising CIO’s on how to manage the IT organization including staff, vendors, funding, business case, technology and other critical areas. IT Organizational and Cost Assessments Vendor Strategy Development Software Selection Services IT Transformation; We assist you through: IT organizational redesigning projects IT Services Continuity Management Design, implementation and management IT Portfolio and Program Management Services IT Service Operation IT Service Management
  • 12. Our IT Infrastructure Managed Services Portfolio Customer Service Desk Infrastructure Services (Server) Infrastructure Services (Client) Virtualisation Collaboration  Helpdesk, Single Point of Contact  1st to 3rd Level Support  Telephone & Remote Support  7x24 Application availability and performance monitoring  7x24 on-site intervention  Sever & Storage monitoring  Network monitoring  Data Centre ( HVAC) monitoring  Hardware-Staging, Burn-In-Test’s  Server Virtualisation (VMWare)  Rollouts  Exchange Migration  Windows Migration  Server monthly patching (WSUS)  Complex Hardware Configuration  Disaster Recovery Setup and Tests  Project Management, implementation and sign-off for infrastructure projects  System Management  High availability solutions  ITIL implementation (Incident, Change, Problem and Asset Management)  Server Hardening and on-line backup  Intrusion Prevention, Detection and Response  ISO 27001 Certification Support  User profiles, Group Policies  ThinApp  Data Management  Online Backup for Client  Citrix implementation  Topological Vulnerability Analysis Prevention, Detection and Response  Enterprise Information Management  Secure Sync & Share (Cloud or on- site solutions)  MS SharePoint, Open Source (Liferay) vertical platform solutions  VOIP Implementation and Management
  • 13. Our Forte: Compliance Driven to Data Driven Risk Management Operations Security & Services Security Compliancy by monitoring & reporting: monitor special privileges, e.g. operations, administrators and manage Identity and Access Management Monitor schedules and Backup of critical information Anti-virus management Malware management Incident, Problem, Change and Configuration Management End-point Security Updates Handle violations, incidents, and breaches, and report where necessary Support high availability Implement and support patch and vulnerability management Respond to attack, and other vulnerabilities, e.g. spam, virus, spyware, phishing
  • 14. IT Security Management Services Governance • Information Security & Risk Management Strategy • Information Security Governance und Information Security Frameworks • Information Security Management System (ISMS) according to ISO/IEC 27001 Risk Management • Risk Management & Gap Analysis • Crisis Management Compliance • Compliance Checks • Control Framework Security Awareness Training • Create awareness • Emotionalize (convey a positive attitude towards IT security issues) • Motivate (trigger a behavioral change towards the sensitivity of issue) Project Management • Project Portfolio Management & Steering