TSC Business Continuity & Disaster Recovery Session

Similar documents
Business continuity management and cyber resiliency

Principles for BCM requirements for the Dutch financial sector and its providers.

How to Conduct a Business Impact Analysis and Risk Assessment

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Certified Information Systems Auditor (CISA)

Table of Contents. Sample

INTELLIGENCE DRIVEN GRC FOR SECURITY

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Disaster Recovery and Business Continuity Planning (Mile2)

locuz.com SOC Services

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

Disaster recovery strategic planning: How achievable will it be?

Accelerate Your Enterprise Private Cloud Initiative

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Implementing a Global Business

Building a BC/DR Control Library and Regulatory Response Program

Business Continuity Management

Session 5: Business Continuity, with Business Impact Analysis

Business Continuity Management Standards A Side-by-Side Comparison

Introduction to Business Continuity Management

Introduction to Business continuity Planning

Business Continuity Risk Management IT Service Continuity

Continuity of Business

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Business Continuity & Disaster Recovery

Appendix 3 Disaster Recovery Plan

PECB Change Log Form

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

Infocomm Professional Development Forum 2011

Business Continuity Policy

Threat and Vulnerability Assessment Tool

Cyber Resilience. Think18. Felicity March IBM Corporation

Business Continuity Planning

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Disaster Recovery Is A Business Strategy

Facilities Management and Business Continuity. 10 May 2017

GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

REPORT 2015/149 INTERNAL AUDIT DIVISION

MHA Consulting BCM Metrics Resiliency Through Measurement

BCM Program Development

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

Business Continuity Management Program Overview

Why you should adopt the NIST Cybersecurity Framework

Certified Information Security Manager (CISM) Course Overview

Securing Your Digital Transformation

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

Virtustream Managed Services Drive value from technology investments through IT management solutions. Tim Calahan, Manager Managed Services

How to Derive Value from Business Continuity Planning

Business Continuity and Disaster Recovery

Symantec Business Continuity Solutions for Operational Risk Management

A Survival Guide to Continuity of Operations. David B. Little Senior Principal Product Specialist

VMware BCDR Accelerator Service

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

CCISO Blueprint v1. EC-Council

EXAM PREPARATION GUIDE

PROTECT YOUR DATA, SAFEGUARD YOUR BUSINESS

Driving Global Resilience

IT123: SABSA Foundation Training

Ensuring business continuity with comprehensive and cost-effective disaster recovery service.

Financial CISM. Certified Information Security Manager (CISM) Download Full Version :

Dell helps you simplify IT

Risk Management. Continuity Management

Defining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

MassMutual Business Continuity Disclosure Statement

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Global Statement of Business Continuity

Cloud Disaster Recovery: Public, Private or Hybrid Cloud Solutions Supporting Disaster Recovery

What Does the Future Look Like for Business Continuity Professionals?

Changing the Game: An HPR Approach to Cyber CRM007

THE POWER OF TECH-SAVVY BOARDS:

Designing and Building a Cybersecurity Program

2015 HFMA What Healthcare Can Learn from the Banking Industry

GDPR Update and ENISA guidelines

Reference Architecture for the Operationalization of a BCMS. Boban Kršić, Chief Information Security Officer. verinice.xp - Berlin, 07.

STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials

Department of Management Services REQUEST FOR INFORMATION

IT Consulting and Implementation Services

Security Metrics Framework

Whitepaper. Contents. Foreword. Introduction. Business ContinuITy

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

DATACENTER SERVICES DATACENTER

IT DISASTER RECOVEry IMPLEMENTER

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Implementing a BCM Programme

MITIGATE CYBER ATTACK RISK

The Common Controls Framework BY ADOBE

COPE-ing with Cyber Risk Exposures

Transcription:

TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com

Session Objectives and Outcomes Objectives Share the key aspects of BCDR Business Impact Analysis Service Walkthrough Risk Assessment Service Walkthrough Outcomes Common Understanding on: Business Impact Analysis Risk Assessment Existing delivery capabilities Next Steps

Agenda 1 Industry Outlook and Challenges 2 3 HPE Transformation Area 2 Point of View Business Continuity Management Key Aspects 4 Business Impact Analysis 5 6 7 Risk Assessment GFS Capability Overview HPE Value Differentiation & Next Steps

Industry Outlook & Challenges

Gartner Predicts 2015: Business Continuity Management and IT Disaster Recovery Management Demand over legacy backup applications In 2015, focus on improving operational resilience with more automation By 2018, 50% of organizations will use managed failovers By year-end 2020, 15% of organizations will fail due to inadequate protection Source: Gartner Predict 2015

Why we should focus on BCDR Market Forecasts and Analysis Business Potential According to Research and Markets agency, the GRC solutions and services market including BC & DR will grow at a 14.7% CAGR to $31.77 billion through 2020 approximately three times the growth rate of the overall GRC market from 2015 How much we can get here? BIA & RA Services are critical steps to generate more and more BCDR opportunities Source : http://www.businesswire.com/news/home/20150625005495/en/research- Markets-Enterprise-Governance-Risk-Compliance-Market#.Vd6la_mqqko

Gaps in Today s BC & DR Arrangements Market Demand Lack of DR Planning, testing and resources 60+% do not have a fully documented DR plan Remaining 40% DR plans did not prove very useful when it was called on to respond to their worst disaster recovery event or scenario. Almost 65% enterprises are failing in DR testing Financial Impact due to service outage 36% organizations lost one or more critical applications, VMs, or critical data files for hours at a time over the past year 20% organizations indicated losses of more than $50000 to over $5Mn Major causes of outages 50% software failure + network failure 23.5% human error 24% power failure 2.5% weather Source : Disaster Recovery Preparedness Benchmark Survey (DRP)

Let s hear your voice! Open HPE Events App, and answer the following question to participate Do you leverage automation and orchestration in your disaster recovery plans in order to improve business outcomes?

HPE Transformation Area 2 Point of View

Transform to a hybrid infrastructure Protect your digital enterprise Protect your most prized digital assets whether they are on premise, in the cloud or in between. Enable workplace productivity Empower the data-driven organization

Protect your digital enterprise Protect Detect & Respond Recover Build it in Identify the threats you face, assess your organization s capabilities to protect your enterprise, Harden your applications, protect your users, and encrypt your most important data Proactively detect and manage breaches Help reduce time-to-breach-resolution with a tight coupling of analytics, correlation, and orchestration. Establish situational awareness to find and shut down threats at scale Safeguard continuity and compliance Drive resilience and business continuity across your IT environments, systems, and applications. Reduce risk with enterprise-wide governance, risk & compliance strategies BIA and RA Services fall under Recover

HPE Business Continuity Management Key Aspects

HPE Business Continuity 5 Step Approach Global Best Practices & Standards Alignment Business Continuity Program Management 5 Exercising, Maintenance & Audit Building & Embedding BCM Culture 4 1 Understanding your Business BC Program Management Building Resiliency & Continuity Strategies Develop & Implement BCM Response HPE BCM Framework 3 2 Business & Compliance Requirements 1. Understanding the Business Criticality, Compliance mandate, data center operations, support services to identify continuity & recovery requirements. 2. Building Resilience and Continuity Strategies basis the continuity related Risks identified in BIA and RA. 3. Developing and Implementing a Response Plan to Respond to and Manage Service Disruptions. 4. Institutionalizing Business Continuity framework & processes as part of operations to build Business Continuity Maturity. 5. Exercising Business Continuity readiness; Updating of BC Plans and Independent Audit.

Business Continuity Management Framework BCM Governance Policies & Standards Roles & Responsibility guide BCM Program Management Office Management Review Policies & Standards Roles & Responsibility guide BCM Program Management Office Management Review Understand Business Requirements Business Process Identification, priority & criticality Compliance Statement Planning Structure Business Impact Analysis Risk Assessment Interdependencies Third Party Independencies Risk Assessment Recovery requirements IT Dependencies Service Level Agreements (SLAs) Interruption Insurance Business Continuity Strategies BC Plan, Design & Implementation People and Process Alternative strategies against the results of BIA exercise Third Party continuity strategies IT Operational Process Requirements Single Point of Failures mapping IT Resiliency & Recovery strategy Business Continuity Plans Crisis Management Plans Crisis Communication Plans Command Center Plan Pandemic Response Plan Emergency Response Plan Business Resumption Work area recovery (Facilities) Plan Return to Home Plan Technology Disaster Recovery Plans Incident Management Plan Recovery Strategy Design Failover and Failback strategy design Data Backup and restoration plan design Plan Administration Post Mortem analysis and reporting DR Testing and simulations Post Mortem Process Audit & Compliance Exercise and Testing On-going improvements Plan Maintenance Align newly Training and Awareness designed/revised Plan Audit strategy/plans with regulatory requirements Compliance report as per legal, regulatory and contractual requirements On-going improvements Align newly designed/revised strategy/plans with regulatory requirements HPE BCM Framework is aligned to ISO 22301 Standard

Business Impact Analysis Service

Objectives Challenges Identify operational and financial impacts due to business disruptions Identify minimum operating requirements Lack of knowledge of financial, reputation and legal impact on the organization No process classification to document the criticalities of organizational assets Associated process interdependencies not identified No established acceptable downtime and recovery level of critical processes Identifying operating requirements is only Resource aiming requirements at minimising necessary financial at and the operational time of a disruption impacts not identified

How an incident is managed BCP is a set of advance arrangements to increase organizational resilience through availability of critical processes at acceptable levels and downtimes Level of Operations Normal Level Incident Normal Level Disruption MOR Level RTO (e.g. 2 wd) Crisis duration (e.g. 7 wd) MOR delivery (e.g. 5 wd) Time RTO Recovery Time Objective MOR Minimum Operating Requirements

Key Terminologies BIA is the process to predict and review the consequences of disruption of a business function / activities and gathers information needed to develop appropriate recovery strategies BIA helps to identify: Process classification (Critical / Key / Others) Minimum operating requirements (RTO, MOR and RPO) Key resources (People, IT and Infrastructure, 3rd party vendors, documentation) BIA output drives necessary recovery strategies (backup plan) for the following outage scenarios: Site, City, Country, People and Technology RTO (Recovery Time Objective) Duration of time by which a business process / activity must be resumed MOR (Minimum Operating Requirements) MOR (expressed as Head Count) to ensure recovery of operations to predefined service level RPO (Recovery Point Objective) Duration of time of acceptable data loss Process Cluster of activities which produce a defined outcome. Unified processes and not multiple processes with similar name (eg. Budgeting, Payroll management, Event Management within Marketing) Functions Is an entity or team which is typically characterized by a special area of knowledge or experience (HR org wide function, Payroll org wide function, Marketing function)

Proven risk assessment methodology aligned to ISO 31000 BIA Concepts BIA defines the priorities for recovery of critical operations Identifying and evaluating the impact of disasters on business provides the basis for investment in recovery strategies as well as investment in prevention and mitigation strategies. Evaluate the potential business impact on a process not being performed: Tangible Impacts Financial Exposure Intangible Impacts Brand / Reputation Legal and Regulatory Customer Satisfaction

Business Impact Analysis Methodology Comprehensive impact analysis to determine critical recovery requirements Understand Assess Establish Document Structured and targeted focus reviews Process understanding Process Mapping SPOC Identification BIA workshop Questionnaire response Moderation and review Establish RTO and RPO Identify dependencies Identify resource requirements Document BIA workbook Prepare BIA report Management signoff Classification of in-scope processes into criticality continuum Knowledge of recovery requirements Establishing internal & external dependencies Independent review with SMEs Alignment to organization s strategic goals Interviews, workshops, templates

Deliverables # Deliverables 1 Kick off Presentation 2 BIA Walkthrough Presentation 3 BIA Template 4 BIA Summary Report 5 Closing Presentation

How can we help Customers? Facilitating information gathering and reviewing relevant documentation Developing process flow diagrams, mapping key internal and external dependencies Determining recovery parameters and critical activities for business processes Establishing the correct sequence of recovery activities Determining the critical resource requirements We re certified within our profession, and we re certified by our alliance partners We re experienced, we re present, and we re trusted

What Benefits Customers can get?

Risk Assessment Service

Objectives Challenges Holistic view of all business continuity-related risks Minimize organizational losses Ensure risks are within the organization s risk appetite Implement effective governance Lack of knowledge of key continuity risks Lack of visibility around potential threat sources to the business Residual risks not identified and evaluated Non standard mitigation plan against risks to their business Inadequate / outdated risk assessment documentation Managing risk is about creating value out of uncertainty

Risk Assessment Methodology Proven risk assessment methodology aligned to ISO 31000

Key Terminologies RA is a process that identifies risks, ranks them by likelihood + impact & implements plans to mitigate these risks RA helps to identify: Key Terms Key risks to the organization Strength of existing controls New controls for implementation Effective governance structure RA output drives necessary mitigation plans to be implemented Low Risks The risk merits management awareness, but does not require remedial action Medium Risks Overall risk is manageable with some senior management intervention and remediation High Risks Risk is significant and strong remediation is required

Proven risk assessment methodology aligned to ISO 31000 Risk Concepts Risk is the effect of uncertainty on objectives Organizational objectives can be Strategic, Tactical or Operational Effect : Deviation from the expected Positive / Negative Often expressed in terms of combination of the Consequences of an event and the likelihood of occurrence High / Medium risks can be treated, transferred, terminated or tolerated

Risk Assessment Methodology Clear deliverables Understand Assess Mitigate Document Structured methodology Process understanding Process Mapping SPOC Identification Defining risk methodology and risk appetite Evaluating risks Computing residual risks Define mitigation plan Assign timelines and owners Prioritize mitigation actions Document risk register Prepare risk report Management signoff Aligned to best practices Compliance to industry standard Independent review with SMEs Alignment to organization s strategic goals Interviews, workshops, templates Long term governance centric

Deliverables # Deliverables 1 Kick off Presentation 2 RA Walkthrough Presentation 3 RA Questionnaire 4 Risk Register 5 RA Summary Report 6 Closing Presentation

How can we help? Facilitating information gathering and reviewing relevant documentation Developing process flow diagrams, mapping key internal and external dependencies Determining residual risk for business processes, sites and the organization Establishing necessary mitigation plans for various identified risks in line with the risk appetite Assisting in the closure and ongoing evaluation of continuity risks We re certified within our profession, and we re certified by our alliance partners We re experienced, we re present, and we re trusted

What Benefits Customers can get?

HPE Value Differentiation

Our Value Differentiation Help to identify Single Point of Failures Assurance to reduce cost of operations Drive customer satisfaction enhance brand value, drive top line growth & reduce cost of non performance Drive consistent customer experience Support to Improve Service Availability Reduce Service disruptions Help to provide Regulatory Compliance Assurance

Let s hear your voice! Open HPE Events App, and answer the following question to participate State 2 of the building blocks to achieve the BCDR

Questions

Thank You Mohamed Ashmawy Mohamed.ashmawy@hpe.com HPE TSC Pursuit Saudi Lead

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback