Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Information Security and Business Continuity Management

No description

Sándor Pflanzner

on 7 October 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Information Security and Business Continuity Management

Risk Assessment (CRAMM, FMEA)
- Vulnerabilities
- IT resources
- Data
- Effect of the damage
- Likelihood

Risk Treatment
- Statement of Applicability
Business Impact Analysis
Risk management
Business Continuity
Human resources
Logical layer
Physical layer
Roles & Responsibilities assignment matrix
Loss evaluation
- financial impacts (linear/flat)
- non-financial impacts
Downtime objectives
- Maximum Allowable Downtime (M.A.D.; M.T.D.; R.T.O)
- Recovery Point Objective (R.P.O)
Logical layer
- application systems
SAP, Reuters Dealing
- interfaces (+ messages)
e.g. SWIFT + MT 100
- networks
e.g. LAN, WAN
- facilities

server room, office, etc.
Physical layer
building & equipments
BIA in
5 steps
Data infrastructure
Business Continuity
Architecture Analysis
- Component Failure Impact Analysis
- Critical Failure Impact Analysis
- Exposure (possible losses caused by failures)
- SLA / OLA Violations
- RPO Violations
- Absence / Pandemic Analysis

- Service Windows
- Critical Time Frame for Troubleshooter
Design new Architecture
- Time frame of the processes

- Order of the support processes

- Logical layers of the processes

- Data of the logical layers

- Boxes of the logical layers

- Facilities of the resources
Compare Architectures
- Comparison of AsIs <-> ToBe architectures

- Highlight the new resources

- Decision paper for CFO
IT Service Recovery in 4 steps
4. Interface connection

3. Network connection

2. Software migration

1. Physical replacement
Disaster Recovery Plan
Server rooms
Migrate the necessary employees to the disaster recovery office
Restore the affected
IT services on the disaster recovery site

- disaster scenarios (local, regional)

- recovery plans:
Business Continuity Plan
1. Divide the process to activities
2. Assign IT resources to activities
3. Investigate the effect of the outage of the IT resources
4. Investigate the possibility of the replacement
5. Create business continuity plan
Damage Assessment
uWe! Enterprise Architecture
Risk management basics
DAMAGE : Vulnerability => <= Threat
Data inventory
- Information criteria (CIA)

- Types of potential damages (what's your nightmare?)

- Risk levels (how much you fear?)

- Classification criteria (fear factor)
Classification criteria
Maximum Impact => Data value
=> Material damage
Data inventory
Risk management
RISK = Impact of Event * Likelihood of Occurrence
Full transcript