1. Home
  2. Lainnya

Business Continuity Planning Slide ke-18 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

  Business Continuity Planning

Slide ke-18 Mata Kuliah: Keamanan Jaringan

oleh Setio Basuki

  Business Continuity Planning

  • Business Continuity Planning (BCP)

  involves Assessing a variety of risks to organizational processes and creating policies, plans, and procedures to

  

minimize the impact those risks might

  have on the organization if they were to occur.

  

Business Continuity Planning

  • The Goal

  of BCP planners is to implement a combination of policies, procedures, and processes such that a potentially

  disruptive event has as little impact on the business as possible.

  Business Continuity Planning of BCP is to provide a quick,

  • The Overall Goal

  calm, and efficient response in the event of an emergency and to enhance a company’s ability to recover. 2

  • The BCP process, as defined by (ISC) , has

  Four Main Steps : – Project Scope And Planning.

  • Business Impact Assessment.
  • Continuity Planning.

  Project Scope and Planning

  

Project Scope and Planning

  • As with any formalized business process, the development of a strong business continuity plan requires the use of a proven methodology. This requires the following : 1. Business Organization Analysis.

  2. BCP Team Selection.

  3. Resource Requirements.

  4. Legal and Regulatory Assessment. Business Scope and Planning:

Business Organization Analysis

  • Identifying

  all departments and individuals who have a stake in the BCP process.

  • Some areas to consider are included in the following list:

  2. Critical support services, such as the

information technology department, plant maintenance department, etc. Business Scope and Planning:

Business Organization Analysis

  • Some areas to consider are included in the following list:

  

Business Scope and Planning:

BCP Team Selection

  • The IT and/or security Departments May

  Not Even Know of the plan’s existence until disaster strikes. This is a critical FLAW !!!

  • To Prevent these events from adversely

  impacting the BCP process, the individuals responsible for the effort should take special care when selecting the BCP team.

  

Business Scope and Planning:

BCP Team Selection

  • The Team Should Include

  , as a minimum requirements:

  1. Representatives from each of the organization’s departments responsible for the core services.

  2. Representatives from the key support departments identified by the organizational analysis. Business Scope and Planning:

BCP Team Selection

  • The team should include, as a minimum requirements:

  4. Security representatives with knowledge of the BCP process.

  5. Legal representatives.

  6. Representatives from senior management .

  

Business Scope and Planning:

Resource Requirements

  • After the team validates the business organization analysis, it should turn to an

  Assessment Of The Resources Required by the BCP effort.

  • This involves the resources required by three distinct BCP phases: 1. BCP Development.

  Business Scope and Planning:

Resource Requirements

  • In BCP Development, The BCP team will require some resources to perform the four elements of the BCP process, such as:

    • – Project scope and planning, business impact assessment,

      continuity planning, and approval and implementation.

  • • The BCP testing, training, and maintenance phases

    of BCP will require some Hardware And Software

    Commitments .

    • – But once again, the major commitment in this phase will be effort on the part of the employees involved in those activities.
    Business Scope and Planning:

    Resource Requirements

    • In BCP Implementation.

  • – When a disaster strikes and the BCP team

    deems it necessary to conduct a full-scale implementation of the business continuity plan, this implementation will require significant resources.

  

Business Scope and Planning:

Legal and Regulatory Requirements.

  • Many industries may find themselves Bound By

  Federal, State, And Local Laws Or Regulations that require them to implement various degrees of BCP.

  • Emergency Services , such as police, fire, and

  emergency medical operations, have a responsibility to the community to continue operations in the event of a disaster.

  • Failure

  on their part to implement a solid BCP could result in the loss of life and/or property and the decreased confidence of the population in their government Business Impact Assessment

Business Impact Assessment

  • After BCP team completes of preparing to create a BCP , then it’s time to continue with the Business Impact Assessment (BIA) .
  • The BIA assesses the likelihood that each threat will actually occur and the impact those occurrences will have on the business.

  

(Cont.)

  • There are

  Two Different Types of

  analyses that business planners use when facing a decision:

  • Quantitative Decision Making.
  • Qualitative Decision Making.

  

(Cont.)

involves the use

  • Quantitative Decision Making of numbers and formulas to reach a decision.

    • – This type of data often expresses options in terms of the dollar value to the business.

  takes non-

  • Qualitative Decision Making

  numerical factors, such as emotions, investor/customer confidence, workforce stability, and other concerns, into account.

  • – This type of data often results in categories of

  

(Cont.)

  • There are

  Sequence of Steps to perform

  BIA, namely: – Identify Priorities.

  • Risk Identification.
  • Likelihood Assessment.
  • Impact Assessment.
  • Resource Prioritization.

  

BIA (Cont.): Identify Priorities

  • There will be certain activities that are most essential to your day-to-day operations when disaster strikes.

    • – The Priority Identification Task , or criticality prioritization, involves creating a comprehensive list of business processes and

      Ranking Them in Order of Importance .

  

BIA (Cont.): Identify Priorities

  • To begin the Quantitative Assessment, the

  BCP team should sit down and draw up a list of organization assets and then assign an Asset Value (AV) in monetary terms to each asset.

  • The second quantitative measure that the team must develop is the Maximum Tolerable Downtime (MTD) .

  

BIA (Cont.): Identify Priorities

  • The

  Recovery Time Objective (RTO) for

  each business function is then developed by the team.

  • The Goal

  of the BCP process is to ensure that your RTOs are less than your MTDs , resulting in a situation in which a function should never be unavailable beyond the maximum tolerable downtime. BIA (Cont.): Risk Identification

  • Risks come in two forms:

  Natural Risks

  and Man-made Risks . The following list includes some events that pose natural threats: – Tornadoes.

  • – Earthquakes.
  • – Mudslides/avalanches.
  • – Volcanic Eruptions.
BIA (Cont.): Risk Identification

  • Man-made Threats include the following events: – Terrorist acts/wars/civil unrest.
    • – Theft/vandalism.
    • – Fires/explosions.
    • – Prolonged power outages.
    • – Building collapses.
    • – Transportation failures.
    BIA (Cont.): Risk Identification

  • Remember, these are by no means all inclusive lists. They merely identify some common risks that many organizations face.

  

Assessment

  • You probably recognized that

  Some Events are Much More Likely to Happen than others.

  • – To Keep Calculations Consistent, this assessment is usually expressed in terms of an annualized Rate of Occurrence (ARO) that reflects the number of times a business expects to experience a given disaster each year.

  

BIA (Cont.): Impact Assessment

  • In this phase, you analyze the data gathered during Risk Identification and Likelihood Assessment.

    • – Then attempt to determine what impact each one of the identified risks would have upon the business if it were to occur.

  

BIA (Cont.): Impact Assessment

  • From a quantitative point of view, we will cover three specific metrics:
    • – The Exposure Factor,
    • – The Single Loss Expectancy, and – The Annualized Loss Expectancy.

  

BIA (Cont.): Impact Assessment

  • The

  Exposure Factor (EF) is the amount

  of damage that the risk poses to the asset, expressed as a percentage of the asset’s value.

  • – For example, if the BCP team consults with

    fire experts and determines that a building fire would cause 70 percent of the building to be destroyed, the exposure factor of the building to fire is 70 percent.

  

BIA (Cont.): Impact Assessment

  • The Single Loss Expectancy (SLE)

  is the monetary loss that is expected each time the risk materializes. You can compute the SLE using the following formula: – SLE = AV x EF.

  

BIA (Cont.): Impact Assessment

  • Continuing with the preceding example, if the building is worth $500,000, the single loss expectancy would be 70 percent of $500,000, or $350,000. You can interpret this figure to mean that a single fire in the building would be expected to cause $350,000 worth of damage.

  

BIA (Cont.): Impact Assessment

  • The Annualized Loss Expectancy (ALE)

  is the monetary loss that the business expects to occur as a result of the risk harming the asset over the course of a year.

  • Computing ALE by simply multiplying those two numbers: – ALE = SLE x ARO.

  

BIA (Cont.): Impact Assessment

  • Returning once again to our building example, if fire experts predict that a fire will occur in the building once every 30 years, the ARO is 1/30, or 0.03.

    • – The ALE is then 3 percent of the $350,000

      SLE, or $11,667. You can interpret this figure to mean that the business should expect to lose $11,667 each year due to a fire in the building.

  

BIA (Cont.): Impact Assessment

  • From a qualitative point of view, you must consider the Nonmonetary impact that interruptions might have on your business. For example, you might want to consider the following: – Loss of goodwill among your client base.
    • – Loss of employees to other jobs after prolonged downtime.
    • – Social/ethical responsibilities to the community.

  

Prioritization

  • • The final step of the BIA is to Prioritize The

  Allocation of Business Continuity resources to the various risks that you identified and assessed in the preceding tasks of the BIA.

  • – You simply

  Create a List of All The Risks you analyzed during the BIA process and sort them in descending order according to the ALE computed during the impact assessment phase.

  

Prioritization

  • For example, if you run a fire suppression company, your Number-one Priority might be the Prevention of a fire In Your

  Principal Place of Business despite the

  fact that an earthquake might cause more physical damage.

  • – The potential loss of reputation within the business community resulting from the destruction of a fire suppression company.

  

End of Slides

  • Available at

  

Dokumen yang terkait

Pratiwi, Penerapan Metode Filtering Video Streaming Dan Malware Pada Jaringan Local Area Network 230 PENERAPAN METODE FILTERING VIDEO STREAMING DAN MALWARE PADA JARINGAN LOCAL AREA NETWORK

0 0 8

MEMAHAMI REVERSE ENGINEERING MELALUI PEMBONGKARAN PRODUK DI PROGRAM S-1 TEKNIK MESIN Dwi Basuki Wibowo

0 0 12

PENGARUH VARIASI MASSA REFRIGERAN R-12 DAN PUTARAN BLOWER EVAPORATOR TERHADAP COP PADA SISTEM PENGKONDISIAN UDARA MOBIL Dwi Basuki Wibowo

0 0 11

View of Pengaruh Nilai Tukar Mata Uang dan Inflasi terhadap Profitabilitas di Bank Syariah: Studi Analisis pada Bank Muamalat, Bank Mandiri Syariah dan Bank Mega Syariah Periode 2011-2015

0 0 24

SKKD Mata Pelajaran SMP_smpplusalistiqomah.dk

0 0 49

LINGKUNGAN BISNIS DAN PERSAINGAN BISNIS RITEL (The Business Environment and the Competition of Retail Business) Tri Joko Utomo)

0 0 11

Pembuatan Aplikasi Dokumentasi Jaringan

1 1 11

Machine Learning: WEKA Tutorial Kecerdasan Buatan Setio Basuki, ST., MT

2 2 52

14 - 802.11 Basic Planning - meeting 2.ppt

0 0 37

Business Continuity Planning (Cont.) Slide ke-18 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

0 0 35