Upload
sohan-masih
View
56
Download
0
Embed Size (px)
Citation preview
1
© Copyright 2016 EMC Corporation. All rights reserved. Please write to us if you would like to get in touch with the speaker
BUSINESS RESILIENCY
PITFALLS M A H A A B U R U M M A N
3
© Copyright 2016 EMC Corporation. All rights reserved.
Growing number of disasters
Multiplying regulatory
requirements
Highly complex supply chains
24/7 delivery requirements
Cyber Breaches
Business Resiliency Drivers
TICKING THE COMPLIANCE
BOX
5
© Copyright 2016 EMC Corporation. All rights reserved.
5
Standards and Regulations
Regulation Summary
Sarbanes-Oxley Auditors are increasing scrutiny of all areas of internal control, including security and business
continuity controls.
ISO 22301:2014 – Societal
Security – Business
Continuity Management
Systems – Requirements
Requirements to plan, establish, implement, operate, monitor, review, maintain and continually
improve a documented management system to protect against, reduce the likelihood of occurrence,
prepare for, respond to, and recover from disruptive incidents when they arise.
ITIL v.3 (international) – IT
Infrastructure Library
Global standard in the area of service management. ITIL® (IT Infrastructure Library®) is the most
widely accepted approach to IT service management in the world. ITIL provides a cohesive set of
best practice, drawn from the public and private sectors internationally.
Business Continuity
Standard and Guide
AE/HSE/NCEMA
7000:2012
Developed to help entities systematically build their business continuity capability during and after an
emergency, disaster or crisis. Initiatives are aimed at ensuring ongoing performance of essential
functions and services in both the public and private sectors, for the purpose of enhancing the UAE’s
national stability.
Source: BCM Legislation and regulations, Jan 2016. BCI
PARALYSIS BY ANALYSIS
7
© Copyright 2016 EMC Corporation. All rights reserved.
Expansive approach to BIA
Undefined and unlimited scope
Excessive analysis of results
What is a BIA?
“A business impact analysis (BIA) is a process that identifies and evaluates the potential effects
(financial, life/safety, regulatory, legal/contractual, reputation and so forth) of natural and man-made
events on business operations.” Gartner IT Glossary
8
© Copyright 2016 EMC Corporation. All rights reserved.
Criticality Assessment
Prioritization
The Goals of a BIA
SILOED FUNCTIONS
10
© Copyright 2016 EMC Corporation. All rights reserved.
10
Challenges
The organization does
not fully understand the
criticality of business
processes, risks or
impacts of crises on the
organization
The organization
does not focus on
building resiliency
into processes,
operations, IT, etc.
Executives do not have
an understanding of the
residual risk of being or
not being prepared
Are we prepared
for the next big
disaster?
- CxO
“
” Business continuity, IT
disaster recovery and
crisis management are
driven by separate,
unconnected groups
Visibility Collaboration Accountability Automation Efficiency
Plan smarter by
integrating BCM, IT DR
and Crisis Management
Leverage technologies
to their full potential with
workflow and controls
Establish
governance and
ownership across the
BCM spectrum
Get IT, Crisis
Management and
the business on the
same page
Understand recovery
priorities and make
better planning
decisions
11
© Copyright 2016 EMC Corporation. All rights reserved.
11
Gaps and Overlaps
Many functions in the organization are repetitive and inefficient. Information is
not being shared across functions resulting in duplicate efforts and fractured
visibility.
CIO Risk Ownership
Reporting
Business Assets
Issue and Remediation
Ownership
BCM COO
Risk Identification
Risk Assessment
ERM
Metrics & Reporting
Issue Generation
Risk Assessment
Evaluate Controls
Reporting
Issue Generation
Control Testing
Compliance Checklist
Reporting
Issue Generation
CCO CRO
IT Assets
Security Risk
IT Controls
Issue Generation
EXPAND CONTINUITY TO
RESILIENCY
13
© Copyright 2016 EMC Corporation. All rights reserved.
Common business context
Capture and resolve incidents
Prepare for and exercise business
recovery strategies
Prepare for and recover from IT
system outages
Manage crisis events and
communications
Evaluate 3rd party readiness
What Is Business Resiliency?
Incident
Management
Business
Continuity IT Disaster
Recovery
Business Operations
Crisis
Management
3rd Party Governance
“A holistic management process that identifies potential threats to an organization and the impacts to
business operations those threats, if realized, might cause.” ISO 22301
14
© Copyright 2016 EMC Corporation. All rights reserved.
Questions
Comments
The End
EMC, RSA, the EMC logo and the RSA logo are registered trademarks of EMC Corporation in the U.S. and other countries.