SlideShare a Scribd company logo

RISK: When What Can Never Happen — Does

Download as PPTX, PDF
TechPoint
TechPoint

The Black Swan Effect – when “what can never happen -- does.” Presented at the Data Center World Conference, Las Vegas, April 2015 By: Rich Banta, co-owner, Lifeline Data Centers, Indianapolis Don Byrne, PhD, President and CEO - Metrix411, Boston Jack Pyne, Director of Training - EPI-AP, Colorado Springs

Technology
1 of 12
1 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts
2 2 BLACK SWAN EVENTS when “what can never happen -- does.”
3 Common Data Center Risks • Unlicensed software • Home-grown code in critical path • Single carriers/ utility providers (no diversity) • No policy/guidance for controlling BYOD • Rogue wireless access points • Local purchasing leading to a lack of configuration control • Inaccurate change management tracking • Out-of-date documentation • Changing compliance requirements with rules/standards/laws • Unnoticed facility flaws (e.g., internal wooden frames) • ‘Sandbox’ projects using actual client data for testing • No data governance software
4 What does this have to do with risk management? Risk management faces different issues • Avoiding, mitigating or accepting risk • What is the risk? • Assuring agencies, clients and stakeholders that you have managed the risk appropriately. • Confidence • Communication
5 Putting Risk Management in Action Reliability-Centered Maintenance • Developed by the FAA and the airlines in the 1960s • Adopted by the US Military in the 1970s • Adopted by the nuclear power industry in the 1980’s • Disney uses it in their theme parks
6 Putting Risk Management in Action - RCM • Business-case oriented • Formalized in SAE JA1011 • Certification is available from Naval Air Command and others • Risk assessment and management on steroids – all the way down to equipment component levels SAE JA1011
7 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis • Bottom-up • Inductive analytical method performed at the functional or piece-part level • Includes criticality analysis, • Charts the probability of failure modes against the severity of their consequences. Component Failure Potential (in 12 month period) Criticality Factor: 1-5 (where 1 is least critical and 5 is ultra critical) Priority Comments Ventilator Fan -- unit 30-b1 99% 5 49.5 Filter Gasket -- g-205 98% 4 39.2 Needs monthly replacement UPS -- unit c25 60% 5 30 Generator -- unit g-5 35% 5 17.5 4 years old HVAC Drain pump -- unit p-304 45% 3 13.5 Generator -- unit g-4 20% 5 10 2 years old Ventilator Fan -- unit 30-b2 30% 2 6
8 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis FMECAs are reviewed, refreshed, and maintained at least on an annual basis, with the collected data incorporated into an ongoing and dynamic failure probability analysis model.
9 Putting Risk Management in Action - RCM When evaluating and purchasing data center infrastructure equipment (generators, UPS systems, HVAC gear, etc.), demand copies of the FMECAs from the manufacturer.
10 Putting Risk Management in Action - RCM • Increasingly interface directly with corporate/enterprise risk managers. • They are becoming more and more conversant in RCM, failure probability analysis, • and the associated value to the risk assessment and risk management equation.
11 Rich Banta – Co-owner Lifeline Data Centers Indianapolis Rich is responsible for compliance and certifications, data center operations, information technology, and client concierge services. He has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. He is formerly the Chief Technology Officer of a major health care system. Rich is hands-on every day in the data centers. Certifications His certifications include:  CISA – Certified Information Systems Auditor  CRISC – Certified in Risk & Information Systems Management  CDCE – Certified Data Center Expert  CDCDP – Certified Data Center Design Professional  CTDC - Certified TIA-942 Design Consultant  CTIA - Certified TIA-942 Auditor  CFCP – Certified FISMA Compliance Practitioner
12 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts

Recommended

Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Hernan Huwyler, MBA CPA
 
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPASecurity and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPAHernan Huwyler, MBA CPA
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceSami Benafia
 
Metric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyMetric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyHernan Huwyler, MBA CPA
 
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerStronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerHernan Huwyler, MBA CPA
 

Recommended

Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Hernan Huwyler, MBA CPA
 
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPASecurity and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPAHernan Huwyler, MBA CPA
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceSami Benafia
 
Metric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyMetric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyHernan Huwyler, MBA CPA
 
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerStronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerHernan Huwyler, MBA CPA
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Hernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler, MBA CPA
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughHernan Huwyler, MBA CPA
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security SBWebinars
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisHernan Huwyler, MBA CPA
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditHernan Huwyler, MBA CPA
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 
RAP GC 2016
RAP GC 2016RAP GC 2016
RAP GC 2016Terri Marconi McKnight
 
24/7 outsourced noc services
24/7 outsourced noc services24/7 outsourced noc services
24/7 outsourced noc servicesElena Benson
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTimothy Jarrett
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19Jacklyn R. Green
 
IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaHernan Huwyler, MBA CPA
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
Security at velocity dc cap one
Security at velocity dc cap oneSecurity at velocity dc cap one
Security at velocity dc cap oneChef
 
Read the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesRead the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesErik Mitchell
 
Making your it skills virtual
Making your it skills virtualMaking your it skills virtual
Making your it skills virtualErik Mitchell
 

More Related Content

What's hot

Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughHernan Huwyler, MBA CPA
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security SBWebinars
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisHernan Huwyler, MBA CPA
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditHernan Huwyler, MBA CPA
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 
24/7 outsourced noc services
24/7 outsourced noc services24/7 outsourced noc services
24/7 outsourced noc servicesElena Benson
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTimothy Jarrett
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19Jacklyn R. Green
 
IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaHernan Huwyler, MBA CPA
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
Security at velocity dc cap one
Security at velocity dc cap oneSecurity at velocity dc cap one
Security at velocity dc cap oneChef
 

What's hot (20)

Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized World
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
 
Hernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO Nordics
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature Enough
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus Crisis
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal Audit
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
 
RAP GC 2016
RAP GC 2016RAP GC 2016
RAP GC 2016
 
24/7 outsourced noc services
24/7 outsourced noc services24/7 outsourced noc services
24/7 outsourced noc services
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier risk
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19
 
IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agenda
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 
Security at velocity dc cap one
Security at velocity dc cap oneSecurity at velocity dc cap one
Security at velocity dc cap one
 

Viewers also liked

Read the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesRead the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesErik Mitchell
 
Making your it skills virtual
Making your it skills virtualMaking your it skills virtual
Making your it skills virtualErik Mitchell
 
Digital forsyth oa_week
Digital forsyth oa_weekDigital forsyth oa_week
Digital forsyth oa_weekErik Mitchell
 
Databases, the Cloud and its Discontents
Databases, the Cloud and its DiscontentsDatabases, the Cloud and its Discontents
Databases, the Cloud and its DiscontentsDstroyAllModels
 
Why Libraries Virtualize
Why Libraries VirtualizeWhy Libraries Virtualize
Why Libraries VirtualizeErik Mitchell
 
2013 mitchell ical_021213
2013 mitchell ical_0212132013 mitchell ical_021213
2013 mitchell ical_021213Erik Mitchell
 
Federated library services
Federated library servicesFederated library services
Federated library servicesErik Mitchell
 
Cloud computing in libraries, a case study
Cloud computing in libraries, a case studyCloud computing in libraries, a case study
Cloud computing in libraries, a case studyErik Mitchell
 
Approaches to mobile site development
Approaches to mobile site developmentApproaches to mobile site development
Approaches to mobile site developmentErik Mitchell
 
Cloud computing and library services
Cloud computing and library servicesCloud computing and library services
Cloud computing and library servicesErik Mitchell
 
Cloud computing for libraries an introduction
Cloud computing for libraries an introductionCloud computing for libraries an introduction
Cloud computing for libraries an introductionKrista Godfrey
 
Cloud computing in academic libraries
Cloud computing in academic librariesCloud computing in academic libraries
Cloud computing in academic librariesErik Mitchell
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple pptAgarwaljay
 

Viewers also liked (16)

Read the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesRead the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for libraries
 
Making your it skills virtual
Making your it skills virtualMaking your it skills virtual
Making your it skills virtual
 
Digital forsyth oa_week
Digital forsyth oa_weekDigital forsyth oa_week
Digital forsyth oa_week
 
Databases, the Cloud and its Discontents
Databases, the Cloud and its DiscontentsDatabases, the Cloud and its Discontents
Databases, the Cloud and its Discontents
 
Why Libraries Virtualize
Why Libraries VirtualizeWhy Libraries Virtualize
Why Libraries Virtualize
 
Resource
Resource Resource
Resource
 
2013 mitchell ical_021213
2013 mitchell ical_0212132013 mitchell ical_021213
2013 mitchell ical_021213
 
Nceactpresentation
NceactpresentationNceactpresentation
Nceactpresentation
 
Federated library services
Federated library servicesFederated library services
Federated library services
 
Digital forsyth
Digital forsythDigital forsyth
Digital forsyth
 
Cloud computing in libraries, a case study
Cloud computing in libraries, a case studyCloud computing in libraries, a case study
Cloud computing in libraries, a case study
 
Approaches to mobile site development
Approaches to mobile site developmentApproaches to mobile site development
Approaches to mobile site development
 
Cloud computing and library services
Cloud computing and library servicesCloud computing and library services
Cloud computing and library services
 
Cloud computing for libraries an introduction
Cloud computing for libraries an introductionCloud computing for libraries an introduction
Cloud computing for libraries an introduction
 
Cloud computing in academic libraries
Cloud computing in academic librariesCloud computing in academic libraries
Cloud computing in academic libraries
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 

Similar to RISK: When What Can Never Happen — Does

Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis Sharon Han
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Data Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICOData Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICOCaserta
 
Using Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in BankingUsing Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in BankingNG DATA
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineguidepostsolutions
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Citrin Cooperman
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018 Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018 Bill Gibbs
 
Cybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfCybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfDaveNjoga1
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Panduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 

Similar to RISK: When What Can Never Happen — Does (20)

Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Data Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICOData Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICO
 
Using Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in BankingUsing Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in Banking
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom line
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018 Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018
 
Cybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfCybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdf
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 
Panduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution Details
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
CEA SBP Overview
CEA SBP OverviewCEA SBP Overview
CEA SBP Overview
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

RISK: When What Can Never Happen — Does

  • 1. 1 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts
  • 3. 3 Common Data Center Risks • Unlicensed software • Home-grown code in critical path • Single carriers/ utility providers (no diversity) • No policy/guidance for controlling BYOD • Rogue wireless access points • Local purchasing leading to a lack of configuration control • Inaccurate change management tracking • Out-of-date documentation • Changing compliance requirements with rules/standards/laws • Unnoticed facility flaws (e.g., internal wooden frames) • ‘Sandbox’ projects using actual client data for testing • No data governance software
  • 4. 4 What does this have to do with risk management? Risk management faces different issues • Avoiding, mitigating or accepting risk • What is the risk? • Assuring agencies, clients and stakeholders that you have managed the risk appropriately. • Confidence • Communication
  • 5. 5 Putting Risk Management in Action Reliability-Centered Maintenance • Developed by the FAA and the airlines in the 1960s • Adopted by the US Military in the 1970s • Adopted by the nuclear power industry in the 1980’s • Disney uses it in their theme parks
  • 6. 6 Putting Risk Management in Action - RCM • Business-case oriented • Formalized in SAE JA1011 • Certification is available from Naval Air Command and others • Risk assessment and management on steroids – all the way down to equipment component levels SAE JA1011
  • 7. 7 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis • Bottom-up • Inductive analytical method performed at the functional or piece-part level • Includes criticality analysis, • Charts the probability of failure modes against the severity of their consequences. Component Failure Potential (in 12 month period) Criticality Factor: 1-5 (where 1 is least critical and 5 is ultra critical) Priority Comments Ventilator Fan -- unit 30-b1 99% 5 49.5 Filter Gasket -- g-205 98% 4 39.2 Needs monthly replacement UPS -- unit c25 60% 5 30 Generator -- unit g-5 35% 5 17.5 4 years old HVAC Drain pump -- unit p-304 45% 3 13.5 Generator -- unit g-4 20% 5 10 2 years old Ventilator Fan -- unit 30-b2 30% 2 6
  • 8. 8 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis FMECAs are reviewed, refreshed, and maintained at least on an annual basis, with the collected data incorporated into an ongoing and dynamic failure probability analysis model.
  • 9. 9 Putting Risk Management in Action - RCM When evaluating and purchasing data center infrastructure equipment (generators, UPS systems, HVAC gear, etc.), demand copies of the FMECAs from the manufacturer.
  • 10. 10 Putting Risk Management in Action - RCM • Increasingly interface directly with corporate/enterprise risk managers. • They are becoming more and more conversant in RCM, failure probability analysis, • and the associated value to the risk assessment and risk management equation.
  • 11. 11 Rich Banta – Co-owner Lifeline Data Centers Indianapolis Rich is responsible for compliance and certifications, data center operations, information technology, and client concierge services. He has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. He is formerly the Chief Technology Officer of a major health care system. Rich is hands-on every day in the data centers. Certifications His certifications include:  CISA – Certified Information Systems Auditor  CRISC – Certified in Risk & Information Systems Management  CDCE – Certified Data Center Expert  CDCDP – Certified Data Center Design Professional  CTDC - Certified TIA-942 Design Consultant  CTIA - Certified TIA-942 Auditor  CFCP – Certified FISMA Compliance Practitioner
  • 12. 12 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts