![Disclaimer ,[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (18)
Similar to 2007 CPM West Keynote Presentation
Similar to 2007 CPM West Keynote Presentation (20)
2007 CPM West Keynote Presentation
- 1. 10 Avoidable Mistakes for Executives in Resiliency Management Presented by: Jon Murphy, CISSP, CHS-V, PMP, CBCP, CDCP, NSA-IAM/IEM, MBA, AANG Copyright © 2002 – 2011 All Rights Reserved. Jon Murphy
- 12. It’s Everybody’s Business Organizational Resiliency EMERGENCY MANAGEMENT IT DISASTER RECOVERY FACILITIES MANAGEMENT HUMAN RESOURCES PHYSICAL SECURITY COMMUNICATIONS & PR KNOWLEDGE MANAGEMENT SUPPLY CHAIN MANAGEMENT QUALITY MANAGEMENT OPERAATIONS MANAGEMENT FINANCE MANAGEMENT ENVIRONMENT MANAGEMENT
- 15. BII: adequate for these or not? Risk Event Percent Affected Business Impact Power outage 88% High Telecom failure 57% Medium to High Hardware failure 56% Low to High Natural disaster 55% Medium to Very High Human error 53% Low to High Software failure 48% Low to High Service provider failure 39% Medium to High IT Security breach 36% Medium to Very High Facility move 33% Medium to High Terrorists' Acts 21% Medium to Very High Physical Security Breach 18% Medium to Very High Fire 12% Medium to Very High
- 18. Information Security is your Best Partner in Getting to “Yes”
- 22. Tangible Disaster Impact 6 yr Total Revenues % Decrease $16.98 B 0% $12.97 B 23.60% $5.38B 68.32%
- 23. Time to Recovery in Days Costs 1 3 7 20 30 R 5X 18X 45X ∞ Recovery Costs Factor R + C + S + Complete Market Loss (M) R + C + Shareholder Confidence Loss (S) R + Customer Confidence Loss (C) Predominantly Just Revenue Loss (R) Copyright © 2002 – 2011 All Rights Reserved. Jon Murphy
- 26. Graphically Speaking … Range of Impact to the Organization C O P I N G R E S O U R C E S Normal Emergency Disaster Event Impact Organization’s Level of Coping Resources Disaster Realm ↑ ↓ Copyright © 2002 – 2011 All Rights Reserved. Jon Murphy
- 27. After Mitigation, Prep, Training … Range of Impact to the Organization C O P I N G R E S O U R C E S Normal Emergency Disaster Event Impact Organization’s Level of Coping Resources Disaster Realm ↑ ↓ Copyright © 2002 – 2011 All Rights Reserved. Jon Murphy
- 35. Response & Recovery Capability Minimal, 30 days Good, < 3 days Better, < 1 day Initial Costs Additional Costs ATOD Costs An Investment Starting Point Copyright © 2002 – 2011 All Rights Reserved. Jon Murphy
- 37. Regulatory Compliance – an Ever Changing World
- 40. Where would you rather be?
Editor's Notes
- And… In keeping with that thought… Lets find out exactly what we will look at today.
- Why apocalyptic How to avoid
- Eisenhower quote vs Shane & John M approach Are key responders fully aware of the org’s dependency and has the org made plans to take care of their special needs What about critical responders who are temporarily unavailable or impaired What is your org’s policy on impaired persons in an emergency?
- BCP Activities include: Customer, partner, supplier communications and manual workarounds; possible alternate quarters DRP activities include: data recovery, server recovery, network re-routing, hot site spin up, etc. Tell the oilwell fitting company story Mention other domains Why apocalyptic and how to avoid
- All these functions, and probably more, need BC addressed, though as I said, DR for us is a more critical role than for some others firms What about support functions we take for granted, mail and other deliveries, custodial, etc.
- CPM surveyed the Fortune 5000 in 2004 and some 2800 respondents reported these results. 30% of all businesses that have a major fire go out of business within a year. 70% fail within 5 years. ( Research by Gartner Group ) 93% of companies that lost their works-in-progress data for 10 days or more due to a disaster, filed for bankruptcy within 1 year of the disaster. ( National Archives & Records Administration, Washington DC ) 50% of businesses that found themselves without data recovery from PCs for this same time period filed for bankruptcy immediately. ( National Archives & Records Administration, Washington DC ) What about a pandemic, has your org started any research or planning around Avian Flu mutating to a human infectious form? What about falling water? Will your BII cover the expensive decorations that adorn HQ?
- You need to know where to get replacement employees or contract workers who can take up the slack in such a situation. If your systems are so customized that such workers can’t be found, then you’ve identified another key vulnerability for your organization. Many planners simply assume that because of the nature of their organization (bank, nursing home, etc), the utility companies will assign them a high priority in their recovery operations. During the 2004 hurricane devastation in Florida, many nursing home operators - who simply assumed that they had the same priority as hospitals - found out that they were actually lower-level in priority than most businesses. Find out BEFORE disaster strikes! Most diesel-powered generators only have about a three-day supply of fuel in their supply tanks. Often, during a disaster, areas become inaccessible to fuel trucks for longer periods of time than that, and alternate plans need to be drawn up for that eventuality. Many organizations are dependent upon air deliveries of key items. An example would be drug companies who are delivering test samples for clinical trials. These deliveries were completely disrupted after 9/11 when the entire air fleet of the country was grounded. Another example would be organizations who have arranged for air delivery of replacement computers in a disaster–just the time when airports might be closed. Alternative means of transportation need to be identified in advance to cover these eventualities.
- Mention article coming out and prez at DRJ FW 06 on IS meeting Homeland security
- All lines represent all the EI brands’ contribution. Green is Business As Usual, Orange is impact of the 50% loss of Hotels.com (complete outage time of 15 days, plus less than 100% operation time, plus damage to brand) and red is the impact of the 50% loss of Expedia.com (complete outage time of 30 days, plus less than 100% operation time, plus damage to brand)
- Recovery Costs Factor exponential growth over time curve source; Sir Andrew Hiles, the British Continuity Institute and the British Standards Institute 2002. Actual $ figures sourced from Expedia FP&A 2005
- Discuss loss of ability to purchase and pay Coordination with local jurisdiction’s emergency services and EPD
- The less mitigation/prep/training is undertaken, the organization’s coping level is lower and makes the Disaster Realm larger.
- As more mitigation/prep/training is undertaken, the organization’s coping level rises and makes the Disaster Realm smaller.
- Repository and corporate memory of lessons learned Nearby risks?
- Up front costs + RTO costs + Additional recovery costs = total cost / impact Include cost to manage brand impact (advertising, coupons, marketing…) Investing more up front reduces other costs
- I thought about alternately titling this slide…”And the regulators shall inherit the earth”. I know you all realize that is not even all the pertinent heavy hitter regs, for instance FACTA, FISMA, GLBA are not even covered here!