SlideShare a Scribd company logo

RISK: When What Can Never Happen — Does

Download as PPTX, PDF
TechPoint
TechPoint

The Black Swan Effect – when “what can never happen -- does.” Presented at the Data Center World Conference, Las Vegas, April 2015 By: Rich Banta, co-owner, Lifeline Data Centers, Indianapolis Don Byrne, PhD, President and CEO - Metrix411, Boston Jack Pyne, Director of Training - EPI-AP, Colorado Springs

Technology
1 of 12
1 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts
2 2 BLACK SWAN EVENTS when “what can never happen -- does.”
3 Common Data Center Risks • Unlicensed software • Home-grown code in critical path • Single carriers/ utility providers (no diversity) • No policy/guidance for controlling BYOD • Rogue wireless access points • Local purchasing leading to a lack of configuration control • Inaccurate change management tracking • Out-of-date documentation • Changing compliance requirements with rules/standards/laws • Unnoticed facility flaws (e.g., internal wooden frames) • ‘Sandbox’ projects using actual client data for testing • No data governance software
4 What does this have to do with risk management? Risk management faces different issues • Avoiding, mitigating or accepting risk • What is the risk? • Assuring agencies, clients and stakeholders that you have managed the risk appropriately. • Confidence • Communication
5 Putting Risk Management in Action Reliability-Centered Maintenance • Developed by the FAA and the airlines in the 1960s • Adopted by the US Military in the 1970s • Adopted by the nuclear power industry in the 1980’s • Disney uses it in their theme parks
6 Putting Risk Management in Action - RCM • Business-case oriented • Formalized in SAE JA1011 • Certification is available from Naval Air Command and others • Risk assessment and management on steroids – all the way down to equipment component levels SAE JA1011
7 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis • Bottom-up • Inductive analytical method performed at the functional or piece-part level • Includes criticality analysis, • Charts the probability of failure modes against the severity of their consequences. Component Failure Potential (in 12 month period) Criticality Factor: 1-5 (where 1 is least critical and 5 is ultra critical) Priority Comments Ventilator Fan -- unit 30-b1 99% 5 49.5 Filter Gasket -- g-205 98% 4 39.2 Needs monthly replacement UPS -- unit c25 60% 5 30 Generator -- unit g-5 35% 5 17.5 4 years old HVAC Drain pump -- unit p-304 45% 3 13.5 Generator -- unit g-4 20% 5 10 2 years old Ventilator Fan -- unit 30-b2 30% 2 6
8 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis FMECAs are reviewed, refreshed, and maintained at least on an annual basis, with the collected data incorporated into an ongoing and dynamic failure probability analysis model.
9 Putting Risk Management in Action - RCM When evaluating and purchasing data center infrastructure equipment (generators, UPS systems, HVAC gear, etc.), demand copies of the FMECAs from the manufacturer.
10 Putting Risk Management in Action - RCM • Increasingly interface directly with corporate/enterprise risk managers. • They are becoming more and more conversant in RCM, failure probability analysis, • and the associated value to the risk assessment and risk management equation.
11 Rich Banta – Co-owner Lifeline Data Centers Indianapolis Rich is responsible for compliance and certifications, data center operations, information technology, and client concierge services. He has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. He is formerly the Chief Technology Officer of a major health care system. Rich is hands-on every day in the data centers. Certifications His certifications include:  CISA – Certified Information Systems Auditor  CRISC – Certified in Risk & Information Systems Management  CDCE – Certified Data Center Expert  CDCDP – Certified Data Center Design Professional  CTDC - Certified TIA-942 Design Consultant  CTIA - Certified TIA-942 Auditor  CFCP – Certified FISMA Compliance Practitioner
12 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts

Recommended

Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Hernan Huwyler, MBA CPA
 
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPASecurity and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPAHernan Huwyler, MBA CPA
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceSami Benafia
 
Metric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyMetric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyHernan Huwyler, MBA CPA
 
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerStronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerHernan Huwyler, MBA CPA
 

Recommended

Master Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolMaster Class Cyber Compliance IE Law School IE Busines School
Master Class Cyber Compliance IE Law School IE Busines SchoolHernan Huwyler, MBA CPA
 
Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Prof- Hernan Huwyler - AML Forum 2021
Prof- Hernan Huwyler - AML Forum 2021Hernan Huwyler, MBA CPA
 
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPASecurity and Governance Done Right - Prof. Hernan Huwyler MBA CPA
Security and Governance Done Right - Prof. Hernan Huwyler MBA CPAHernan Huwyler, MBA CPA
 
Protecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatProtecting Your POS Systems from the Next Big Ransomware Threat
Protecting Your POS Systems from the Next Big Ransomware ThreatTripwire
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Ingenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceIngenia consultants-9 basic steps towards TRM compliance
Ingenia consultants-9 basic steps towards TRM complianceSami Benafia
 
Metric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyMetric stream elevating your compliance program with technology
Metric stream elevating your compliance program with technologyHernan Huwyler, MBA CPA
 
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerStronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwyler
Stronger 2021 Building the Blocks to Quantify Cyber Risks - Prof hernan huwylerHernan Huwyler, MBA CPA
 
Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
Hernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler, MBA CPA
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughHernan Huwyler, MBA CPA
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security SBWebinars
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisHernan Huwyler, MBA CPA
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditHernan Huwyler, MBA CPA
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 
RAP GC 2016
RAP GC 2016RAP GC 2016
RAP GC 2016Terri Marconi McKnight
 
24/7 outsourced noc services
24/7 outsourced noc services24/7 outsourced noc services
24/7 outsourced noc servicesElena Benson
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTimothy Jarrett
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19Jacklyn R. Green
 
IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaHernan Huwyler, MBA CPA
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
Security at velocity dc cap one
Security at velocity dc cap oneSecurity at velocity dc cap one
Security at velocity dc cap oneChef
 
Read the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesRead the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesErik Mitchell
 
Making your it skills virtual
Making your it skills virtualMaking your it skills virtual
Making your it skills virtualErik Mitchell
 

More Related Content

What's hot

Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler, MBA CPA
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteHernan Huwyler, MBA CPA
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsVisionet Systems, Inc.
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughHernan Huwyler, MBA CPA
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security SBWebinars
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisHernan Huwyler, MBA CPA
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditHernan Huwyler, MBA CPA
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringTieu Luu
 
24/7 outsourced noc services
24/7 outsourced noc services24/7 outsourced noc services
24/7 outsourced noc servicesElena Benson
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTimothy Jarrett
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19Jacklyn R. Green
 
IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaHernan Huwyler, MBA CPA
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation stacygriggs
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
Security at velocity dc cap one
Security at velocity dc cap oneSecurity at velocity dc cap one
Security at velocity dc cap oneChef
 

What's hot (20)

Hernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized WorldHernan Huwyler - Boards in a Digitalized World
Hernan Huwyler - Boards in a Digitalized World
 
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security InstituteTips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
Tips for IT Risk Management Prof. Hernan Huwyler Information Security Institute
 
Hernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO NordicsHernan Huwyler - CIO and CISO Nordics
Hernan Huwyler - CIO and CISO Nordics
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature Enough
 
3 steps to gain control of cloud security
3 steps to gain control of cloud security 3 steps to gain control of cloud security
3 steps to gain control of cloud security
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
Managing Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus CrisisManaging Contract Risks during Coronavirus Crisis
Managing Contract Risks during Coronavirus Crisis
 
Quantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal AuditQuantitative Data-Driven Risk Management and Internal Audit
Quantitative Data-Driven Risk Management and Internal Audit
 
SuprTEK Continuous Monitoring
SuprTEK Continuous MonitoringSuprTEK Continuous Monitoring
SuprTEK Continuous Monitoring
 
RAP GC 2016
RAP GC 2016RAP GC 2016
RAP GC 2016
 
24/7 outsourced noc services
24/7 outsourced noc services24/7 outsourced noc services
24/7 outsourced noc services
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Trust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier riskTrust but Verify: Strategies for managing software supplier risk
Trust but Verify: Strategies for managing software supplier risk
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19A systems engineering approach to cannabis product development.v1.03 21-19
A systems engineering approach to cannabis product development.v1.03 21-19
 
IFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agendaIFCA Congress How the post-pandemic will shape the compliance agenda
IFCA Congress How the post-pandemic will shape the compliance agenda
 
Geist Presentation
Geist Presentation Geist Presentation
Geist Presentation
 
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99
 
Security at velocity dc cap one
Security at velocity dc cap oneSecurity at velocity dc cap one
Security at velocity dc cap one
 

Viewers also liked

Read the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesRead the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesErik Mitchell
 
Making your it skills virtual
Making your it skills virtualMaking your it skills virtual
Making your it skills virtualErik Mitchell
 
Digital forsyth oa_week
Digital forsyth oa_weekDigital forsyth oa_week
Digital forsyth oa_weekErik Mitchell
 
Databases, the Cloud and its Discontents
Databases, the Cloud and its DiscontentsDatabases, the Cloud and its Discontents
Databases, the Cloud and its DiscontentsDstroyAllModels
 
Why Libraries Virtualize
Why Libraries VirtualizeWhy Libraries Virtualize
Why Libraries VirtualizeErik Mitchell
 
2013 mitchell ical_021213
2013 mitchell ical_0212132013 mitchell ical_021213
2013 mitchell ical_021213Erik Mitchell
 
Federated library services
Federated library servicesFederated library services
Federated library servicesErik Mitchell
 
Cloud computing in libraries, a case study
Cloud computing in libraries, a case studyCloud computing in libraries, a case study
Cloud computing in libraries, a case studyErik Mitchell
 
Approaches to mobile site development
Approaches to mobile site developmentApproaches to mobile site development
Approaches to mobile site developmentErik Mitchell
 
Cloud computing and library services
Cloud computing and library servicesCloud computing and library services
Cloud computing and library servicesErik Mitchell
 
Cloud computing for libraries an introduction
Cloud computing for libraries an introductionCloud computing for libraries an introduction
Cloud computing for libraries an introductionKrista Godfrey
 
Cloud computing in academic libraries
Cloud computing in academic librariesCloud computing in academic libraries
Cloud computing in academic librariesErik Mitchell
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple pptAgarwaljay
 

Viewers also liked (16)

Read the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for librariesRead the silver lining: The potential of cloud computing for libraries
Read the silver lining: The potential of cloud computing for libraries
 
Making your it skills virtual
Making your it skills virtualMaking your it skills virtual
Making your it skills virtual
 
Digital forsyth oa_week
Digital forsyth oa_weekDigital forsyth oa_week
Digital forsyth oa_week
 
Databases, the Cloud and its Discontents
Databases, the Cloud and its DiscontentsDatabases, the Cloud and its Discontents
Databases, the Cloud and its Discontents
 
Why Libraries Virtualize
Why Libraries VirtualizeWhy Libraries Virtualize
Why Libraries Virtualize
 
Resource
Resource Resource
Resource
 
2013 mitchell ical_021213
2013 mitchell ical_0212132013 mitchell ical_021213
2013 mitchell ical_021213
 
Nceactpresentation
NceactpresentationNceactpresentation
Nceactpresentation
 
Federated library services
Federated library servicesFederated library services
Federated library services
 
Digital forsyth
Digital forsythDigital forsyth
Digital forsyth
 
Cloud computing in libraries, a case study
Cloud computing in libraries, a case studyCloud computing in libraries, a case study
Cloud computing in libraries, a case study
 
Approaches to mobile site development
Approaches to mobile site developmentApproaches to mobile site development
Approaches to mobile site development
 
Cloud computing and library services
Cloud computing and library servicesCloud computing and library services
Cloud computing and library services
 
Cloud computing for libraries an introduction
Cloud computing for libraries an introductionCloud computing for libraries an introduction
Cloud computing for libraries an introduction
 
Cloud computing in academic libraries
Cloud computing in academic librariesCloud computing in academic libraries
Cloud computing in academic libraries
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 

Similar to RISK: When What Can Never Happen — Does

Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis Sharon Han
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Data Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICOData Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICOCaserta
 
Using Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in BankingUsing Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in BankingNG DATA
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineguidepostsolutions
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Citrin Cooperman
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorKaspersky
 
Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018 Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018 Bill Gibbs
 
Cybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfCybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfDaveNjoga1
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramEnergySec
 
Panduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfawish11
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECKimberly Simon MBA
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems Jeffrey Paulette
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTri Phan
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTuan Phan
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?IBM Security
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
 

Similar to RISK: When What Can Never Happen — Does (20)

Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis Binghamton Bank Risk Analysis
Binghamton Bank Risk Analysis
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Data Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICOData Driven Decisions - Big Data Warehousing Meetup, FICO
Data Driven Decisions - Big Data Warehousing Meetup, FICO
 
Using Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in BankingUsing Your Data to Reduce Attrition in Banking
Using Your Data to Reduce Attrition in Banking
 
Leveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom lineLeveraging Your Security System to Impact Your Bottom line
Leveraging Your Security System to Impact Your Bottom line
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
 
Supply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy SectorSupply Chain Threats to the US Energy Sector
Supply Chain Threats to the US Energy Sector
 
Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018 Supply Chain Risk Erau webinar march 2018
Supply Chain Risk Erau webinar march 2018
 
Cybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdfCybersec Supply Chain Risks and Governance v0.1.pdf
Cybersec Supply Chain Risks and Governance v0.1.pdf
 
Third Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure ProgramThird Party Security Testing for Advanced Metering Infrastructure Program
Third Party Security Testing for Advanced Metering Infrastructure Program
 
Panduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution DetailsPanduit Smartzone™ DCIM Solution Details
Panduit Smartzone™ DCIM Solution Details
 
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccfAdaptive & Unified Approach to Risk Management & Compliance-via-ccf
Adaptive & Unified Approach to Risk Management & Compliance-via-ccf
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
CEA SBP Overview
CEA SBP OverviewCEA SBP Overview
CEA SBP Overview
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
TrustedAgent GRC for Public Sector
TrustedAgent GRC for Public SectorTrustedAgent GRC for Public Sector
TrustedAgent GRC for Public Sector
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

RISK: When What Can Never Happen — Does

  • 1. 1 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts
  • 3. 3 Common Data Center Risks • Unlicensed software • Home-grown code in critical path • Single carriers/ utility providers (no diversity) • No policy/guidance for controlling BYOD • Rogue wireless access points • Local purchasing leading to a lack of configuration control • Inaccurate change management tracking • Out-of-date documentation • Changing compliance requirements with rules/standards/laws • Unnoticed facility flaws (e.g., internal wooden frames) • ‘Sandbox’ projects using actual client data for testing • No data governance software
  • 4. 4 What does this have to do with risk management? Risk management faces different issues • Avoiding, mitigating or accepting risk • What is the risk? • Assuring agencies, clients and stakeholders that you have managed the risk appropriately. • Confidence • Communication
  • 5. 5 Putting Risk Management in Action Reliability-Centered Maintenance • Developed by the FAA and the airlines in the 1960s • Adopted by the US Military in the 1970s • Adopted by the nuclear power industry in the 1980’s • Disney uses it in their theme parks
  • 6. 6 Putting Risk Management in Action - RCM • Business-case oriented • Formalized in SAE JA1011 • Certification is available from Naval Air Command and others • Risk assessment and management on steroids – all the way down to equipment component levels SAE JA1011
  • 7. 7 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis • Bottom-up • Inductive analytical method performed at the functional or piece-part level • Includes criticality analysis, • Charts the probability of failure modes against the severity of their consequences. Component Failure Potential (in 12 month period) Criticality Factor: 1-5 (where 1 is least critical and 5 is ultra critical) Priority Comments Ventilator Fan -- unit 30-b1 99% 5 49.5 Filter Gasket -- g-205 98% 4 39.2 Needs monthly replacement UPS -- unit c25 60% 5 30 Generator -- unit g-5 35% 5 17.5 4 years old HVAC Drain pump -- unit p-304 45% 3 13.5 Generator -- unit g-4 20% 5 10 2 years old Ventilator Fan -- unit 30-b2 30% 2 6
  • 8. 8 Putting Risk Management in Action - RCM FMECA: Failure Mode, Effects, and Criticality Analysis FMECAs are reviewed, refreshed, and maintained at least on an annual basis, with the collected data incorporated into an ongoing and dynamic failure probability analysis model.
  • 9. 9 Putting Risk Management in Action - RCM When evaluating and purchasing data center infrastructure equipment (generators, UPS systems, HVAC gear, etc.), demand copies of the FMECAs from the manufacturer.
  • 10. 10 Putting Risk Management in Action - RCM • Increasingly interface directly with corporate/enterprise risk managers. • They are becoming more and more conversant in RCM, failure probability analysis, • and the associated value to the risk assessment and risk management equation.
  • 11. 11 Rich Banta – Co-owner Lifeline Data Centers Indianapolis Rich is responsible for compliance and certifications, data center operations, information technology, and client concierge services. He has an extensive background in server and network management, large scale wide-area networks, storage, business continuity, and monitoring. He is formerly the Chief Technology Officer of a major health care system. Rich is hands-on every day in the data centers. Certifications His certifications include:  CISA – Certified Information Systems Auditor  CRISC – Certified in Risk & Information Systems Management  CDCE – Certified Data Center Expert  CDCDP – Certified Data Center Design Professional  CTDC - Certified TIA-942 Design Consultant  CTIA - Certified TIA-942 Auditor  CFCP – Certified FISMA Compliance Practitioner
  • 12. 12 The Risky Data Center Panelists Don Byrne Jack Pyne Rich Banta Introduction and Concepts Standards Overview Applying the Concepts