The document discusses disaster recovery planning for organizations. It describes the importance of disaster recovery and risk management. The key steps in a risk management approach are outlined, including identifying assets, threats, impact analysis, available controls, and cost-benefit analysis. Different types of backup systems and locations are explained for withstanding faults and disasters. A disaster recovery plan should address backup procedures, critical applications, facilities, communications, infrastructure, employees, and information to ensure business continuity if a major disaster occurs.
Disaster can strike at any time and can significantly disrupt business if you're not prepared. This guide provides steps to take to recover from a IT disaster, what to include in a disaster recovery plan, and common causes of IT disasters.
Disaster can strike at any time and can significantly disrupt business if you're not prepared. This guide provides steps to take to recover from a IT disaster, what to include in a disaster recovery plan, and common causes of IT disasters.
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
Risk Vision explores the best practices and ROI of the most successful business risk-centric vulnerability management programs. Watch the full webcast here: https://youtu.be/gW_ZAFpTK20
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
Magic quadrant for operational risk management solutions Deepak Kamboj
Magic Quadrant for Operational Risk Management Solutions
Analyst(s): John A. Wheeler, Jie Zhang
Summary
Security and risk management leaders are seeking to integrate their risk management solutions to gain a more holistic view of risk across the enterprise. Operational risk management solutions serve as the core element of integrated risk management.
Enterprise Class Vulnerability Management Like A Bossrbrockway
A fluid and effective Vulnerability Management Framework, a core pillar in most Enterprise Security Architectures (ESA), remains a continual challenge to most organizations. Ask any of the major breach targets of the past several years. This talk takes the recent OWASP Application Security Verification Standard (ASVS) 2014 framework and applies it to Enterprise Vulnerability Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations based on your business' needs.
Is Your Vulnerability Management Program Irrelevant?Skybox Security
In this webcast, Scott Crawford from Enterprise Management Associates and Michelle Johnson Cobb of Skybox Security will discuss how to:
Link vulnerability discovery, risk-based prioritization, and remediation activities to effectively mitigate risks before exploitation.
Build a remediation strategy that addresses ‘unpatchable’ systems
Minimize change management headaches by anticipating unintended impacts due to system and application interdependencies.
Use metrics and key performance indicators (KPI’s) like remediation latency to track effectiveness of the vulnerability management program.
Decision making is important for entrepreneurs or anyone alike. Procrastination often leads to bad decision making and requires more time to rectify when it happens. Here are some tips to help you take control of your decisions for your business.
Best Practices and ROI for Risk-based Vulnerability ManagementResolver Inc.
Risk Vision explores the best practices and ROI of the most successful business risk-centric vulnerability management programs. Watch the full webcast here: https://youtu.be/gW_ZAFpTK20
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
Magic quadrant for operational risk management solutions Deepak Kamboj
Magic Quadrant for Operational Risk Management Solutions
Analyst(s): John A. Wheeler, Jie Zhang
Summary
Security and risk management leaders are seeking to integrate their risk management solutions to gain a more holistic view of risk across the enterprise. Operational risk management solutions serve as the core element of integrated risk management.
Enterprise Class Vulnerability Management Like A Bossrbrockway
A fluid and effective Vulnerability Management Framework, a core pillar in most Enterprise Security Architectures (ESA), remains a continual challenge to most organizations. Ask any of the major breach targets of the past several years. This talk takes the recent OWASP Application Security Verification Standard (ASVS) 2014 framework and applies it to Enterprise Vulnerability Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations based on your business' needs.
Is Your Vulnerability Management Program Irrelevant?Skybox Security
In this webcast, Scott Crawford from Enterprise Management Associates and Michelle Johnson Cobb of Skybox Security will discuss how to:
Link vulnerability discovery, risk-based prioritization, and remediation activities to effectively mitigate risks before exploitation.
Build a remediation strategy that addresses ‘unpatchable’ systems
Minimize change management headaches by anticipating unintended impacts due to system and application interdependencies.
Use metrics and key performance indicators (KPI’s) like remediation latency to track effectiveness of the vulnerability management program.
Decision making is important for entrepreneurs or anyone alike. Procrastination often leads to bad decision making and requires more time to rectify when it happens. Here are some tips to help you take control of your decisions for your business.
Business continuity and disaster recovery are not the same but complement each other. Planning on BCP and DRP is necessary for all business. This slide contains information on how to achieve and maintain them.
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
Physical Security Information Management (PSIM) software enables security departments to manage an enterprise’s exposure to security risk. It is designed to aid decision making and deployment planning within an organization. Within physical security operations it has been widely accepted that critical information from numerous sources is left to system operators to interpret and act upon consistently and correctly. Most end users have video surveillance, access control and building management systems. These systems are not integrated together and work independently with no communication with other systems in the ecosystem.
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxanhlodge
RUNNING HEADER: Disaster Recovery Plan: Information and Documentation for IBM Company 1
Disaster Recovery Plan: Information and Documentation for IBM Company 4
Disaster Recovery Plan: Information and Documentation for IBM Company
NAME
American Military University
ISSC490
A Disaster Recovery Plan is a documented process, and structured approach with instructions that details steps a business will take to recover from an unplanned catastrophic event. IBM highly relies on Information Technology to quickly and effectively process information, and most of its operations are computerized. As such, an IT disaster recovery plan for IBM should be well aligned with the business continuity plan. This is mostly known as risk assessment or threat analysis. Below are resources for documenting a disaster recovery plan for IBM Information Technology infrastructure.
Hardware and Peripheral devices
This generally includes any auxiliary device that is connected and works in conjunction with the computer, such as printers and scanners. When evaluating the hardware, one should determine the risk of losing the machine entirely and damage through hardware failure. The company computer systems may also be at risk of contracting viruses if employees are allowed to go home with laptops or consultants and vendors are allowed to plug in their Personal computers into IBM systems.
Email and Data exchanges
IBM uses shared computers and local area network which is generally a network of computers that share a communication line or wireless link to a server. This puts the company at risk of losing shared applications and information such as inventory control and payrolls. Sharing files using LANs may also lead to contraction of computer viruses and a slow down on the entire company network hence business interruptions. Emails shared through computers in the facility must also be evaluated when determining the risk.
Software Applications
IBM uses end-user programs designed to perform a group of coordinated functions for the fast and effective running of operations. These programs include word processors, spreadsheets, database programs and web browsers. All these programs are a source of vital information while developing a disaster management plan. Theft of software from the facility could be detrimental to the company and may even lead to lawsuits.
IP Addresses
The company internet protocol addresses act as a host or network interface identification. Despite the proxies and anonymity that exist to protect IP addresses, careless setups and gaps on the company’s security firewall could invite unwanted guests. Hackers may use the company IP address to send or retrieve information from the IBM computers.
VPN and Server Access
An evaluation on virtual private networks (VPNs) is necessary for ensuring the protection of private and confidential data. However, hackers may be able to spot weaknesses and stea.
Risk management is one of the main concepts that have been used by most of the organisations to protect their assets and data. One such example would be INSURANCE. Most of the insurance like Life, Health, and Auto etc have been formulated to help people protect their assets against losses. Risk management has also extended its roots to physical devices, such as locks and doors to protect homes and automobiles, password protected vaults to protect money and jewels, police, fire, security to protect against other physical risks. Dr. C. Umarani | Shriniketh D "Risk Management" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37916.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37916/risk-management/dr-c-umarani
Enterprise Security Critical Security Functions version 1.0Marc-Andre Heroux
Security subjects within this article:
Enterprise Security
Security Governance
IT Risk Management
Information System Management
Threat & Incident Management
Vulnerability Management
Protecting Information Resources
BCP Management
Identity and Access Control Management
Change Management
Physical Security
This article will look at common mistakes that organizations make on the path to achieving vulnerability management perfection, both in process and technology areas.
Building a Business Continuity CapabilityRod Davis
A detailed overview of the business continuity / disaster recovery planning process. Gives numerous tips for effective execution of plan development. Emphasizes development of a true recovery capability through exercises which reveal weaknesses in the plan or technology leading to improvements.
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
Chapter 1
Managing Risk
THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
· 3.8 Explain how resiliency and automation strategies reduce risk.
· Automation/Scripting: Automated courses of action; Continuous monitoring; Configuration validation
· Templates
· Master image
· Non-persistence: Snapshots; Revert to known state; Rollback to known configuration; Live boot media
· Elasticity
· Scalability
· Distributive allocation
· Redundancy
· Fault tolerance
· High availability
· RAID
· 5.1 Explain the importance of policies, plans, and procedures related to organizational security.
· Standard operating procedure
· Agreement types: BPA; SLA; ISA; MOU/MOA
· Personnel management: Mandatory vacations; Job rotation; Separation of duties; Clean desk; Background checks; Exit interviews; Role-based awareness training (Data owner; System administrator; System owner; User; Privileged user; Executive user); NDA, Onboarding; Continuing education; Acceptable use policy/rules of behavior; Adverse actions
· General security policies: Social media networks/applications; Personal email
· 5.2 Summarize business impact analysis concepts.
· RTO/RPO
· MTBF
· MTTR
· Mission-essential functions
· Identification of critical systems
· Single point of failure
· Impact: Life; Property; Safety; Finance; Reputation
· Privacy impact assessment
· Privacy threshold assessment
· 5.3 Explain risk management processes and concepts.
· Threat assessment: Environmental; Manmade; Internal vs. External
· Risk assessment: SLE; ALE; ARO; Asset value; Risk register; Likelihood of occurrence; Supply chain assessment; Impact; Quantitative; Qualitative; Testing (Penetration testing authorization; Vulnerability testing authorization); Risk response techniques (Accept, Transfer, Avoid, Mitigate)
· Change management
As an administrator, you are responsible. You are responsible for data that gets created, stored, transmitted, viewed, modified, deleted, and just about everything else that can be done with it. Because of this, not only must you enable it to exist, but you must protect it, authenticate it, secure it, and keep it in the form that complies with every applicable law, policy, and regulation. Counter to this are all of the dangers that can befall the data: it can be accidentally deleted, overwritten, stolen, and lost. These potential harms represent risks, and you must know the risks involved in working with data. You have to know and accept that data can be corrupted, it can be accessed by those who shouldn’t see it, values can be changed, and so on.
If you think that being armed with this knowledge is enough to drive you into taking the steps necessary to keep any harm from happening, however, you are sadly mistaken. One of the actions that administrators can be instructed to take by upper management regarding potential threats is to accept that they exist. If the cost of preventing a particular risk from becoming a reality exceeds the value of the harm t.
Cyber security lecture for University students, following and expanding on previously delivered presentation on Enterprise Security Incident Management. More in-depth, with the Security Incident lifecycle focus
Entrepreneurs in the midst of their passion and excitement may approach social media lightly and find that social media does not 'work' for them. This presentation highlights some of the fundamentals of social media for entrepreneurs.
This presentation was shared in an entrepreneurship workshop in 2012.
See accompanying blog post: www.janwong.my/social-media-for-entrepreneurs-an-introduction
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Skye Residences | Extended Stay Residences Near Toronto Airportmarketingjdass
Experience unparalleled EXTENDED STAY and comfort at Skye Residences located just minutes from Toronto Airport. Discover sophisticated accommodations tailored for discerning travelers.
Website Link :
https://skyeresidences.com/
https://skyeresidences.com/about-us/
https://skyeresidences.com/gallery/
https://skyeresidences.com/rooms/
https://skyeresidences.com/near-by-attractions/
https://skyeresidences.com/commute/
https://skyeresidences.com/contact/
https://skyeresidences.com/queen-suite-with-sofa-bed/
https://skyeresidences.com/queen-suite-with-sofa-bed-and-balcony/
https://skyeresidences.com/queen-suite-with-sofa-bed-accessible/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-king-queen-suite-with-sofa-bed/
https://skyeresidences.com/2-bedroom-deluxe-queen-suite-with-sofa-bed-accessible/
#Skye Residences Etobicoke, #Skye Residences Near Toronto Airport, #Skye Residences Toronto, #Skye Hotel Toronto, #Skye Hotel Near Toronto Airport, #Hotel Near Toronto Airport, #Near Toronto Airport Accommodation, #Suites Near Toronto Airport, #Etobicoke Suites Near Airport, #Hotel Near Toronto Pearson International Airport, #Toronto Airport Suite Rentals, #Pearson Airport Hotel Suites
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Memorandum Of Association Constitution of Company.pptseri bangash
www.seribangash.com
A Memorandum of Association (MOA) is a legal document that outlines the fundamental principles and objectives upon which a company operates. It serves as the company's charter or constitution and defines the scope of its activities. Here's a detailed note on the MOA:
Contents of Memorandum of Association:
Name Clause: This clause states the name of the company, which should end with words like "Limited" or "Ltd." for a public limited company and "Private Limited" or "Pvt. Ltd." for a private limited company.
https://seribangash.com/article-of-association-is-legal-doc-of-company/
Registered Office Clause: It specifies the location where the company's registered office is situated. This office is where all official communications and notices are sent.
Objective Clause: This clause delineates the main objectives for which the company is formed. It's important to define these objectives clearly, as the company cannot undertake activities beyond those mentioned in this clause.
www.seribangash.com
Liability Clause: It outlines the extent of liability of the company's members. In the case of companies limited by shares, the liability of members is limited to the amount unpaid on their shares. For companies limited by guarantee, members' liability is limited to the amount they undertake to contribute if the company is wound up.
https://seribangash.com/promotors-is-person-conceived-formation-company/
Capital Clause: This clause specifies the authorized capital of the company, i.e., the maximum amount of share capital the company is authorized to issue. It also mentions the division of this capital into shares and their respective nominal value.
Association Clause: It simply states that the subscribers wish to form a company and agree to become members of it, in accordance with the terms of the MOA.
Importance of Memorandum of Association:
Legal Requirement: The MOA is a legal requirement for the formation of a company. It must be filed with the Registrar of Companies during the incorporation process.
Constitutional Document: It serves as the company's constitutional document, defining its scope, powers, and limitations.
Protection of Members: It protects the interests of the company's members by clearly defining the objectives and limiting their liability.
External Communication: It provides clarity to external parties, such as investors, creditors, and regulatory authorities, regarding the company's objectives and powers.
https://seribangash.com/difference-public-and-private-company-law/
Binding Authority: The company and its members are bound by the provisions of the MOA. Any action taken beyond its scope may be considered ultra vires (beyond the powers) of the company and therefore void.
Amendment of MOA:
While the MOA lays down the company's fundamental principles, it is not entirely immutable. It can be amended, but only under specific circumstances and in compliance with legal procedures. Amendments typically require shareholder
2. The Learning Outcomes At the end of this session you should be able to: the importance ofdisaster recovery in an organization EXAMINE the steps in risk management approach DESCRIBE backup systems and system recovery DISCUSS
5. Impact (cost) if it happensIs it possible to protect against every risk? What is RISK? “The chance of a negative outcome”
6. A risk-management approachhelps identify threats and select cost-effective security measures. Risk-management analysis can be enhanced by the use of DSS software packages. Calculations can be used to compare the expected loss with the cost of preventing it. A business continuity planoutlines the process in which businesses should recover from a major disaster Risk ManagementApproach “What is it all about?”
8. STEP 1: Determine the value and importance of assets Infrastructure: hardware, networks, security environment itself Software environment Staff Cost of replacement Cost of loss of use Assessment of assets
9. STEP 2: List all potential threats Review the current protection/controls system Record weaknesses in the current protection system in view of all the potential threats Vulnerability of assets
10. STEP 3: Assess the probability of damage Specify the tangible and intangible losses that may result Loss analysis
11. STEP 4: Provide a description of available controls that should be considered – general, application, network etc Probability of successful defense The cost Protection analysis
12. STEP 5: Compare cost and benefits Decide on which controls to install Cost Benefit Analysis
14. Increasing the Reliability of Systems Fault tolerance to keep the information systems working, even if some parts fail. Intelligent Systems for Early Detection of problems Detecting intrusion IT Security in the 21st Security
15. Why do we need to back up systems? Because systems fail Impact From minor irritation to business closedown Back up system to: Periodic in Local storage Periodic in Remote storage Mirror site – local Mirror site – distant Withstand fault tolerance Backing-up Systems
16. System Disaster – it happens! Think about: Loss of power Cyber crime Traumatic damage Hardware failure Statutory Requirement
17. System Recovery and Business Continuity Is there a relationship between the two? Here are some key thoughts about disaster recovery by Knoll (1986): The purpose of a recovery plan is to keep the business running after a disaster occurs Recovery planning is part of asset protection Planning should focus first on recovery from a total loss of all capabilities
18. How to ensure that the recovery system works Proof of capability usually involves some kind of what-if analysis that shows that the recovery plan is current All critical applications must be identified and their recovery procedures addressed in the plan
19. Disaster Recovery Plan In other words: BACK UP PROCEDURES In the event of a major disaster it may be necessary to move to another back up location.
20. Disaster Recovery Plan Considerations Customers Facilities Communications Infrastructure Disaster Recovery Plan Knowledge Workers Computer Equipment Business Information PGM
21. Disaster Recovery Plan HOT SITE VENDORS External hot site vendors provide access to a fully configured back up data center. Following the 1989 San Francisco earthquake Charles Schwab were up and running in New Jersey the following morning. PGM
22. Disaster Recovery Plan COLD SITE VENDORS Provide empty office space with special flooring, wiring and ventilation. In an emergency the affected company moves its own or leased computers to the cold site. These back up sites may work well for a company with centralised computing facilities but what can a company with a distributed network system do? PGM
23. Physical access control Uninterrupted power supply (UPS) Generator Humidity control Temperature control Water Detector Raised Floors Fire Extinguisher Alarm Methods to Control & Secure I.S. PGM
24. THINGS TO TAKE NOTE OFF Risk management approach (the 5 steps) What are the different risk mitigation controls? Types of back-up systems What is a disaster recovery plan? What should be considered in a disaster recovery plan?
26. IT’S TIME FOR SOME DISCUSSIONS! List and briefly describe the steps involved in risk analysis of controls. Define and describe a disaster recovery plan. What are “hot” and “cold” recovery sites? Explain why risk management should involve the following elements: threats, exposure associated with each threat, risk of each threat occurring, and cost of controls, as well as assessment of their effectiveness. Why should information control and security be a prime concern to management?
27. IT’S TIME FOR ANIN-CLASS ACTIVITY! Get into groups of 5-6 members Using the Risk Management Approach (5-Steps), apply it to your company / one company of your choice as below: GSC Cinemas Ticketing / Fashion Retail (brick-and-mortar) / IBM / Malaysian Airlines Ticketing / Hilton Hotel Reservation / Facebook Suggest which Risk Mitigation Control should you implement and how it can help you mitigate your risk Present your approach the class
28. Coming soon… next class ManagementInformation Systemsin Organizations DISASTER RECOVERY PLAN What is a disaster recovery plan? How does it minimize risk?