Presentation1.pptx
Download as PPTX, PDF0 likes10 views
The document discusses business continuity planning and operational risk assessment. It defines business continuity planning as creating strategies to identify threats and risks facing a company, and providing solutions to protect assets and operations. It outlines the phases of business continuity planning like activation, response, continuity and maintenance. It also discusses factors for operational risk assessment like assets, threats, impacts and vulnerabilities. Finally, it provides steps for conducting risk assessments which include identifying assets, threats, impacts, vulnerabilities and controls, and performing cost-benefit analyses of additional controls.
Presentation1.pptx
- 3. Business Context The business context encompasses an understanding of the factors impacting the business from various perspectives, including how decisions are made and what the business is ultimately trying to achieve. The business context is used to identify key implications for the execution of its strategic initiatives.
- 4. Elements of Business Context Environment Ecosystem Competition Business
- 7. Business Process Modelling Tools Context Diagram Functional Flow Diagram Cross Functional/Activity/Swim Lane Diagram Process Flow Chart
- 12. Organizational Structure How to initiate an enterprise security architecture program ? Steps for implementing a Security Architecture?
- 13. Steps to Initiate an Enterprise Security Architecture Identify business objectives, goals and strategy Identify business attributes that are required to achieve those goals Identify all the risk associated with the attributes that can prevent a business from achieving its goals Identify the required controls to manage the risk
- 15. Operational Continuity and Stability Operational continuity refers to the ability of a system to continue working despite damages, losses or critical events.
- 16. Factors affecting Operational continuity Revenue Generation Business processes is dependent upon these systems to support its revenue stream The continuity of service of such business systems is therefore totally critical to the survival of the business How much revenue is lost if this system is unavailable? How long will it take to recover the service? What is the total revenue loss that would be sustained at that level of recovery? Then look at all the threats that could bring down the service and consider what sort of methods you need to protect the business from this risk.
- 17. Factors affecting Operational continuity Customer Service If you raise expectations of customers, you must deliver to those expectations
- 18. Factors affecting Operational continuity Market Reputation Reputation failure is unpredictable – so you must limit the risks that you take with it
- 19. Factors affecting Operational continuity ManagementControl the management must have information – ‘management information’. This is usually in the form of reports and analyses of how the business is performing. This information is usually generated by business information systems.
- 20. Factors affecting Operational continuity Operating Licenses Some regulated industries require an operating license
- 21. Business Goals,Success Factors and Operational Risks Key areas where the enterprise faces risk and is motivated to develop an information security response
- 22. Factors affecting Operational Risks Brand Protection Fraud Prevention Loss Prevention Business Continuity
- 23. The business continuity planning (BCP) The business continuity planning (BCP) is the creation of a strategy to identify threats and risks facing by a company, and providing solutions to protect company’s assets and business operations.
- 25. Phases of BCP by theServices Provided by Them in Different Stages ofThe Organization
- 26. Phases of BCP by theServices Provided by Them in Different Stages ofThe Organization Activation Stage Indicate the time soon after the disruption of business States when should we activate the DR/BC plan Includes the initial response and notification, Problem assessment and escalation, disaster declaration and plan implementation
- 27. Phases of BCP by theServices Provided by Them in Different Stages ofThe Organization Response Phase Phase Starts after he cause of the disaster is determined. Recovery efforts are associated with the upcoming event even if that event still recurs. Major activities – Evacuating the facility, assessing the condition of damage and deciding recovery steps.
- 28. Phases of BCP by theServices Provided by Them in Different Stages ofThe Organization Business Continuity Phase Phase includes the steps required for being in usual business How to resume operations as soon as possible.
- 29. Phases of BCP by theServices Provided by Them in Different Stages ofThe Organization Maintenance and review Phase Phase include the respective plan to maintain the operation of the business and review the process of recovry
- 30. Phases of BCP by theServices Provided by Them in Different Stages ofThe Organization Appendices Information related to the plan but that is not part of the body. NO rules on what has be included and what not. Details necessary for implementing the plan successfully and effectively
- 31. Activity performed among the audience while conducting a disaster recovery awareness program
- 32. Operational Risk Assessment factors The most commonly accepted model for risk involves some basic concepts: Assets – things that are of value to your business that you want to protect; Threats – potential damaging events that put your assets in danger; Impacts – the potential outcome of a threat materializing and causing damage to your assets; Vulnerabilities – weaknesses in your operational business procedures or systems that will allow a threat to materialise and exploit an asset, causing an impact.
- 33. Steps in a Risk assessment methodology Step 1:What are your business assets? Identify and value these assets. Step 2: What possible threats put your business assets at risk? Identify the possible threats. Step 3: For each threat, if it materialised, what would be the business impact on your assets? Identify and quantify these impacts by relating back to your asset list.
- 34. Steps in a Risk assessment methodology Step 4: If the impact is signify cant enough to trouble you, what vulnerabilities or weaknesses might there be that could allow this threat to exploit your assets causing an impact? Identify and quantify these vulnerabilities or weaknesses. Step 5: Can you reduce these vulnerabilities or weaknesses by introducing additional controls? Identify the possible control strategies and quantify the cost (total cost of ownership) for these controls.
- 35. Steps in a Risk assessment methodology Step 6: What is the cost/benefi t analysis derived from the level of reduction of potential business impact (benefi t) weighed against the cost of additional control? Quantify the benefi ts and costs.
Editor's Notes
- #4: Business Context – Factors affecting business for various perspectives, like how decisions are made, what it the goal etc
- #5: Business Enviroment – External factors that have an impact on business. Like in public transport we need to follow govt rules, SO the factors included in this will be Political, Ecnomic Social Technological(not software bt other tectnological factors). Eco system, a community that includes a foundation of interacting organization and individuals, organism of business world. The member organization include Suppliers, lead producers competitors and stakeholder Competitions – two or more entities that compete each other to get the costumers.
- #6: visual way to represent how an organization comes together and performs the work and services needed. These models enable us to represent the current state, the way things are done today, potentially define the future state, the way we want things to be, and recognizing the gaps between the two in a consistent format that can be easily compared and understood by many.
- #9: provides the high-level framework and interaction of an organization. the organization that is being analyzed as shown as a circle, the external entities that connect to the area or system being analyzed represented by boxes, and lastly the relationship of interactions between the organization and the external entities.
- #10: simple model showing the functional areas or stakeholders internally to your organization and how they interact in a logical overall flow of work.
- #11: organize activity sequences that displays the process in the context of the actors (customers, supliers, stakeholders etc) responsible for performing the work. easy to read and quickly identifies the individual actor's work as well as cross-functional interactions needed.
- #12: traditional process flow models show the sequential flow of activities, decision points and other interactions way to capture the step-by-step procedures and activities performed by an individual actor.
- #13: If one looks at these frameworks, the process is quite clear. This must be a top-down approach—start by looking at the business goals, objectives and vision.