• Tidak ada hasil yang ditemukan

Business Continuity Planning Slide ke-18 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2018

Membagikan "Business Continuity Planning Slide ke-18 Mata Kuliah: Keamanan Jaringan oleh Setio Basuki"

Copied!
38
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 38 Halaman )

Teks penuh

(1)

Business Continuity Planning

Slide ke-18 Mata Kuliah: Keamanan Jaringan

(2)

Business Continuity Planning

Business Continuity Planning (BCP)

involves Assessing a variety of risks to organizational processes and creating policies, plans, and procedures to

(3)

Business Continuity Planning

The Goal of BCP planners is to implement a combination of policies, procedures, and processes such that a potentially

(4)

Business Continuity Planning

The Overall Goal of BCP is to provide a quick,

calm, and efficient response in the event of an emergency and to enhance a company’s ability to recover.

• The BCP process, as defined by (ISC)2 , has

Four Main Steps:

Project Scope And Planning.

Business Impact Assessment.

Continuity Planning.

(5)
(6)

Project Scope and Planning

• As with any formalized business process, the development of a strong business

continuity plan requires the use of a proven methodology. This requires the following:

1. Business Organization Analysis. 2. BCP Team Selection.

3. Resource Requirements.

(7)

Business Scope and Planning:

Business Organization Analysis

Identifying all departments and individuals

who have a stake in the BCP process.

• Some areas to consider are included in the following list:

1. Operational departments that are responsible for the core services.

2. Critical support services, such as the

(8)

Business Scope and Planning:

Business Organization Analysis

• Some areas to consider are included in the following list:

(9)

Business Scope and Planning:

BCP Team Selection

• The IT and/or security Departments May Not Even Know of the plan’s existence until disaster strikes. This is a critical

FLAW !!!

To Prevent these events from adversely impacting the BCP process, the individuals responsible for the effort should take

(10)

Business Scope and Planning:

BCP Team Selection

The Team Should Include, as a minimum requirements:

1. Representatives from each of the

organization’s departments responsible for the core services.

2. Representatives from the key support

departments identified by the organizational analysis.

(11)

Business Scope and Planning:

BCP Team Selection

• The team should include, as a minimum requirements:

4. Security representatives with knowledge of the BCP process.

5. Legal representatives.

(12)

Business Scope and Planning:

Resource Requirements

• After the team validates the business

organization analysis, it should turn to an

Assessment Of The Resources Required

by the BCP effort.

• This involves the resources required by three distinct BCP phases:

1. BCP Development.

(13)

Business Scope and Planning:

Resource Requirements

• In BCP Development, The BCP team will require some resources to perform the four elements of the BCP process, such as:

– Project scope and planning, business impact assessment, continuity planning, and approval and implementation.

• The BCP testing, training, and maintenance phases of BCP will require some Hardware And Software Commitments.

(14)

Business Scope and Planning:

Resource Requirements

• In BCP Implementation.

– When a disaster strikes and the BCP team deems it necessary to conduct a full-scale implementation of the business continuity plan, this implementation will require

(15)

Business Scope and Planning:

Legal and Regulatory Requirements.

• Many industries may find themselves Bound By

Federal, State, And Local Laws Or Regulations that require them to implement various degrees of BCP.

Emergency Services, such as police, fire, and

emergency medical operations, have a responsibility to the community to continue operations in the event of a disaster.

Failure on their part to implement a solid BCP could result in the loss of life and/or property and the

(16)
(17)

Business Impact Assessment

• After BCP team completes of preparing to create a BCP, then it’s time to continue

with the Business Impact Assessment (BIA).

• The BIA assesses the likelihood that each threat will actually occur and the impact

(18)

Business Impact Assessment

(Cont.)

• There are Two Different Types of

analyses that business planners use when facing a decision:

Quantitative Decision Making.

(19)

Business Impact Assessment

(Cont.)

Quantitative Decision Making involves the use of numbers and formulas to reach a decision.

– This type of data often expresses options in terms of the dollar value to the business.

Qualitative Decision Making takes non-numerical factors, such as emotions,

investor/customer confidence, workforce stability, and other concerns, into account.

(20)

Business Impact Assessment

(Cont.)

• There are Sequence of Steps to perform BIA, namely:

Identify Priorities.

Risk Identification.

Likelihood Assessment.Impact Assessment.

(21)

BIA (Cont.): Identify Priorities

• There will be certain activities that are most essential to your day-to-day

operations when disaster strikes.

– The Priority Identification Task, or criticality prioritization, involves creating a

comprehensive list of business processes and

(22)

BIA (Cont.): Identify Priorities

• To begin the Quantitative Assessment, the BCP team should sit down and draw up a list of organization assets and then assign an Asset Value (AV) in monetary terms to each asset.

• The second quantitative measure that the team must develop is the Maximum

(23)

BIA (Cont.): Identify Priorities

• The Recovery Time Objective (RTO) for each business function is then developed by the team.

(24)

BIA (Cont.): Risk Identification

• Risks come in two forms: Natural Risks

and Man-made Risks. The following list includes some events that pose natural threats:

– Tornadoes. – Earthquakes.

(25)

BIA (Cont.): Risk Identification

• Man-made Threats include the following events:

– Terrorist acts/wars/civil unrest. – Theft/vandalism.

– Fires/explosions.

– Prolonged power outages. – Building collapses.

(26)

BIA (Cont.): Risk Identification

• Remember, these are by no means all

(27)

BIA (Cont.): Likelihood

Assessment

• You probably recognized that Some

Events are Much More Likely to Happen

than others.

– To Keep Calculations Consistent, this

assessment is usually expressed in terms of an annualized Rate of Occurrence (ARO)

(28)

BIA (Cont.): Impact Assessment

• In this phase, you analyze the data

gathered during Risk Identification and Likelihood Assessment.

(29)

BIA (Cont.): Impact Assessment

• From a quantitative point of view, we will cover three specific metrics:

– The Exposure Factor,

(30)

BIA (Cont.): Impact Assessment

• The Exposure Factor (EF) is the amount of damage that the risk poses to the asset, expressed as a percentage of the asset’s value.

(31)

BIA (Cont.): Impact Assessment

The Single Loss Expectancy (SLE) is the monetary loss that is expected each time the risk materializes. You can

compute the SLE using the following formula:

(32)

BIA (Cont.): Impact Assessment

• Continuing with the preceding example, if the building is worth $500,000, the single loss expectancy would be 70 percent of $500,000, or $350,000. You can interpret this figure to mean that a single fire in the building would be expected to cause

(33)

BIA (Cont.): Impact Assessment

The Annualized Loss Expectancy (ALE)

is the monetary loss that the business expects to occur as a result of the risk harming the asset over the course of a year.

• Computing ALE by simply multiplying those two numbers:

(34)

BIA (Cont.): Impact Assessment

• Returning once again to our building

example, if fire experts predict that a fire will occur in the building once every 30 years, the ARO is 1/30, or 0.03.

– The ALE is then 3 percent of the $350,000

(35)

BIA (Cont.): Impact Assessment

• From a qualitative point of view, you must consider the Nonmonetary impact that interruptions might have on your business. For example, you might want to consider the following:

– Loss of goodwill among your client base. – Loss of employees to other jobs after

prolonged downtime.

(36)

BIA (Cont.): Resource

Prioritization

• The final step of the BIA is to Prioritize The Allocation of Business Continuity

resources to the various risks that you identified and assessed in the preceding tasks of the BIA.

– You simply Create a List of All The Risks

(37)

BIA (Cont.): Resource

Prioritization

• For example, if you run a fire suppression company, your Number-one Priority

might be the Prevention of a fire In Your Principal Place of Business despite the fact that an earthquake might cause more physical damage.

– The potential loss of reputation within the business community resulting from the

(38)

End of Slides

• Available at

Referensi

Unduh sekarang ( PPT - 38 Halaman - 178.50 KB )

Dokumen terkait

versi proceding KNTIA REKLAME

Perbedaan yang akan dilakukan dalam penelitian ini jika dibandingkan dengan beberapa proses perhitungan nilai sewa dan pajak reklame serta prosedur perizinan

UJI RELIABILITAS DIAGNOSIS MIKROSKOPIS MALARIA TENAGA LABORATORIUM PUSKESMAS DI DAERAH ENDEMIK KOTA SAWAHLUNTO SUMATERA BARAT

Kesepakatan hasil diagnosis yang di- dapat pada penelitian ini sangat kurang bila dibandingkan dengan hasil penelitian di tempat lain seperti penelitian di Banjarnegara

Analisis Persepsi, Motivasi, dan Kesiapan Dosen Fakultas Ilmu Kesehatan Universitas Sumatera Utara pada Interprofessional Education (IPE)

Kepada institusi pendidikan disarankan untuk mulai mengembangkan model pembelajaran IPE dalam kurikulum pendidikan karena mayoritas dosen Fakultas Ilmu Kesehatan

FGD Kenaikan Harga BBM

Namun demikian, masalah klasik yang dihadapi bangsa kita adanya sebuah paradigma bahwa penurunan BBM adalah tindakan yang tidak pro terhadap rakyat kecil, padahal dibalik itu

IPBA Skala Tata Surya dan Ukuran Alam Se

Kita tinjau sebagian kecilnya saja dari alam semesta, seperti tata surya yang memiliki satu buah bintang yaitu matahari dan delapan buah planet termasuk bumi yang

IPTEK DAN PERAN KEKHALIFAHAN ALAM SEMEST (1)

Dengan akal pikiran yang telah diberikan oleh Allah SWT, islam sejatinya menuntut manusia untuk mengembangan ilmu pengetahuan dan teknologi yang

ISLAM DAN KEARIFAN TEMPATAN DI ALAM MELA

Pendekatan ini secara langsung bertentangan dengan paradigma Barat yang berteraskan Materialistik-Mekanisme menganggap alam sebagai sumber utama yang berupa material-

PARTISIPASI MASYARAKAT DALAM MENDUKUNG PELAKSANAAN PROGRAM SEKOLAH, Renny Retna Puspasari, Maisyaroh, Ahmad Yusuf Sobri

pelaksanaan program sekolah baik itu orang tua, lembaga pemerintahan, maupun masyarakat pada umumnya. Lembaga pendidikan Al-Falah merupakan lembaga pendidikan yang terkenal

Image