- Identify organization’s critical business functions
- Identify functions resource requirements
- Calculate how long these functions can operate without such resources
- Identify vulnerabilities and threats to the functions
- Calculate risk for each different business function
- Develop backup solutions based on tolerable outage times
- Develop recovery solutions for the organization’s individual departments and for the organization as a whole
Identifying the Most Critical Functions
If Function “X” Is Not Up and Running………..
- How much will this affect the revenue stream?
- How much will this affect the production environment?
- How much will it increase operational expenses?
- How much it affect the organization’s reputation and public confidence?
- How much will the organization possibly lose its competitive edge?
- How much will it result in violations of contract agreements or regulations?
- What delayed costs could be endured?
- What hidden costs are not accounted for?
It is difficult but very important
- When the activities of functions A and B are mutually reliant on each other to successfully complete operational activities.
- When activities of function B cannot be performed without the input from the activities of function A. Failure to receive input from A results in incomplete or inadequate implementation of B activities.
- Identifying interdependencies is difficult because an organization truly needs to understand how its functions work together
- Many times there are subtle interdependencies that are easily missed in the equation
Identifying Functions’ Resources
Critical Items for Certain Functions to Run…..
- Specific types of technologies
- Necessary software
- Communication mechanisms
- Electrical power
- Safe environment for workers
- Access to specific outside entities
- Networked production environment
- Physical production environment
- Specific supplies
- Interdepartmental communications
- Etc., etc.
Identifying Vulnerabilities and Threats
- Strikes, riots, fires, terrorism, hackers, vandals, burglars
- Fires, tornado, floods, hurricanes, earthquakes
- Power outage, device failure, loss of communication lines
Survival Without Resources?
Maximum Tolerable Downtime (MTD) NIST Guidelines
- Non-essential = 30 days
- Normal = 7 days
- Important = 72 hours
- Urgent = 24 hours
- Critical = Minutes to hours
Each Function/Resource Must Have an MTD Calculated
- It outlines the criticality of individual function and resources
- It also helps indicate which function or resources need backup options developed
- Hot swappable devices
- Software and data backups
- Facility space
Organization-owned & Subscription Services (Exclusive Use Strategies):
- Hot site – fully configured computer facility with all services, communication links, and physical plant operations.
- Warm site – similar to hot site, but software and/or client workstations may not be included
- Cold site – provides only rudimentary services and facilities, no computer hardware
- Mobile site – configured like hot site except that this is on wheels.
- Reciprocal agreements
- Prefabricated facility
The major deciding factor for exclusive use strategies is cost.
To Become Certified For CISSP Please Visit This Link;