sb22 resiliency finally defined -...
TRANSCRIPT
![Page 1: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/1.jpg)
SB22: Resiliency Finally Defined
Jerry VarneyVice President
Vigilant Services [email protected]
321-432-9787
Doug WeldonPresident
Vigilant Services [email protected]
407-492-9676
![Page 2: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/2.jpg)
Presentation Outline
• Evolution to Resiliency
• Resiliency Finally Defined
• Resiliency Engineering
• Process Improvement
• Summary
![Page 3: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/3.jpg)
• Evolution to Resiliency
![Page 4: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/4.jpg)
4
Evolution to Resiliency
Reliability
Availability
Disaster Recovery
Business Continuity
Resiliency
![Page 5: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/5.jpg)
5
Evolution to Resiliency
Reliability:
the ability of a system or component to perform its required functions under stated conditions
for a specified period of time[IEEE 90] Institute of Electrical and Electronics Engineers. IEEE Standard Computer Dictionary: A Compilation of IEEE Standard
Computer Glossaries. New York, NY: 1990.
![Page 6: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/6.jpg)
6
Evolution to Resiliency
High Availability:
High Availability (HA for short) refers to the availability of resources in a computer system, in the wake of component failures in the system
IEEE Technical Committee on Scalable Computinghttp://www.ieeetscs.org/high-availability.html
![Page 7: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/7.jpg)
7
Evolution to ResiliencyRelated to High Availability:
Continuous Availability: This implies non-stop service, with no lapse in service. This represents an ideal state, and is generally used to indicate a high level of availability in which only a very small quantity of downtime is allowed. High availability does not imply continuous availability
Fault Tolerance: This is a means to achieve very high levels of availability. A fault tolerant system has the ability to continue service despite a hardware or a software failure, and is characterized by redundancy in hardware, including CPU, memory, and I/0 subsystems. High availability does not imply fault tolerance.
Single Point of Failure (SPOF): A hardware or software component whose loss results in the loss of service; such components are not backed up by redundant components.
Failover: When a component in an HA system fails resulting in a loss of service, the service is started by the HA system on another component in the system. This transfer of a service following a failure in the system is termed failover
IEEE Technical Committee on Scalable Computinghttp://www.ieeetcsc.org/high-availability.html
![Page 8: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/8.jpg)
8
Evolution to Resiliency
Disaster Recovery:The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions
http://www.drj.com/glossary/glossleft.htm
ITDR – An integral part of the organization’s BCM plan by which it intends to recover and restore its IT and Telecommunications capabilities after an e/i/c
http://thebci.org/Glossary.pdf
![Page 9: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/9.jpg)
9
Evolution to Resiliency
Business Continuity Management:(BCI) A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
http://thebci.org/Glossary.pdf
(+ DRJ) The management of recovery or continuity in the event of a disaster. Also the management of the overall program through training, rehearsals, and reviews, to ensure the plan stays current and up to date
http://www.drj.com/glossary/glossleft.htm
![Page 10: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/10.jpg)
10
Evolution to Resiliency
Resiliency (dictionary definition):
1. Said of a person: able to recover quickly from, or to deal readily with, illness, sudden, unexpected difficulties, hardship, etc.
2. Said of an object, a material, etc: able to return quickly to its original shape or position after being bent, twisted, stretched, etc; elastic.
http://www.allwords.com/word-Resiliency.html
![Page 11: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/11.jpg)
11
Evolution to Resiliency
Resilience (ICOR)
Resilience is the ability of an organization to rebound following a crisis or a disaster event. It is the ability
to absorb strain. Building resilience into organizations entails a shift from a reactive to a proactive approach
for crisis management and disaster recovery. A resilient organization is one that is able to achieve its
core objectives in the face of adversity.
http://www.theicor.org/pages/defined.htmlper the International Consortium for Organizational Resilience (ICOR)
![Page 12: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/12.jpg)
12
Evolution to Resiliency
Resiliency (FFIEC)
The ability of an organization to recover from a significant disruption and resume critical operations .
http://www.ffiec.gov/ffiecinfobase/booklets/bcp/bus_continuity_plan.pdf
FFIEC – Federal Financial Institutions Examination Council
![Page 13: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/13.jpg)
13
Evolution to Resiliency
Resiliency (UN)
The capacity of a system, community or society potentially exposed to hazards to adapt,
by resisting or changing in order to reach and maintain an acceptable level of functioning and structure.
http://www.emi-megacities.org/upload/3cd_2007_MOSP_TR0702.pdf
EMI – Earthquakes and Megacities Initiative, A member of the U.N. Global Platform for Disaster Risk Reduction
![Page 14: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/14.jpg)
14
Evolution to Resiliency
Business Resilience Model (BRCCI)
![Page 15: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/15.jpg)
• Resiliency Finally Defined
![Page 16: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/16.jpg)
16
Introducing the CERT Resiliency Engineering Framework: Improving the Security and Sustainability Processes
Resiliency Finally Defined
![Page 17: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/17.jpg)
17
Who is – SEI ?
Since 1984, the Carnegie Mellon® Software Engineering Institute (SEI) has served the nation as a federally funded research and
development center.
The SEI staff has advanced software engineering principles and practices and has served as a national resource in software engineering, computer Security, and process improvement.
As part of Carnegie Mellon University, which is well known for its highly rated programs in computer science and engineering, the SEI
operates at the leading edge of technical innovation.
http://www.sei.cmu.edu/about/
Resiliency Finally Defined
![Page 18: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/18.jpg)
18
Who is ?
Computer Emergency Readiness Team
Resiliency Finally Defined
![Page 19: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/19.jpg)
19
Relevant Technical Reports (TR) by SEI
In December 2004, SEI first published a technical note entitled Managing for Enterprise Security that described the barriers that organizations face in making Security an effective contributing factor to the achievement of organizational goals
A second, subsequent technical note entitled Sustaining Operational Resiliency: A Process Approach to Security Management was published in April 2006 - it expanded the description of the Security discipline by linking it to activities such as Business Continuity and IT Operations Management
In 2007, Resiliency Engineering Framework report is the third in a series that explores the transformation of the disciplines of Security and Business Continuity into organizationally driven processes designed to support and sustain Operational Resiliency
Resiliency Engineering
![Page 20: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/20.jpg)
20
Resiliency Finally Defined
What this latest TR does:
This 3rd technical report is a refinement of the concepts
included in these previous works and introduces the
field of Resiliency Engineering - a process of
collaboration between Security, Business Continuity,
and other organizational activities aimed at managing
Operational Resiliency
![Page 21: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/21.jpg)
• Resiliency Engineering
![Page 22: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/22.jpg)
Resiliency Engineering
The Goal
That organizations will be able to improve their security and business continuity efforts by focusing their activities and objectives toward the Resiliency Engineering Process and by beginning to embrace a process improvement approach
![Page 23: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/23.jpg)
Resiliency EngineeringThe Characteristics of the Resiliency Engineering Process:
• Requirements-driven security and business continuity characterize the resiliency engineering process
• Because the process can be defined, theoretically it can also be managed, measured, controlled, and improved, perhaps even optimized
![Page 24: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/24.jpg)
Resiliency EngineeringParadigm Shift:
• Because Security and Business Continuity are fields often thought of as practice driven, the movement toward Resiliency Engineering provides an opportunity for an initial application of process improvement concepts
• In essence, process improvement is introduced to Security and Business Continuity through the definition of the Resiliency Engineering Process
![Page 25: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/25.jpg)
Resiliency EngineeringFoundation for Operational Resiliency
![Page 26: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/26.jpg)
Resiliency EngineeringEngineering Objects
• Services (and/or Products)
• Business Processes
• Assets
• people• information• technology • facilities
![Page 27: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/27.jpg)
Resiliency EngineeringVigilant’s ‘Oil Rig’ … an Enterprise Customer-Supplier Model
Customers
Products &Services
Sites
Platforms& Resources
Suppliers
Customer#1
Customer#2
Site #1
Prod #1 Prod #2 Svc #1 Svc #2 Prod #3
Site #4Site #3
Prod #4 Svc #3 Svc #4 Prod #5 Svc #5
Customer#3
Customer#4
Customer# 5
Customer# 6
People
Process
Technology
Facilities
Data
Supplier#1
Supplier#2 Supplier
#3
Supplier#4
Supplier#n
Site #2
Process #1 Process #2 Process #3 Process #4 Process #5Processes
Copyright © 2001-2008 Vigilant Services Group All Rights Reserved
![Page 28: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/28.jpg)
Resiliency EngineeringGraphical Depiction of Resiliency Engineering Objects
![Page 29: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/29.jpg)
Resiliency Engineering
in Practice
• Service / Product Resiliency Starts with Asset Resiliency
• Requirements Are the Catalyst
![Page 30: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/30.jpg)
Resiliency Engineering“Engineered”
• Requirements are the foundation of all engineering-based processes, and the result of an engineered process is a product or service that substantially meets or exceeds all of the requirements that are established.
• Requirements also form the basis for managing Operational Resiliency.
![Page 31: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/31.jpg)
Resiliency EngineeringRequirements Are the Catalyst
• The importance of requirements to the resiliency engineering process cannot be understated.
• Resiliency requirements embody the strategic objectives, risk appetite, critical success factors, and operational constraints of the organization in its pursuit of the mission.
![Page 32: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/32.jpg)
Resiliency EngineeringExample of Resiliency Requirements
Confidentiality• Patient medical records may be viewed only by office physicians, physician assistants, and nurses.• Patient medical records of a specific patient may be viewed by that patient (or their authorized representative) upon his or her request.
Integrity• Additions to patient medical records may be made only by office physicians, physician assistants, and nurses. • Modifications of existing patient medical information may be made only by physicians, or by physician assistants and nurses on the approval of an attending physician.• Deletions of existing medical record information may be made only by a physician.• Existing patient medical records may be destroyed only on the approval of a physician.
Availability• Patient medical records must be available during normal office hours (9:00 am to 5:00 pm, Monday through Thursday, and 10:00 am to 6:00 pm on Saturdays).• Patient medical records must be available on demand when physicians need them for attending to patients.
![Page 33: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/33.jpg)
Resiliency EngineeringAbout Resiliency Requirements
• Confidentiality, integrity, and availability (CIA) are well known by the security community as descriptive properties of information assets, but their application from a resiliency perspective is extensible to the other types of assets with which resiliency engineering is concerned:
![Page 34: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/34.jpg)
Resiliency EngineeringAbout Resiliency Requirements (continued)
• Security activities are normally focused on protecting againstthe unauthorized or inadvertent disclosure of information and the prevention of unauthorized or accidental modification of information, technology assets (in the form of configurations), and facilities (in the form of physical structures and access controls)
• Business continuity activities, on the other hand, are primarilyfocused on ensuring the availability of these assets when affected by a disruptive event
• Together, these practitioner-level activities address the range of resiliency requirements that are necessary to manage operationalresiliency
![Page 35: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/35.jpg)
Resiliency EngineeringOperational Resiliency at the Asset Level
This concept for operational resiliency captures the basic premise of risk management—not all risk can be identified or eliminated
Security Continuity
![Page 36: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/36.jpg)
Resiliency EngineeringCooperative Approach to Operational Resiliency
![Page 37: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/37.jpg)
Resiliency Engineering
Engineering Competencies
1. Requirements ManagementRRD – Resiliency Requirements Development
RRM – Resiliency Requirements Management
2. Asset ManagementADM – Asset Definition and Management
3. Establishing and Managing ResiliencySM – Sustainability Management
CM – Controls Management
![Page 38: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/38.jpg)
Resiliency EngineeringAsset Resiliency Management Cluster
![Page 39: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/39.jpg)
Resiliency EngineeringProtect and Sustain Cluster
![Page 40: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/40.jpg)
Resiliency EngineeringSupplier Management Cluster
![Page 41: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/41.jpg)
Resiliency EngineeringVulnerability, Incident, and Risk Cluster
![Page 42: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/42.jpg)
Resiliency EngineeringMonitoring Cluster
![Page 43: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/43.jpg)
• Process Improvement
![Page 44: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/44.jpg)
44
Process Improvement
• Asset-based approach - means that the
organization focuses its Resiliency Engineering
activities specifically at the asset level and derives
service Resiliency considerations from this asset view
• Service-based approach - means that the core
important Services (or Products) must be identified
and validated against strategic objectives
![Page 45: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/45.jpg)
• Summary
![Page 46: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/46.jpg)
46
• Resiliency is not a Concept but a Specific Goal
• The Resiliency Goal is Achieved Through an Engineering
Process
• Resiliency Engineering Raises the Bar on Operational
Risk Management:
It is tied to Strategic Objectives
It is Designed In – Not Layered On After Implementation
It Combines Security and Business Continuity
Summary
![Page 47: SB22 Resiliency Finally Defined - download.101com.comdownload.101com.com/pub/cpm/files/BC22WeldonVarney.pdf · failure, and is characterized by redundancy in hardware, including CPU,](https://reader034.vdocuments.net/reader034/viewer/2022042222/5ec94b814a25f47ae451b76d/html5/thumbnails/47.jpg)
47
* * * * * * *
Resiliency Engineering
is the way an organization
“builds in” and manages Resiliency,
rather than “bolting it on” !!
* * * * * * *