understanding and mitigating it risk - afpc calgary
DESCRIPTION
Understanding and Mitigating IT Risk with Disaster Recovery Case. This presentation was given to the Association of Financial Professionals Canada - Calgary on December 11th, 2013 by Jonathan Nituch of Fortress Technology PlannersTRANSCRIPT
Understanding and Mitigating IT
RiskDisaster Recovery Case
Fortress Technology Planners
- Jonathan Nituch -
- Joseph Gillis -
Agenda
1. Five Roots of IT Risk
2. Disaster Recovery
Source: http://emphasysbrokeroffice.com/files/2013/04/Standish-Group-CHAOS-Summary-2009.pdf
0%
10%
20%
30%
40%
50%
Failed Troubled Succeeded
IT Project Results
HIGHLYUNCERTAIN
is
Rate of Change
Source: http://download.intel.com/pressroom/images/events/moores_law_40th/Microprocessor_Chart.jpg
Immaturity of IT
Communication
ITProfessional
BusinessProfessional
Economically Tied
Source: http://www.nasdaq.com/symbol/ndxt/stock-chart?intraday=off&timeframe=7y&splits=off&earnings=off&movingaverage=None&lowerstudy=volume&comparison=off&index=&drilldown=off
Technology
Accounting
Operations
Sales
Marketing
Human Resources
Supply Chain
Technology
Technology
Accounting
Operations
Sales
Marketing
Human Resources
Supply Chain
Operations
is a
PLAN
YOU NEED
What
Disaster Recovery Plan (DRP)
A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.
Source http://en.wikipedia.org/wiki/Disaster_recovery_plan http://en.wikipedia.org/wiki/File:East_Village_Calgary_Flood_2013.jpg
Steps to Create a DRP
1. Identify IT Capabilities/Services
2. Identify Business Impacts of Disasters
3. Determine:
– Budget
– Recovery Point Objective (RPO)
– Recovery Time Objective (RTO)
4. Choose Solutions
Identify IT Capabilities/ServicesMajor Service Detailed Services
Email • Desktop client• Webmail• Mobile devices
File System • Local access• Remote access
Printing • Local access• Remote access
Production Applications • Applications involved with delivering your product or service
Supporting Applications • Accounting• Finance• Human Resources• Payroll
Supporting IT Services • Backups• Antivirus• Security
Identify Business Impacts of Disasters
Facility Normal
Facility Inaccessible
Facility Damaged
Equipment Inaccessible
Equipment Damaged
Determine Budget/RPO/RTO
Budget
Recovery Point Objective
Recovery Time
Objective
Determine Recovery Point
Objective (RPO)
It is the maximum tolerable period in which data might be lost from an IT service due to a major incident.
Source http://en.wikipedia.org/wiki/Recovery_point_objective
DISASTER
RPO
Determine Recovery Time
Objective (RTO)
The recovery time objective is the time within which a business process must be restored, after a disaster has occurred.
Source http://en.wikipedia.org/wiki/Disaster_recovery_plan
DISASTER
RTO
SERVICE RESTORED
Choosing Solutions
Budget
Recovery Point Objective
Recovery Time
Objective
Summary
• There are five roots of IT risk:1. Rate of Change2. Immaturity of IT3. Communication4. Economically Tied5. Integration
• Creating a Disaster Recovery Plan1. Identify IT Capabilities/Services2. Identify Business Impacts of Disasters3. Determine Budget/Recovery Point Objective
(RPO)/Recovery Time Objective (RTO)4. Choose Solutions
Questions???
THANK YOU
Free Whitepaper
www.ftpinc.ca/AFPC-Calgary