Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure.

Similar presentations


Presentation on theme: "1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure."— Presentation transcript:

1 1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure

2 © Robert G Parker – UW-CISA Management and Operation of Technology Infrastructure 40% of Respondents were using the cloud 20% planned to use the cloud within 24 months 22% were in the process of evaluating the cloud Dealing with changing infrastructure environments and the new technologies that are driving business changes and creating risks and management issues Source: Informationweek Analytics Of the remaining 18%, 6% decided not to use clouds and 12% has no plans to evaluate them. Concerns associated with infrastructure management included : Control of data handling systems that are outside of the formal system, such as the use of spreadsheets (13) S-2

3 User managed data bases that are locally developed and processed within business units but which may lack rigorous processes typically associated with IT-developed solutions such as quality reviews, testing, change management and access controls. Security of data that is or can be stored on portable devices or that is easily moved among stakeholders 8 - Management and Operation of Technology Infrastructure 3 Empowered UsersPortable Devices

4 © Robert G Parker – UW-CISA Management and Operation of Technology Infrastructure Increasing use of cloud computing without an understanding of the associated risks (Lack of a cloud risk management strategy) Increasing risks associated with the quality and integrity of information processed and presented from these ad hoc systems and applications. Increased risks of subsequent and ongoing problems caused by incomplete, unperformed or erroneous unchecked change management procedures. Lack of ‘Security over information moved between various sites, or stored, on moveble/moblie media Lack of control over portable media Business Risks S-4

5 © Robert G Parker – UW-CISA Management and Operation of Technology Infrastructure Implement requirements for, and conduct full technology and business risk assessment prior to adopting new technologies Where ad hoc systems and applications are integrated into the enterprise’s information systems, ensure that controls exist and are operation to validate the integrity of the information prior to it further use. Establish, adhere to and monitor rigorous change management procedures Implement procedures, such as encryption over information at rest, in transit and while archives to minimize the risk of an information breach Implement and monitor procedures over when portable may be used, the types of information that may be placed on them and the security and control restrictions over them Operational / Technology Risk Management S-5

6 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness Business Continuity and Pandemic Awareness

7 © Robert G Parker – UW-CISA Business Continuity and Pandemic Awareness Information technology departments have an obligation to provide services throughout the enterprise. However, they are frequently challenged in developing and testing effective technology disaster recovery plans due to lack of enterprise planning, lack of funding or denial of the potential severity of the risks. Lack of meaningful preparedness for a pandemic Entity centric continuity plans; inward focus Lack of supply chain resiliency, redundancy Lack of comprehensive continuity plans Plans have not been tested Plans are not being maintained S-7 The Same Issues

8 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness Lack of meaningful preparedness for a pandemic No single point of contact Conflicting messages, priorities Plans differed by region Different groups defined as high risk Initially insufficient vaccine Numerous individuals not vaccinated No instructions for travellers across Canada Coughing in the crook of your arm campaign was effective We Dodged the Bullet- This Time!

9 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness Entity centric continuity plans; inward focus Plans do not consider third party infrastructure Plans do not consider up stream and down stream impacts Plans do not address catastrophes Impact on immediate area Impact on foreign operations Risk mitigation strategies and plans Financial and cash flow issues Impact on franchised operations Business Continuity Plans frequently address only recovery of the business and its infrastructure:

10 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness A Catastrophe Poorly Handled

11 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness For Want of a Nail The Shoe was Lost

12 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness For Want of a Shoe The Horse was Lost

13 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness For Want of a Horse The Battle was Lost Lack of Supply Chain Resiliency, Redundancy

14 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness For Loss of a Battle The Kingdom was Lost Contingency Planning or Catastrophe Lack of Comprehensive Continuity Plans

15 © Robert G Parker – UW-CISA 2010 S Business Continuity and Pandemic Awareness Plans Have Not Been Tested A BCP or DRP that has not been Tested is Not a Valid Plan It is an Idea of What May Have to be Performed Plans are Not Being Maintained An out of date BCP or DRP Likely does not Reflect the Current Environment, Risks, etc. Relying on an Out of Date Plan Will Likely Not Result in a Successful Outcome

16 © Robert G Parker – UW-CISA 2010 S-16 Business Continuity and Pandemic Awareness Expansion of the Panama Canal to handle super tankers

17 17 Business Continuity and Pandemic Awareness Business Reaction Business Continuity Risk Management Changing external environment not reflected in BCP-DRP plans Lack of understanding of supply chain risks Lack of understanding and knowledge of extend to which up stream and down streams supply and delivery business are addressing their BCP-DRP Lack of effective communication It won’t happen to me Reassess BCP and DRP initiatives Implement plans to link BCP-DRP to enterprise and IT risk management initiatives Ensure supply chain risk are monitored and assessed Implement employee awareness and training programs, newsletters

18 © Robert G Parker – UW-CISA 2010 S Impact of the Economy on Information Technology Impact of the Economy on Information Technology

19 © Robert G Parker – UW-CISA Impact of the Economy on Information Technology The financial crisis and following recession resulted in the restructuring of many organizations, including, for many, their Information Technology departments. With the recession waning, concern has been expressed over increasing IT departments’ to their previous staffing levels Concerns over adopting new technologies as a means of controlling costs while meeting the increasing needs for IT: Virtualization Cloud Computing BYOC Concern over risks of increased fraud and malicious activity; disgruntled employees and lack of control Concern over controls over outsourcing; Intellectual capital, customer information, other information assets Contract Management -adhering to schedules, providing capacity, saleability S-19

20 © Robert G Parker – UW-CISA 2010 S-20 Thank You For Your Interest and Participation Robert G. Parker


Download ppt "1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure."

Similar presentations


Ads by Google