“Assuring Reliable and Secure IT Services”

IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes downtime? Privacy? Security? Normal Accidents?

Retool Your Data Center Transforming a data center for e-business is almost like rebuilding a 747 while it's flying. "The real challenge is to provide continuous application availability while changing everything around you." The most fundamental way to ease the transition is to get a better understanding of your business model, customer needs and how applications interact with one another in a Web-enabled world. Have an architecture that lets administrators add, remove, test or repair hardware and software - without taking down the complex.

Availability Math Availability of Components in Series The effect of Redundancy on Availability High Availability Facilities N+1 And N+N Redundancy

Availability Math The Availability of Components in the Series

Availability Math The Effects of Redundancy on Availability

Availability Math High-Availability Facilities Uninterruptible Electric Power Delivery Physical Security Climate Control and Fire Suppression Network Connectivity Help Desk and Incident Response Procedures

Availability Math N + 1 and N + N Redundancy N+1 means that for each type of critical component there should be at least one unit standing by. N+N redundancy requires twice as many mission-critical components as are necessary to run a facility at any one time.

Securing Infrastructure against Malicious Threats External Attacks and Intrusion External attacks are actions against computing infrastructure that harm it or degrade its services without actually gaining access to it. The most common is DOS or “Denial of Service”. A distributed DOS attacks use automated routines secretly deposited on Internet-connected computers. Spoofing is used by clever attackers to simulate a distributed attack by inserting false origin information into packets to mislead filtering software at a target site. Intrusion occurs when an intruder gains access to a company’s internal IT infrastructure by a variety of methods. Viruses and worms are malicious software programs that replicate, spreading themselves to other computers.

Securing Infrastructure Against Malicious Threats Classification of Threats – External Attacks – Intrusion – Viruses and Worms Defensive Measures – Firewalls – Security Policies – Authentication – Encryption – Patching and Change Management – Intrusion Detection and Network Monitoring

Securing Infrastructure against Malicious Threats Defensive measures Security Policies Firewalls Authentication Encryption Patching and Change Management Intrusion Detection and Network Monitoring

Securing Infrastructure against Malicious Threats A Security Management Framework Make Deliberate Security Decisions Consider Security a Moving Target Practice Disciplined Change Management Educate Users Deploy Multilevel Technical Measures, as Many as You Can Afford

A Security Management Framework Make Deliberate Security Decisions Consider Security a Moving Target Practice Disciplined Change Management Educate Users Deploy Multilevel Technical Measures, as many as you can afford

Securing Infrastructure against Malicious Threats Risk Management of Availability and Security

Risk Management of Availability and Security See Figure 6.9 Managing Infrastructure Risk p445 Incident Management and Disaster Recovery – Managing incidents before they occur – Managing incidents when they occur – Managing incidents after they occur

Securing Infrastructure against Malicious Threats Incident Management and Disaster Recovery Managing Incidents before They Occur Managing during an Incident Managing after an Incident

Executive questions to access their own preparedness for the 21 st century challenges Go to page 448.