service continuity managment
-------
it s overall process that is responsible for
controlling and managing all of the risks  that can
serious impact IT services in gerneral.
------------
 the bottom line is if the disaster occure, you want
to do 3 things : one you want to make sure that we
can manage the recovery of our servcies and
systems. two. we want to make sure tahat we lose
less availability time and provide better continuity
service to the customer in case of the disaster and
minimize any interruption to the business
activities.
-----------
we want to understand that different category of
different type of disasters includes fire is the big
one, flood , storm , hurricane also water dam,with
broken pipes, water heater problems things like
that, lighting is another disasters can cause
physical damage and of cause an electrical
problems as well and to all your systems. tonado
is a disasters and also just simply high wind as
well. along with winds , people not usually realize
that storms , not just the wind dust ,but the dust
itself can also recap on system,you wont put along
with wind a dust storm , bugerlary, obvieous thief
of equipments.theif of software,thief of electral
properties. a corporate secrets, all these things
will be a disaster,vadanlism overall violant acts
maybe murder in the workplace,that happens,
suicide in the workplace, this type of things can
cause lots of problems from morals.they can
cause bringin levels of long haul spirit we dont
want to see our organization.obviously in late 1999
and 2001, we got problem with terrorism been able
to analyze wether your company is vulnerable to
terrorist access,to evaluate early on planing
process, subtiles from competitors,or from
vendors, subtiles to systems, this can be a
common the formal security attack, we talk about
those down here , but security attack subtiles are
power outage due to the only lighting, due to
blackout in your area. problems on the grind. these
are temporary outage , power , power surger can
ocurres as well, basic card will failure, power
supply for example. are total system failure to
server and server farms, security attacks on your
system, an access attack , you have to deal with
internal attack, external attack , stucture attack or
unstrcture attack, service attack, access attack ,
individual try to get root level access to our system
and hardware, these are all types and category
disasters, its time for you to evalue it for your
company to see if your business are vulnerable,
how vulnerable, what level of risk you are going to
accept to this type of disasters , as you could see
in the diagram, IT service contiunity management
is 4 stages of 4 phrase process,
the first phrase is called initation, this is what you
basically initiate the business continuity
management plan or activity, there is only 2
aspects of that, first of all, you gonna find the
scope, defining the scope on continuity rely
involves 4 aspects, let me draw this down, when
you define the scope , you going first definet he
policy as soon as possible and comminicate to
entire organization with management showing a
deep commitment to the policy, then you will
define the scope using relevant areas, you gona
isolate the relavant area view of organization
where continuity  and disaster recovery has to be
applied. you may also integrate standard like iso
9000 and BS 7799 these are open standard for
general policy principal with approaches and
methods for risk assessment and business
impact analysis. then you alocate the resource
needed to initiate the ECM instead of setup the
project organization. this is formal project
management using possibly the PNP or perhaps
using planning software to use that we call plans
tool , a project mangement approach, once you do
find the scope, you already initiat the ECM process
and move to the second step which is
requirements and strategy.
the second phase is to looking into the
requirement and strategy you gonna take for your
business impact  and analysis  , your risk
assessment, and your overall strategy for IT
services continuity. you identify all the reasons
your  organization including IT services continuity
managment into the policy,and identify the
potential impact of all the possible disruption of
services. if your company can not survive without
IT services , then you been looking mulfare
prevention , if you can survive for a period of time.
without IT service , you going look primarily restore
services as your higher priority. most companis
will have to strive for balance between restoration
and prevention. that's what the business impact
and anlaysis comes in. isolate the impact of each
the threats and vulnerabilities and disasters
ocurred at your company organization. this means
assessing the impact on your services and your
overall IT infrastructure. in addtion, you gonna
perform  risk assessment and it takes a lot
potential risks  resolved ealier , different category
of entire risks, and assessing vulnerability of your
organization and what amount of risks your
company is willing to take in a case by case basis.
you wanna provide managment , valuable
informations to identify threats and vulnerabilities
as well as the relevant prevention measures and
counter measures you gonna take. remember a
disaster recovery plan is usually very expensive,
so you should first consider the prevention
measures and seal it within your budget. sometimes company will just relys on their insurance as opposite to put them into disasters recovery plan along with risks assessment , goes risks analysis which typically has 4 steps .
--------
the first step of risk analysis is do identify the relevant asset , IT components , everythings like
systems , servers, facilities , data appliances, you
have affected asset authentification to make sure you know who is the owner, and the purpose of each component is. it must be well documented.
and the  second step is to analyse threats, anlayse threat to those documented assets , you also want to estimate the likelihood in terms may be high medium and low that the disasters will ocurred and affect that asset. for instance identify how an unreliable power supply or thunderstorms  may affect the certain asset.  if you live in the area
plum to  flooding or high water , you want to do that as well.
third step is to identify and classify the vulnerbilities of each one of those relevant IT compoments, identify them, clasify them, and finally  you want to evaluate and estimate the risk of each one those IT components in the context of the risk level, all of these different steps going on the process and risk
assessment.now realize these are root and basic
approachs looks at business impact and anlaysis
the risks assessment .those really huge topics for
the sake of IT foundation , you want to have a basic understanding and definition of these particular strategies , so in a nutshell, business impact anlaysis BIA is the activity of business continuity management that identifys and recognizes critical business functions as well as dependencies on other components and other IT services. dependencies may be things like other employees , suppliers , processes. services things like that , in  a nut shell , risk assessment is one of initiate steps of risk management , analyzing the value of  asset and IT components , determing the value to the business,identiy threats to these assets,and evaluate how vulnerable each asset is to those threats. to the process of classification, risk assessment can be quantitatal,
in another word, an objective approach  basic on numerical data or it can be qualitatal a more subjective approach.the next aspect of the second faces requirments strategy is IT serivces continuity strategy .most business when they form a IT service continuity strategy are gonna find that
fineline  delicate balance between a recovery planning and reducing risk, one of the first aspect strategy will  redo a laborary to prevention measures available will be taken base on the risk analysis , considering all the cost, and all the measures ,and all the different risks level. these prevention measures are things address earlier risks for example, a reducing ability of debts to get their equipment. protecting against a low temperature or extremely high temperature.fire protection, proection against power outage, power surgers, bugelary,thiefs,terrorism.all those things.
one of the extensive force prevention , this a stronghold fortress method.this not going eliminate most problems to the most vulerability can abide building a bulker.
----
another key aspect of continuity service strategy is to select and choose your recovery options, this means who the personal people be part of disaster recovery team. wide variety of skill sets, what kind of accomodation you gonna have alternative sites, alternative facilities,the ability to have furnish, to tranport people,transport services, you need the essential staff if you gonna move outside during the disasters, you need to have IT system in place,
separate IT systems and networks, importable sysetem and backup systems.support serivces,
that include things like electricity,in a water,telephone services, mail services , delivery services, UPS fadex,any ability to do archiving and storing safely, a documentation,a paper basis system,reference material, and your traning manue , copy of your software,those type of things.filing systems, what are your viable options
for disasters recovery? one option is not to respond it at all, but some companies will choose to do, eventhough  few can afford to do this.basically do nothing and wait for the goverment to come in and fix the problem for you,or let the insurance take care those type of things.antoher viable option in case of disasters ,said you got a flood or hurricane, is to go to a paper basis manual system,return to a manual system. some companies like state firm who viable extensively have really aggressive gone to a
paperless enviroment , they simply have very difficult time going back to peper basis system. so many companies that paper basis system have been used in the past simply won't be available,a fairy viable short term option for some companies.