Seguridad Informatica
Páginas: 79 (19736 palabras)
Publicado: 22 de julio de 2011
The Role of Continuity Planning in the Enterprise Risk Management Structure
119.1 119.2 119.3 119.4 119.5 119.6 119.7 119.8 119.9
Shareholder Expectations Trends
†
119
Driving Continuity Planning to the Next Level........ 1587 The Lack of Meaningful Metrics................................. 1588 The Role of Enterprise Risk Management ................. 1589
Response
†
CapabilitiesDefining Risk Management Processes........................ 1593 Organization ................................................................. 1593 Culture .......................................................................... 1594 Risk Attributes.............................................................. 1595 The Role of Continuity Planning ............................... 1595
AssessmentPhase † Design Phase Phase † Measure Phase
†
Implement
Other Techniques for Improving CP Efficiencies..................................................................... 1597
CP Process Improvement † The Need for Organizational Change Management † How Can We Measure Success? The Balanced Scorecard Concept
Carl B. Jackson
119.10 Next Steps..................................................................... 1599 119.11 Summary....................................................................... 1599 Acknowledgments .......................................................................... 1599
119.1
Driving Continuity Planning to the Next Level
Traditional approaches to IT-centric disaster planning emphasized the need to recover the organization’s technological andcommunications platforms. Today, many organizations have shifted away from focusing strictly on technology recovery and more toward continuity of prioritized business processes and the development of specific business process recovery plans. In addition, continuity planners are also beginning to articulate the value of a fully functioning and ongoing continuity planning (CP) business process to theenterprise, and not just settling for BCP as usual. In fact, many organizations are expanding the CP business process beyond traditional boundaries to combine and support a larger organizational component, i.e., enterprise risk management (ERM) functionality.
1587
AU7495—Chapter119—27/1/2007—18:29—IRSHATH—14779—XML MODEL CRC12a – pp. 1587–1599.
1588
Information Security ManagementHandbook
EXHIBIT 119.1 How Does an Organization Measure the Performance of Its BCP Program?
Percent Service-level monitoring Results of BCP testing Audit findings Performance reviews Benchmarking/comparison to industry norms 26 54 40 30 14
The purpose of this chapter is to discuss the role of continuity planning business processes in supporting an enterprise view of risk management and tohighlight how the ERM and CP organizational components, working in harmony, can provide measurable value to the enterprise, people, technologies, processes, and mission. The chapter also focuses briefly on additional continuity process improvement techniques. If not already considered a part of the organization’s overall enterprise risk management program, why should business continuity planningprofessionals seriously pursue aligning their continuity planning programs with ERM initiatives? The answer follows.
119.2
The Lack of Meaningful Metrics
Lack of suitable business objectives-based metrics has forever plagued the CP profession. As CP professionals, we have for the most part failed to sufficiently define and articulate a high-quality set of metrics by which we would have managementgauge the success of CP business processes. So often, we allow ourselves to be measured either by way of fiscal measurements (i.e., cost of hot-site contracts, cost of software, cost of head count, etc., all in comparison to some ill-defined percentage of the annual IT budget), or in terms of successful or nonsuccessful CP tests, or in the absence of unfavorable audit comments. On the topic of...
119.1 119.2 119.3 119.4 119.5 119.6 119.7 119.8 119.9
Shareholder Expectations Trends
†
119
Driving Continuity Planning to the Next Level........ 1587 The Lack of Meaningful Metrics................................. 1588 The Role of Enterprise Risk Management ................. 1589
Response
†
CapabilitiesDefining Risk Management Processes........................ 1593 Organization ................................................................. 1593 Culture .......................................................................... 1594 Risk Attributes.............................................................. 1595 The Role of Continuity Planning ............................... 1595
AssessmentPhase † Design Phase Phase † Measure Phase
†
Implement
Other Techniques for Improving CP Efficiencies..................................................................... 1597
CP Process Improvement † The Need for Organizational Change Management † How Can We Measure Success? The Balanced Scorecard Concept
Carl B. Jackson
119.10 Next Steps..................................................................... 1599 119.11 Summary....................................................................... 1599 Acknowledgments .......................................................................... 1599
119.1
Driving Continuity Planning to the Next Level
Traditional approaches to IT-centric disaster planning emphasized the need to recover the organization’s technological andcommunications platforms. Today, many organizations have shifted away from focusing strictly on technology recovery and more toward continuity of prioritized business processes and the development of specific business process recovery plans. In addition, continuity planners are also beginning to articulate the value of a fully functioning and ongoing continuity planning (CP) business process to theenterprise, and not just settling for BCP as usual. In fact, many organizations are expanding the CP business process beyond traditional boundaries to combine and support a larger organizational component, i.e., enterprise risk management (ERM) functionality.
1587
AU7495—Chapter119—27/1/2007—18:29—IRSHATH—14779—XML MODEL CRC12a – pp. 1587–1599.
1588
Information Security ManagementHandbook
EXHIBIT 119.1 How Does an Organization Measure the Performance of Its BCP Program?
Percent Service-level monitoring Results of BCP testing Audit findings Performance reviews Benchmarking/comparison to industry norms 26 54 40 30 14
The purpose of this chapter is to discuss the role of continuity planning business processes in supporting an enterprise view of risk management and tohighlight how the ERM and CP organizational components, working in harmony, can provide measurable value to the enterprise, people, technologies, processes, and mission. The chapter also focuses briefly on additional continuity process improvement techniques. If not already considered a part of the organization’s overall enterprise risk management program, why should business continuity planningprofessionals seriously pursue aligning their continuity planning programs with ERM initiatives? The answer follows.
119.2
The Lack of Meaningful Metrics
Lack of suitable business objectives-based metrics has forever plagued the CP profession. As CP professionals, we have for the most part failed to sufficiently define and articulate a high-quality set of metrics by which we would have managementgauge the success of CP business processes. So often, we allow ourselves to be measured either by way of fiscal measurements (i.e., cost of hot-site contracts, cost of software, cost of head count, etc., all in comparison to some ill-defined percentage of the annual IT budget), or in terms of successful or nonsuccessful CP tests, or in the absence of unfavorable audit comments. On the topic of...
Leer documento completo
Regístrate para leer el documento completo.