120 likes | 215 Views
Justification of BRP (Security) Projects. Paul Rosenthal Professor of Information Systems California State University, Los Angeles. Justification of BRP (Security) Projects. 1. Estimate Losses by length of outage 2. Determine length of outage by backup/ recovery scenario
E N D
Justification of BRP (Security) Projects Paul Rosenthal Professor of Information Systems California State University, Los Angeles
Justification of BRP (Security) Projects 1. Estimate Losses by length of outage 2. Determine length of outage by backup/ recovery scenario 3. Perform cost/benefit analysis of each feasible scenario 4. Select and sell selected scenario - prudent person (fiduciary responsibility) method - probability (insurance) method - executive (behavioral) method
Typical Disaster Management Team (DMT) Manager, Planning- DMT Chairperson Manager, Facility Operations Manager, Transportation/Logistics Manager, Security/Safety Manager, Human Relations Manager, Public Relations Manager, Marketing/Customer Service Manager, Manufacturing/Operations Manager, Data Processing Operations Project Head- Business Continuity Planning, and DMT Secretary
2. Determine length of outage by backup/ recovery scenario Recovery analysis for a large bank
4. Select and sell selected scenario A. Prudent Person (Fiduciary Responsibility) Method Executives Primary Evaluation Criteria • Eliminate personal liability • meet fiduciary responsibilities • Assure continuity of a viable organization • have a security and business resumption plan • Minimize long-term costs • proper mix of insurance, operating costs and capital investments
A. Prudent Person (Fiduciary Responsibility) Method: Continued Eliminate personal liability Have a viable business resumption plan • Tested notification and activation plan (annually) • Tested backup facilities (semi-annually) • Tested emergency operations plan (semi-annually) • Tested teams activation, emergency operations and recovery decision making (every two years)
4. Select and sell selected scenario B. Probability (insurance) method
4. Select and sell selected scenario C. Executive (behavioral) method (step 1)
4. Select and sell selected scenario C. Executive (behavioral) method (step 2)