120 likes | 250 Views
Concepts & Thoughts on Operational Resiliency (Feb 11). Dave Lush, SME Aha! Analytics. Presented at the Financial Systems Technology Consortium (FSTC) Summit in NYC June 08. Contents. Purpose Background Key Concepts and Operational Architecture A Proposed Approach Summary/Conclusions
E N D
Concepts & Thoughts on Operational Resiliency(Feb 11) Dave Lush, SME Aha! Analytics Presented at the Financial Systems Technology Consortium (FSTC) Summit in NYC June 08
Contents Purpose Background Key Concepts and Operational Architecture A Proposed Approach Summary/Conclusions Questions/Discussion Back Up Slides
Purpose To communicate some ideas/concepts regarding operational resiliency and various facets
Quick Background Advances in and Dependencies on Technology Growth in Complexity of Operations/Systems Increasing Threat - Particularly in the Cyber Domain Security and Continuity of Ops Challenges Imperative for Operational “Resiliency”
What Is Operational Resiliency? • Ops Resiliency: the capability to sustain the enterprise and continue achieving the mission in the presence & realization of risk • Risk/Threat Is at the Heart of It! • Risk: an uncertain condition or event that, if it occurs, has a positive or negative impact • Threat: risk that has only negative impact • In the Context of Ops Resiliency Risk Is Threat • Several Key Ideas Relative to Risk/Threat Are Strongly Suggested i.e.: • Risk Identification: • Risk Analysis: • Risk Mitigation: • Risk Response:
What Must We Do?To Achieve Operational Resiliency • Have a Proper Intent, Vision, and a Top Level Plan • Identify and Analyze Threats • Value at Risk (VAR) Analysis • Develop an Ops Resiliency CONOPS • Processes, Flows, Roles • Business Ops Model(s) • Threat Model(s) • Security Model(s) • Attack Model(s) • Response Model(s) • Policies/Rules • Courses of Action • Plan/Develop Requisite Knowledge Model Driven Automation • Develop a Deployment Plan • Deploy the CONOPS and the Automation Accordingly • Measure Performance and Improve
Model/Knowledge Driven Orgs/Systems CONCEPTUAL MODEL Cognitive and Ontology Development Processes Incoming Observations and Data CONCEPTUAL MODEL & ONTOLOGY DEVELOPMENT METHODOLOGIES AND TOOL(S) ANALYST The Idea Behind Knowledge Driven Organizations/Systems Is To Drive Organizational Processes and Associated Systems Via Externalized Conceptual Models and Associated Ontologies or Information Models Instantiated with Data Relevant to the Operational Situation EXTERNALIZED MACHINE READABLE INFORMATION MODELS OR ONTOLOGIES Knowledge Driven Operational Processes/Systems Figure 3: Model/Knowledge Driven Orgs/Systems
Good Guys Business Ops Threat The Threat/Attack Event Cloud Sense, Detect & Collect Execute Courses of Action (COAs) Process & Analyze Decide Apply Polices/Rules Tactical Model Driven Ops Resiliency Apparatus Ops Resiliency Knowledge Base Discover Generate Deliver Dynamic Ops Resiliency Info Ops Resiliency CONOPS, Models Associated Executables Requisite Complexity, Structure, Detail Rich Content Meta-data MLS Ready Readily Re-purposed Data, Info, Knowledge Drives Agent Activity Drives Machine-to-Machine Processes Drives Generation of JIT Dynamic Products Develop & Update Conceptual Models & Semantics Develop Update Requisite Automation Process & Analyze Data Develop Update Resliency CONOPS Ops Resiliency Learning and Control System Strategic Ops Resiliency Apparatus Accomplish Value At Risk (VAR) Analysis Biz CONOPS Info All of this occurs in the context of the Resiliency Engineering Framework (REF) and represents an application of the REF
Key Conclusions Ops Resiliency Is All About Risk and Risk Mitigation and Risk Response Must Have Proper Vision, Framework, and a Plan (REF) Probabilities and Impacts Must Be Analyzed Via Value at Risk (VAR) Analysis Must Develop Requisite CONOPS Which Includes Operations and Threat/Attack Models, Policies/Rules, Courses of Action (COAs) Must Capture and Manage the Knowledge Associated with the CONOPS and Models (Knowledge Management) Must Have Must Have Requisite Knowledge-driven Systems for Automation of the CONOPS Must Deploy and Execute with Discipline