PACE-IT, Security+2.8: Risk Management Best Practices

Risk management best practices.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Business continuity concepts.

– Fault tolerance.

PACE-IT.

Business continuity concepts.Risk management best practices.

Business continuity concepts.

A best practice is a technique or methodology that consistently results in superior results over another technique or methodology.Best practices can be standardized across an industry, a

single company, or an individual. Best practices may also be customized to fit any given situation.The creation of a business continuity plan (BCP) is a best practice that should be done within every organization. A BCP is a sub-element of a disaster recovery plan (DRP) that utilizes a business impact analysis (BIA) to determine the impact of down or lost systems through the use of risk assessment techniques.


The BIA will help to determine which functions or systems are critical to the continuity of operations. Once identified, steps may be taken to reduce or to mitigate those risks.


– Critical system and component identification.

» If the loss of a system or component would result in significant lost revenue or in a safety situation, it is determined to be critical.

• These are often determined to be single points of failure.

– Single point of failure.» When the failure of a single device or component can

bring the entire system down or have a disproportionate impact on operations.

• Is most often mitigated by implementing redundancy—using multiple duplicate systems that immediately take over when a failure occurs.

• In some situations, single points of failure may be mitigated through high availability techniques—similar in concept to redundancy, but involving data instead of systems.



– Succession planning.» The process of ensuring that if a key person (e.g.,

someone in a leadership position) to the organization is lost, that there are personnel who can step into the position—even if it is on an interim basis.

– IT contingency planning.» Preparation of a recovery plan to be used when

something fails or goes wrong within an IT system; think of it as a succession plan for IT.

– BCP testing.» All of the elements of the BCP should be thoroughly

tested before they are fully implemented and trusted.» Tabletop exercises should be periodically conducted to

ensure that the BCP is still valid.• The team responsible for the BCP gathers and reviews

every aspect of the BCP to determine if anything is missing, and to review everyone’s responsibilities during a disaster event.


Fault tolerance.Risk management best practices.

Fault tolerance.

Building fault tolerance into IT systems is a main tactic used to remove single points of failure and to ensure high availability of data.

Using a single server (or other piece of hardware) to run and maintain critical business functions represents a huge risk. If that server (or other piece of hardware) were to fail, it would have a severe impact on the operations of an organization.Fault tolerance is the process of putting systems and processes in place to reduce the impact of the failure of any single system (it can also be used to mitigate against the loss of a group of systems).


Fault tolerance.

– Server fault tolerance.» Clustering: taking a single server’s

responsibilities and spreading them across multiple servers (nodes).

• The active node is responsible for ensuring that the other nodes contain current copies of the data or processes.

• If a single node fails, operations continue uninterrupted.

» Has the advantage of allowing for load balancing.

• As all the nodes contain current information, during peak periods, the workload may be spread out among the various nodes.

» The cluster may be contained within a single facility, or it may be geographically disbursed (distributed).

• Geographic distribution has the added benefit of protecting against a natural disaster.


Fault tolerance.

– Hard drive fault tolerance.» Most commonly achieved through the implementation

of RAID (redundant array of independent disks).» RAID may be used to increase performance, or fault

tolerance, or both performance and fault tolerance.• Not all implementations of RAID involve fault

tolerance.

– Types of RAID.» RAID 0 (disk striping): data is striped across two or

more disks, which leads to an increase in performance.• Not fault tolerant.

» RAID 1 (disk mirroring): data is duplicated across two or more disks, which leads to fault tolerance.

• Does not lead to an increase in performance.» RAID 5 (disk striping with parity): data is striped across

multiple disks (three or more) along with a parity bit.• Is fault tolerant and has performance close to that of

RAID 0.» RAID 10 (a stripe of mirrors): requires four or more

disks, as it includes a mirror set and a stripe set.• Has the best performance and is fault tolerant.


What was covered.Risk management best practices.

A best practice is a methodology that consistently returns better results than other methodologies. A BCP is a best practice that all organizations should use. The BCP will use a BIA to identify business critical systems and components. Once identified through the BIA, single points of failure may be eliminated. Succession planning, IT contingency planning, and BCP testing are also all best practices.

Topic


Summary

Building fault tolerance into IT systems is one of the main tactics used to remove single points of failure and to ensure high availability of data. Server fault tolerance is usually achieved through the implementation of clustering. With a cluster, a node’s functions are spread among multiple nodes. Each node contains a copy of all of the data. If any single node fails, operations are not severely impacted. RAID is the most common method used to build fault tolerance into disk systems.

Fault tolerance.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

PACE-IT, Security+2.8: Risk Management Best Practices

Education

Transcript of PACE-IT, Security+2.8: Risk Management Best Practices