ELEMENTARY LINEAR ALGEBRA

umko - David Hume

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

26 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

ELEMENTARY LINEAR ALGEBRA K. R. MATTHEWS DEPARTMENT OF MATHEMATICS UNIVERSITY OF QUEENSLAND Corrected Version, 13th February 2012 Comments to the author at

examples of systems of linear equations
4.1 problems
scalar multiplication of vectors
matrix
linear equations
addition
solution
field
system

Sujets

ICT Resilience Workshop – October 2011

Introduction

In October, the BCI hosted an ICT Resilience Workshop. The event provided delegates with a
range of presentations and exercises on all aspects of ICT continuity strategies, with a
particular focus on the potential impact of cloud computing on the approach of
organisations to resilience. The one-day workshop, chaired by Mark Taylor, provided them
with an opportunity to discuss common issues with fellow practitioners and to learn lessons
from their peers in other industry sectors.

The five presentations covered an extensive array of subjects, including: ICT continuity
standards; assessing the impact of ICT failure; the move towards virtualisation; disaster
recovery in the cloud; how to enhance security capabilities in a virtualised environment; roles
and responsibilities in the cloud and assessing cloud provider security.

The presentations were as follows:

• BCM and ICT Continuity Standards: What are their purposes and how can they work
together? Ron Miller MBCI, Principal Consultant, SunGard Availability Services
• The journey to the cloud – as we heard it from customers Liam Farrell, Senior Systems
Engineer, VMware UK Ltd
• Using security to enhance availability Andy Dancer, Chief Technology Officer –
EMEA, TrendMicro
• Business continuity in the cloud Mike Small CEng, FBCS, CITP, Fellow Analyst,
KuppingerCole
• ICT Resilience Other Considerations Mark Taylor MBCI & Steve Cockcroft, Senior
Consultants at Ultima Risk Management

The purpose of this Report is to provide a summary of the presentations which were given at
the workshop. Copies of the supporting materials (slides) that accompanied each
presentation can be found by accessing the Workshop section on the BCI website
(www.thebci.org)

Page 1

ICT Resilience Workshop – October 2011

Presentation one

BCM and ICT Continuity Standards: What are their purposes and how can they
work together?

Ron Miller MBCI, Principal Consultant, SunGard Availability Services

In the opening presentation of the workshop, Ron Miller discussed the role of standards in
facilitating ICT continuity, how the current array of standards were arrived at and what is on
the horizon.

Ron began by explaining the process by which standards in the UK are compiled.
Developed by the BSi on a consensual basis, each standard is put together by a panel of
experts representing a range of constituencies. Unlike in the US, panel members are invited
rather than having to pay to participate. The success of this process, he added, is reflected in
the fact that many British standards have become the building blocks for subsequent ISOs.

Turning to the evolution of present day ICT continuity, Ron traced its origins to the IT DR days
of the 1970s and 1980s. This disaster recovery approach evolved into business continuity,
which took the discipline outside of the ‘IT ghetto’ and into various other aspects of the
organisation. A key driver in this evolution during the early 1990s, particularly in the UK, was
the terrorist threat which caused large organisations to expand their views of continuity
beyond IT and buildings to people. Continuity continued to evolve out from the large
organisations into medium-sized organisations in the latter part of the 1990s and then into the
public sector, particularly with the introduction of the Civil Contingencies Act 2004. SMEs are
also now increasingly embracing BCM.

BS 25999 – British Standard for BCM “Just because you achieve
2006 saw the launch of BS 25999 (Part 1) which
certification… this does not mean aimed to provide guidance to all sectors and sizes
you are guaranteed to recover of company on how to become more resilient and
achieve shorter recovery times in the aftermath of from an incident”
disruptions. It was followed a year later by Part 2,
which enabled certification against the standard.

The standard has proved extremely successful, Ron stated, becoming the BSi’s biggest selling
standard, and also the basis for other standards such as ISO 22301 and ISO 22313 – currently
in final draft form and set to replace Part 2. He warned, however, that people should be
wary of falling into the standard trap – just because you achieve certification to a particular
standard, this does not automatically mean that you are guaranteed to recover from an
incident, but rather that you have the capabilities to recover.

Focusing on ICT-related standards, Ron said that it was a deliberate move by the 25999
panel to not include reference to ICT in the standard. Most IT departments at that point were
reliant upon ISO 27001 for ICT guidance, which was only covered in five out of the 133
security controls in the standard. Furthermore, ISO 27002 only provided 4.5 pages of ‘high-
level guidance’ on ICT out of its 130 pages.

This left IT in somewhat of a limbo, so the decision was made to launch BS 25777. The
standard used the lifecycle of 25999 as its basis and aimed to link ICT more directly to the

Page 2

ICT Resilience Workshop – October 2011

overall objectives of the business. Often it was found that the demands of BC could not be
met by the capabilities of ICT, and it was therefore essential that this new approach serve to
allow the organisation to cut the ICT cloth more effectively by aligning it more closely with
the business.

The need for ISO 27031
Despite an increasing reliance on IT, the function still lacked any clear guidance on ICT
continuity. 25777 had made little headway in the ICT arena as it failed to penetrate into the
IT departments and there was no detailed guidance directly related to 27001. This meant
that there were still significant gaps between business and supporting ICT continuity and
resilience in many organisations.

The launch of ISO 27031 served to fill this gap, providing an ICT-focused standard on business
continuity. It takes the core elements of 25777, Ron explained, and places them into an
information security context. Its aim is to help IT think about BCM in an IT-centric way, but still
in relation to the BC objectives of the organisation. 27031 supports the PDCA process and
provides guidance which expands upon ISO 27002. Furthermore, it helps in the
implementation of the controls contained within ISO 27001.

ISO 24762
Ron then turned his attention to ISO 24762, a standard which provides guidelines for
information and communications technology disaster recovery services. He stated that its
aim was to facilitate the provision of information and communications technology disaster
recovery (ICT DR) services as part of business continuity management, and was designed to
be applicable to both “in-house” and “outsourced” ICT DR service providers of physical
facilities and services.

However, Ron stated that the standard was of little real value and was a shining example of
how not to put together a standard. The document was based on the Singapore standard
and had not gone through the normal ISO consultation processes. It did not integrate with
any BCM standards and furthermore did not integrate with ISO 27031. The standard is now at
the beginning of a revision process.

Concepts and principles of ISO 27031
Turning once again to ISO 27031, Ron stated that the primary aim of the standard was to
facilitate ICT readiness for BC (IRBC). The standard complements and supports BCM and/or
ISMS:

• Improving the incident detection capabilities
• Preventing a sudden or drastic failure
• Enabling an acceptable degradation of operational status should the failure be
unstoppable
• Further shorten recovery time
• Minimising impact upon eventual occurrence of the incident

To illustrate the relationship between IRBC and BC, Ron used the following diagram:

Page 3

ICT Resilience Workshop – October 2011

Looking at the principles of ICT readiness, he said these were based on:

• incident prevention
• nt detection
• response
• recovery
• improvement

Each of these is considered in the context of people, facilities, technology, data, processes,
suppliers etc. He illustrated these principles as follows:

Page 4

ICT Resilience Workshop – October 2011

Incident prevention

• Promotes resilience
• Facilitates identification of critical components in each of the elements which make
up the ICT environment
• Relates ICT criticality to wider business criticalities
• Priorities also driven by BC requirements
• Helps to justify resource and budget for appropriate resilience measures
• Enables you to monitor the performance of resilience measures
• Facilitates review and improvement following exercises, tests and incidents.

ICT readiness:

Examining incident prevention in context, Ron looked at the process in relation to people,
facilities, technology, data, processes and training:

• People – cross-training, succession plannin