by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 15, 2013
Operational resilience: Bringing order to a world of uncertainty There s seemingly no end to the list of risks that can threat- en IT operations. If security breaches by outside hackers or careless insiders don t corrupt sensitive information, then a man-made or natural disaster can hobble operations until critical processes are restored via far- ung backup facilities. Add regional power outages and u pandemics to the mix, and it s no wonder that many federal CIOs feel overwhelmed by their uptime responsibilities. But now, some IT managers are taking a new approach. Rather than striving for excellence in key areas such as security, business continuity, disaster recovery and IT serv- ice management, they re applying best practices designed to orchestrate the individual disciplines into a coordinated and smoothly functioning whole known as operational resilience. The anticipated payoff of this centralized, enterprise- wide effort is clear: Agency managers hope to better under- stand how best to keep the organization running even in the aftermath of an unplanned disruption. "Operational resilience helps you prioritize where you can have the most effect in terms of your investments, as well as understanding the change management and people skills required to keep agencies running effectively when a security threat or disaster strikes," said Gregory Crabb, inspector in charge of revenue, product and global security at the U.S. Postal Inspection Service (USPIS). USPIS adopted a resiliency approach four years ago, and Crabb said it has helped the organization pinpoint resource requirements for IT security and other areas. And revamped internal processes designed with resiliency in mind are helping USPIS identify mail fraud more quickly. "We ve improved our ability to detect fraud when it s occurring against our dot-com applications, and as a result, we re able to reduce the consequences by literally millions of dollars," Crabb said. The fundamentals Operational resilience describes an organization s ability to protect its critical assets and keep essential processes and services operating during a security threat or other disruption, said Rich Caralli, technical manager of the resilient enterprise management team at the CERT Pro- gram, the Internet security program at Carnegie Mellon University s Software Engineering Institute. "Don t think about security processes or business con- tinuity processes, think about a resilience process that traverses all layers and functions of the organization," he said. "Everybody s job should be to make sure the overall mission of the organization is being achieved. Sometimes you do that by preventing disruptions, [and] sometimes you do it by making sure that there isn t damage when a disruption happens." Earlier this year, White House of cials acknowledged the importance of resilience to the country s critical infra- structure when they issued Presidential Policy Directive 21, which calls for stronger security and resilience against physical and cyber threats. IT managers at federal agencies are also under pressure to maintain resilient operations, but many worry that their organizations are not up to the task. Only 8 percent of fed- eral IT professionals are completely con dent that their agency could recover 100 percent of the data required by service-level agreements in the aftermath of a natural or man-made incident, according to research published by ExecTe c h BY ALAN JOCH Agencies are discovering the bene ts of combining IT management, security and recovery efforts into one overarching strategy 28 July 15, 2013 FCW.COM
June 30, 2013
July 30, 2013