by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 15, 2013
the online government IT community MeriTalk. In another study, 77 percent of IT and lines-of-business professionals cited decentralized risk management as one reason why resiliency is a challenge, IDC Vice President David Tapper reported in the recent white paper "Lack of Operational Resilience Will Undermine Enterprise Com- petitiveness: A Strategy for Availability." The answer, Tapper wrote, is a strategy for ensuring operational resilience that in part uses key performance indicators to help create a holistic, enterprisewide gov- ernance structure. The potential payoffs Veterans of operational resilience say a comprehensive plan offers a variety of bene ts. "It s a way to help keep the IT environment running and available," said Greg Schulz, senior adviser at Server and StorageIO Group, a consult- ing rm that specializes in IT infrastructure technology. A highly coordinated plan for security and uptime could also help agencies reduce the unnecessary costs and com- plexities that arise when "one group works from a secu- rity standpoint, another part of the organization focuses on business continuity and disaster recovery, and others perform backups and archiving," Schulz said. A successful resiliency strategy can also spotlight policy gaps before they become a problem, Crabb said. For exam- ple, an agency might assume its operations have become safer after it installs the latest --- and most expensive --- security technologies to keep hackers from breaking into the internal network. "But if you don t educate your employees to not open email attachments from unknown sources, you re not going to move the ball forward relative to protecting the organization," he said. Some resiliency models identify processes for imple- menting a complete mix of policies and procedures for security, uptime and related areas, he added. Finally, the enterprisewide approach can help agencies make decisions about how to effectively allocate resources. "It may be possible to prevent all malware from being introduced into the network, but is it economically feasible to do that with the limited resources?" Crabb said. "Those value decisions can be dif cult to make." July 15, 2013 FCW.COM 29 Rich Caralli, along with co-authors Julia Allen and David White, liter- ally wrote the book on operational resilience --- or, at the very least, the de nitive manual for CERT's Resil- ience Management Model (RMM). Caralli, Allen and White are all part of Carnegie Mellon University's CERT Program, which has developed one of the leading models for operational resilience. The documentation can be downloaded piecemeal from CERT's website, or a comprehensive volume can be pur- chased in print or e-book form. CERT contends that RMM distills years of research into best practices and a uni ed, capability-focused maturity model that encompasses security, business continuity and IT operations. The book version intro- duces the model and explains the core concepts for those new to resilience management --- and then goes into extreme detail on how best to assess and implement it. At 1,059 pages, it's far from a quick read, and the introductory sections help the lay- man only so much when talk turns to "targeted improve- ment roadmaps for FISMA compli- ance" and "CERT-RMM elaborated generic goals. "Butitdoesmakefora one-stop reference source. And for all the process and techni- cal detail, Caralli and his co-authors stress that everything boils down to one core concept of resilience. "Organizations can be very much like Slinkys, " they write, referring to the classic spiral-wire children's toy. "Most organizations can manage to expand and contract as necessary to absorb the 'punch' of disruption. But when the expansion is beyond sustainable limits, in either impact or duration, the organization trans- forms from a Slinky to a mere wire --- unable to spring back to a normal operating condition. Organizations that do not operate with a conscious eye to what their Slinky looks like do so [at] their own peril. " --- Troy K. Schneider CRITICAL READ Slinkys and operational resilience
June 30, 2013
July 30, 2013