by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 15, 2013
ExecTe c h The hurdles Nevertheless, implementing an operational resilience strat- egy can be challenging because it requires the coordination of many complex disciplines. "It s a matrix of practices and goals that you need to properly scope out and focus on to achieve the most improvement," Crabb said. Turf wars can be another stumbling block. "Individual groups may fear that they ll lose their relevance" if they re brought together under a central strategy, Schulz said. "As with so many large IT projects, the barrier often is not the technology, it s the people, processes and politics of the organization." For help, some agencies are turning to formal models to guide their resiliency efforts. USPIS uses the CERT Resilience Management Model (RMM), which agencies can download for free at CERT.org/resilience/rmm.html. CERT says the process improvement model was designed to help converge activities around operational risk and resilience management. The model addresses more than 20 process areas, such as enterprise management, engineering, operations man- agement and process management, and it includes met- rics to gauge the performance of those processes from an operational resilience perspective. Crabb said RMM is now being applied throughout his agency but particularly to improve malware protection and network performance in IT operations. "The RMM helps us de ne the processes by which we conduct incident responses for security incidents, includ- ing how we interact with the other business units and the [chief information security of cer s] of ce for the recovery of evidence and continuity of operations," Crabb said. "It can be used as a frame of reference to assure that our resilience improvement management is complete." In the end, even a cohesive resiliency strategy won t bring order to a risky landscape, but it could make the work of security and uptime specialists easier. "When you re working under uncertainty, you can t know everything," Caralli said. But "you can at least be prepared to create strategies around important assets that protect them from harm or keep them viable under degraded conditions." ■ 30 July 15, 2013 FCW.COM Agency executives and other experts say a focus on four key areas will help organizations promote opera- tional resilience. 1Gain the backing of senior executives by using business terms to describe the components of a resiliency strategy, such as security and business continuity. "If you go into the boardroom and say, 'I need $10 million to secure the organization next year,' you set up a series of questions about what you're going to do with the money and how you know it will do any good, " said Rich Caralli, technical manager of the resilient enterprise management team at the CERT Program. Instead, explain that security and continuity efforts converge within an overarching resiliency strategy that can help the agency perform its mission more effectively. "Security then looks less like a cost and more like a contributor to improving the organization's pro le, " he said. 2Consider a formal framework designed to promote processes that enhance resiliency. Gregory Crabb, an inspector at the U.S. Postal Inspection Service, said the CERT Resilience Management Model gives employees a common set of goals and a nomenclature that helps coordinate resiliency efforts. "You are not going to win if you don't have your security profession- als --- and, in my case, law enforce- ment of cers --- on the same page relative to how resilience should be managed, " he said. 3Create an enterprisewide governance system to man- age key components of operational resilience. "This system ultimately will need to incorporate all of the organization's people, processes and technological capabilities, as well as include external stakeholders... that could have additional strategic in uence on the organization, " IDC Vice President David Tapper wrote in a recent white paper. 4Address turf wars through inter- nal training and cross-functional teams. The goal is to educate special- ists about the roles and require- ments of related disciplines. "People responsible for serv- ers, network storage or applica- tions must understand the needs of security people, who in turn will understand why there are all these different duplicate copies of data being made and stored in different locations, " said Greg Schulz, senior adviser at Server and StorageIO Group. How to make your agency more resilient
June 30, 2013
July 30, 2013