IT Infrastructure Chapters 5 - PowerPoint PPT Presentation

Loading...

PPT – IT Infrastructure Chapters 5 PowerPoint presentation | free to download - id: 13af06-MDZiM



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

IT Infrastructure Chapters 5

Description:

Before diving into the second module, we'll examine the five ... Pepsi bottled water. Microsoft Web browsers. Apple music distribution. INFO 410. Chapters 5-6 ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 102
Provided by: Gle780
Learn more at: http://cci.drexel.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: IT Infrastructure Chapters 5


1
IT InfrastructureChapters 5 6
  • INFO 410
  • Glenn Booker

Images are from the text authors slides
INFO 410
Chapters 5-6
1
2
Five competitive forces
  • Before diving into the second module, well
    examine the five competitive forces that shape
    strategy (case study 1-1)
  • Technology can influence or drive all of them
  • Our overall goal is to be profitable (yay
    capitalism!)
  • The most obvious competitive force is your
    competitors in the industry
  • Most dont look beyond that

3
Five competitive forces
  • Customers can play you against your rivals,
    lowering prices
  • Suppliers can limit your profits by charging high
    prices
  • Threat of new rivals can increase capacity, and
    increase the investment needed to play
  • Substitute products can steal customers

4
The big picture
  • So we need to consider all five major forces in a
    given industry to produce a good strategy
  • A common approach is to position yourself where
    forces are weakest
  • Paccar sells custom trucks to owner-operators
  • MP3s created a substitute for buying music CDs
    Apple filled the void with iTunes

5
Tricks to win
  • Limit supplier power via standardized parts
  • Expand services so its harder for customers to
    leave
  • Invest in products different from your rivals, to
    avoid price wars
  • Invest in RD to scare off new rivals
  • Make products very available, to offset subs

6
Strength of forces drives profit
  • When competitive forces are all strong (airlines,
    textiles) there is little profit
  • Conversely, weak competition leads to high
    profits (soda, software, toiletries)
  • Profitability, measured by ROIC (return on
    invested capital) is typically 10-20
  • Airlines and mail order about 5
  • Soda and software are over 35

7
Strength of forces drives profit
  • Short term profits are affected by many things
    (weather, industry cycles) but long term
    performance is dominated by these five forces
  • The strongest competitive force(s) determines how
    profitable an industry can be
  • Hence it/they are key factors in choosing the
    best strategy

8
Threat of new rivals
  • New players add capacity to produce products, and
    pressure to lower prices
  • Especially if they are established firms in other
    areas
  • Pepsi ? bottled water
  • Microsoft ? Web browsers
  • Apple ? music distribution

9
Threat of new rivals
  • To avoid this threat, existing producers must
    hold down prices, and/or invest in new products
    to keep customers loyal (Starbucks)
  • Notice its the threat of rivals, not actual new
    rivals, that limits profitability
  • Barriers to entry help keep out new competition

10
Barriers to entry
  • Supply-side economies of scale
  • Its cheaper to make lots of stuff than a little
  • Every aspect of the value chain, even marketing
    and research, benefit from large scale operations
  • Demand-side benefits of scale
  • Larger companies attract more customers
  • No one ever got fired for buying IBM
  • eBay has more auctions, so more people use it

11
Barriers to entry
  • Customer switching costs
  • Changing vendors may mean changing product specs,
    retraining staff, adapting processes, etc.
  • ERP systems have huge switching costs!
  • Capital requirements
  • Make it expensive to compete with you
  • Facility costs, provide credit to customers,
    inventory costs, start-up costs, ads, RD, etc.

12
Barriers to entry
  • Incumbent advantages
  • Not just for politicians!
  • May have cost or quality advantages over rivals,
    proprietary technology, best sources, best
    locations, known brand identity
  • Counter by placing self away from rivals
    (Wal-Mart)
  • Unequal access to distribution channels
  • Limited shelf space, available distributors

13
Barriers to entry
  • Government policies
  • Government can limit or forbid new entrants in an
    industry (e.g. radio, liquor, taxi, airlines)
  • Government can also encourage new entrants
    subsidies, grants, 8(a) programs, etc.
  • Of course, new entrants in a field could expect
    retaliation

14
Barriers to entry - retaliation
  • Retaliation is likely, if incumbent players
  • Have squashed rivals before
  • Have lots of money
  • Can cut prices to drive you out of business
  • Or if industry growth is slow

15
Power of suppliers
  • Key suppliers can simply charge more for their
    products, reducing your profitability
  • This can include suppliers of labor!
  • Microsoft reduces profitability of PCs by OS
    costs

16
Power of suppliers
  • Suppliers are powerful if
  • They are more concentrated than the industry they
    supply (1 Microsoft vs. many PC makers)
  • The supplier doesnt depend on one industry for
    revenue
  • If you only have one customer, you have to take
    better care of them!
  • There are high switching costs to another
    supplier
  • Training, location, etc. could contribute

17
Power of suppliers
  • Or if
  • Supplier offers unique products (or at least
    different, such as drug products)
  • There is no substitute for the supplier (airline
    pilots)
  • The supplier could enter the market themselves
    (Shuttle selling barebones computers)

18
Power of buyers
  • Customers (buyers) can force down prices, demand
    better quality or service, reducing your
    profitability through price reductions
  • Buyer power is similar for consumers and B2B
    customers
  • Consumer needs may be harder to pin down

19
Power of buyers
  • Buyers have power if
  • There are few of them, and/or they purchase in
    large volume
  • The latter especially if the industry has high
    fixed costs (telecom, chemicals, oil drilling)
  • Products are standardized (paper clips)
  • Switching costs are low
  • The buyers can integrate backward, and make the
    product themselves (packaging for sodas)

20
Power of buyers
  • Buyers are price sensitive if
  • The products are a major fraction of its budget
    (mortgages)
  • Buyers earn little profit, or have little cash,
    or otherwise need to cut purchasing costs
  • Buyers product quality is little affected by the
    items bought (opposite of movie cameras)
  • Product has little effect on buyers other costs

21
Power of buyers
  • Intermediate customers (distribution or assembly
    channels) also gain power when they influence
    customers buying decisions
  • Consumer electronics or jewelry retailers, or
    agriculture equipment distributors
  • Producers may avoid this through direct channels
    to consumers, or exclusive distribution channels
    (sweeteners, DuPont Stainmaster, bike parts)

22
Threat of substitutes
  • A substitute does the same function as a product
    in a different manner
  • Videoconference instead of traveling
  • Email instead of snail mail
  • Software for travel agents, when people shop
    online instead
  • Only have a cell phone instead of wired phones

23
Threat of substitutes
  • Because substitutes may be very different
    products, theyre easy to overlook
  • Used vs new products, or do-it-yourself vs.
    purchased could also be factors
  • High threat of substitutes lowers profitability
  • Industries often need to distance themselves from
    well known substitutes

24
Threat of substitutes
  • Threat of substitutes is high if
  • There is good price-performance compared to the
    industry product (Skype vs long distance calls,
    Netflix vs YouTube)
  • Switching cost to substitute is low (generic
    drugs)
  • Hence need to monitor other industries for new
    substitutes (e.g. plastic for car parts instead
    of metal)

25
Competitive rivalry
  • Rivalry among competitors in an industry is very
    familiar
  • Sales, new products, ad campaigns, service
    improvements
  • Rivalry limits profitability
  • Rivalry has dimensions of intensity and the basis
    upon which it depends

26
Competitive rivalry
  • Intensity of rivalry is high when
  • There are many competitors, or they are the same
    size power
  • Industry growth is slow, makes for fight over
    market share
  • Exit barriers are high, hence stuck in industry
  • Rivals are striving for leadership
  • Rivals cant read each others strategies well

27
Competitive rivalry
  • Rivalry is worst for profits when its on the
    basis of price alone
  • Price rivalry is common when
  • Products or services cant be told apart
  • Fixed costs are high
  • Capacity need to grow in leaps to be efficient
  • Product is perishable! (produce, or hotel rooms)

28
Competitive rivalry
  • Competitive rivalry can have other basis
  • Features, support, delivery speed, brand image
  • These are less likely to affect price, since they
    help differentiate products
  • If you compete on the same basis as your rivals,
    might be fighting over the same customers
    instead of winning new ones via differentiation,
    a positive sum game

29
Other factors
  • The five competitive forces are key to developing
    a good strategy
  • But there are other factors to consider
  • Industry growth rate
  • Technology and innovation
  • Government
  • Complementary products and services

30
Industry growth rate
  • Fast-growing industries often have little
    rivalry, but gives suppliers a lot of power
  • Low barriers to entry will guarantee a lot of
    competitors
  • PCs have been very low in profit for that reason
  • Substitutes might still exist

31
Technology and innovation
  • Technology alone will rarely make an industry
    attractive
  • New technology attracts a lot of interest, and
    hence rivals
  • Low tech, price insensitive industries are often
    the most profitable

32
Government
  • Government involvement could be good or bad
  • Look at how they affect the five forces
  • Patents create barriers to entry, for example
  • Unions often raise supplier power
  • Lenient bankruptcy rules favor excess capacity
    and more rivalry
  • Consider different levels of government too

33
Complementary products
  • Some product go well together, like hardware and
    software!
  • Complements can affect demand for a product see
    how they affect the five forces
  • Can affect barriers to entry (app development),
    threat of substitutes (hydrogen cars, iTunes),
    rivalry (pro or con)

34
Changes over time
  • Everything so far has been at one moment in time
    now consider how these factors can change over
    time
  • New entries can arise from a patent expiring
  • Limited retail freezer space can limit new
    products
  • Large scale retailers create barriers for small
    competitors

35
Changes over time
  • Consolidation of appliance retailers have limited
    the power of their suppliers
  • Travel agents have little power over their
    commissions, due to online sales
  • Technology often shifts price/performance
    (microwaves) or creates new substitutes (flash
    drives instead of small hard drives)

36
Changes over time
  • Rivalries often intensify over time, as industry
    growth slows
  • Rivals become more alike as products become
    similar, consumer taste settles down
  • Some areas avoid this, e.g. casino catering to
    different populations
  • Mergers, acquisitions, and technology can alter
    rivalries, create customer backlash

37
Strategy implications
  • All of these forces and factors should play into
    creating a good business strategy
  • Where do you stand relative to buyers, suppliers,
    new entrants, rivals, and substitutes?
  • What changes in these forces can be anticipated?
  • Can you change the industry structure?
  • Your strategy should defend against the strong
    forces, and exploit the weak ones

38
Positioning the company
  • Also consider the entry and unpopular exit
    options is this a good time to enter or leave a
    market? Or industry?
  • Are there changes in the industry of which you
    can take advantage?
  • Often such changes can create prime
    opportunities, if you can spot them

39
Reshape industry structure
  • This can be done by redividing profitability
    changing the forces which affect the current
    industrys profitability
  • Find which forces are key limits on profits, and
    do something to release them!

40
Reshape industry structure
  • Or expand the profit pool increase overall
    demand for the products
  • Find new buyers
  • Make channels become more competitive
  • Coordinate with suppliers
  • Improve quality standards, etc.

41
Play in the right sandbox
  • Make sure you have clear industry boundaries
  • Sounds basic, but each industry typically needs
    its own strategy
  • Identify product or services scope, and
    geographic scope of each industry
  • Huge mistakes can result otherwise!
  • Miss major markets, product needs, etc.

42
Competition and value
  • The five forces (and lesser factors) identify how
    competition will affect a business strategy
  • Key is not only to identify competitive threats,
    but also possible opportunities
  • Also helps investors understand a business
  • Separate short term blips from structural changes

43
The Business of IT
  • Understanding IT infrastructure

44
IT a key capability
  • IT is now a critical part of how businesses
    realize their business models
  • This module is about how IT affects management of
    a business, affects availability and security,
    makes new service models possible, and supports
    project management

45
IT infrastructure
  • Cheap computing and universal networks have
    formed the foundation for levels of information
    sharing and services never possible before
  • The challenges its implementation introduces can
    be huge, however
  • Reliability, interoperability with legacy systems
  • Reduced ability to differentiate from competition

46
Infrastructure constraints
  • Dangers include basing your infrastructure on a
    technology which dies
  • Business needs and technology decisions need to
    be interwoven
  • Thats where IS people are critical interfaces!
  • So what drives technology changes?

47
Moores Law
  • Gordon Moore (later cofounder of Intel) noted in
    1965 that computer chip prices stayed about the
    same, but their speed doubled every 18-24 months
  • Still true today!
  • The 60s and 70s saw centralized computer
    architecture
  • Mainframes, punch cards, ttys, dumb terminals

48
Computer evolution
  • The computer on a chip concept started roughly
    in 1971 with the Intel 4004 CPU, leading to the
    8088, 286/386/486/Pentium, PII, PIII, P4, etc.
  • With the introduction of PCs in 1981, computing
    started to spread from the mainframes throughout
    an organization
  • Spreadsheets, databases, CAD, programming

49
Computer evolution
  • Then the baby computers started talking to each
    other the LAN was born
  • Led to the client/server architecture
  • Let the PCs do some of the work!
  • And the world saw the Internet explode in the
    early 90s
  • WANs, internetworking technologies, open
    standards, and of course WWW

50
Computer evolution
  • Robert Metcalfes Law The usefulness of a
    network increases with the square of the number
    of users connected to the network
  • Metcalfe created Ethernet, founded 3Com
  • Network capacity grew even faster than Moores
    Law, with cheap powerful CPUs and easy TCP/IP
    networks
  • Led to changes in computing infrastructure

51
Computer evolution
  • But these changes have been so fast that many
    organizations are left with fragments from
    different eras of technology
  • Internetworking infrastructure consists of
  • Network(s)
  • Computer HW and SW (processing systems)
  • Facilities

52
Network elements
  • LANs, WANs
  • Routers, switches, hubs??
  • Wireless access points
  • Network cards (wireless or not)
  • Firewalls
  • Cache, media, print, or other servers
  • If it performs a business function, its a
    processing element otherwise its a network
    element

53
Network(s)
  • Includes links, network hardware, software,
    policy management and monitoring
  • Key issues include
  • Selecting technologies and standards
  • Selecting and managing partners
  • Assuring reliability
  • Maintaining security
  • Interconnection among networks

54
Processing system elements
  • Client devices and systems (PCs, cell phones,
    cars, refrigerators, etc.)
  • Servers general processing, transaction, file,
    database, Web, and application servers
  • Enterprise servers (and legacy mainframes)
  • Middleware often overlooked
  • Network management software
  • Business applications

55
Processing systems
  • Includes most servers, clients, phones, and
    software (custom code, SAP, Oracle, etc.)
  • Management issues include
  • Whats internally developed vs. outsourced
  • How to grow, deploy, modify
  • Connecting to legacy systems
  • Problem management
  • Disaster recovery

56
Facility elements
  • Facilities include
  • Buildings, physical spaces
  • Network conduits and links
  • Power
  • Environmental control systems (temp, humidity)
  • Security (physical and network)

57
Facilities
  • Includes data centers, network ops centers, data
    closets, managed services
  • Issues include
  • Manage internally vs. outsource
  • Choosing the right facilities model
  • Reliability, security
  • Energy efficiency environmental impact

58
Internetworking characteristics
  • Internetworking technologies differ from some
    other info technologies in several ways
  • Based on open standards
  • Operate asynchronously (think datagram network)
  • Have inherent latency (delivery delays)
  • Are decentralized (no single point of failure)
  • Are scalable (lots of pathways help here)

59
Business implications
  • On a fast network, all computers can act
    essentially as one
  • The network becomes a computer
  • Sequential events become nearly simultaneous
  • Huge paradigm shift
  • Physical location is less important, changing
    outsourcing, partnerships, industry structure
  • But increasing complexity, interactions, threats

60
Real-time infrastructures
  • The mainframe era used batch computing, often at
    the end of the day
  • Real-time (or nearly so) computing has erased
    those expectations
  • Other benefits include
  • Better data, better decisions
  • Easier synchronization of data sources

61
Real-time infrastructures
  • Better process visibility
  • Instant order status
  • Improved process efficiency
  • JIT inventory, faster cycle times, response to
    market conditions
  • From make and sell to sense and respond
  • Respond to actual demand, rather than forecasted
    demand, e.g. Dell
  • Requires faster transaction and communication
    systems

62
Not all good
  • The faster response time has produced new threats
  • Wall St panic on 10/19/1987, due largely to
    automated stock buying programs causing a chain
    reaction
  • While value can be created faster, so can bad
    side effects
  • Need high availability, fast disaster response,
    and improved security

63
New service delivery models
  • IT can be a service provided by outsourcing,
    instead of being internally managed
  • Scarcity of IT people is partly driving this!
  • The industry is becoming more standardized, and
    cost reduction pressure is strong
  • Where exactly is your Gmail???
  • Similar to shifts from answering machines to
    voice mail, or power as a commodity
  • Need to manage IT providers and partners well!

64
Managing legacy systems
  • Any infrastructure from an older organization
    probably still has legacy components in it
  • Often obsolete, proprietary
  • Also includes legacy organizations, processes,
    and cultures!
  • How do new technologies relate to the legacy
    systems? Change the organization, processes, and
    culture?

65
Future of internetworking
  • The technologies we rely on have been refined
    over the last 30-40 years
  • Markets want reliable, secure, high speed
    connectivity
  • Changes to QoS (quality of service) possible on
    the Internet are needed to help meet demand
  • Availability, authentication, security, bandwidth
    guarantees, nonrepudiation are all highly desired

66
Summary
  • Internetworking infrastructure includes not only
    the physical hardware and software, but the
    processes, organization, and culture that use
    them
  • Technology changes are creating faster, more
    flexible, interoperable global networks, speeding
    creation of value at the cost of high complexity,
    uncertainty, and new threats

67
The Business of IT
  • Assuring reliable and secure IT services

68
Reliability of the Internet
  • The reliability of the Internet is based on its
    many redundant paths among hosts
  • Failures at one or more routers are unlikely to
    stop a message from getting to its destination
  • Most organizations dont have the luxury of that
    much redundancy!
  • Key tradeoff is the expense of redundancy, versus
    the reliability it can bring

69
How much can you afford?
  • Added complexity of redundant systems adds new
    kinds of possible failures
  • So it boils down to asking how much reliability
    can you afford?
  • Kind of like how fast do you want your car?
  • How expensive is a 15-minute failure of your IT
    infrastructure? 12 hours?
  • How does reliability differ from availability?

70
Availability
71
Timing
  • The number of failures and their duration each is
    also important
  • Many very brief failures may have less impact
    than one long one
  • Timing when failures occur also matters
  • 300 am often not as bad as 1000 am?
  • Planned system outages dont count

72
Calculating availability
  • For systems that all need to be running at once
    (serial), multiply their individual
    availabilities
  • System avail P component avail
  • So a system of five serial components, each with
    98 availability, will have a system availability
    of System avail 0.980.980.980.980.98
    90.4
  • Adding more components hurts overall availability

73
Calculating availability
  • If components are in parallel (any of the
    redundant components could perform the function),
    then multiply the failure rates of the components
    to get the system failure rate
  • Failure rate 1 Availability rate
  • So five components in parallel would have a
    failure rate of (1 - 0.98)5 3.2E-09 for an
    availability of 1 - 3.2E-9 99.99999968

74
High availability facilities
  • A typical high availability data center should
    have many features
  • Uninterruptible power supply
  • Major equipment should have multiple power
    supplies, powered by separate circuits
  • A UPS is ready to take over if main power source
    fails
  • UPS might be a diesel generator for sustained
    outages
  • Physical security to restrict access to the
    equipment

75
High availability facilities
  • Extreme facilities might be protected from blast
    or other attacks
  • Weighing visitors, biometric identification, etc.
    could be used
  • Climate control and fire suppression
  • Network connectivity to two or more backbone
    Internet providers
  • Might have redundant NOCs

76
High availability facilities
  • Help desk incident response procedures
  • N1 or NN redundancy
  • N1 means at least one redundant system standing
    by typically good for up to 3 9s of
    availability
  • NN means double the number of systems normally
    needed, needed for 4 or more 9s of availability
  • See earlier availability chart for Level 1 to 4
    Data Center classifications
  • A single component can have redundant features,
    even if the entire component isnt duplicated

77
Malicious threats
  • Its no secret that there are many threats to
    network security, from casual bored hackers to
    well organized spies and terrorists
  • Threats can be loosely grouped into three
    categories
  • External attacks
  • Intrusion
  • Viruses and worms

78
External attacks
  • External attacks hurt a site or degrade its
    services, without getting access inside it
  • Denial of service attacks (DoS) typically flood
    web servers with TCP SYN messages, until they
    crash
  • Distributed DoS (DDoS) attacks do the same thing
    from many computers at once
  • IP spoofing might be used to mask the true source
    of these attacks

79
External attacks
  • DoS attacks are easy to do script kiddies
  • And are hard to defend against
  • Slow DoS attacks can look like normal traffic

80
Intrusion
  • Intrusion attacks gain access inside your network
  • Guess or obtain user names and passwords (maybe
    via packet sniffing, or clever social
    engineering)
  • Back doors left by developers
  • Port scanning to look for open entries to servers

81
Intrusion
  • Once inside the network, hackers might
  • Download, alter, or delete data (SSN, CC numbers)
  • Deface web sites
  • Posing as a user, send malicious messages
  • Leave software to perform DDoS later, or time
    bombs to delete data
  • Proving what they did is often very hard
  • Can produce tough PR issues!

82
Viruses and worms
  • Viruses and worms are self-replicating programs
  • Viruses need help to spread, worms dont
  • Both are often incorporated into other attacks,
    e.g. set up a DDoS attack

83
Defensive measures
  • Many types of defenses are often used
  • Security policies
  • Firewalls
  • Authentication
  • Encryption
  • Patching and change management
  • Intrusion detection and network monitoring

84
Security policies
  • Security policies are needed to define
  • How passwords are managed
  • Who has accounts on the network?
  • What security is needed on network computers?
  • What services are running in the network?
  • What can users download?
  • How are these policies enforced?

85
Firewalls
  • Firewalls can be hardware- and/or software-based
    methods to control network access
  • Can people access the network from outside?
  • Most firewalls filter packets to look for
    attacks, illegal applications, IP spoofing, etc.
  • Cant stop internal traffic, most viruses, or
    bypassing the network (wireless, flash drives)
  • They also provide good traffic monitoring points

86
Authentication
  • Authentication proves you are who you claim to be
    could be applied to hosts or users
  • Could be as basic as user name and password, or
    involve certificate authorities, biometrics, etc.
  • How tough are passwords? Change them how often?
    Can you reuse them?
  • After that, can control access to data, network
    resources based on identity

87
Encryption
  • Encryption provides confidentiality of data
  • Even if intercepted, cant easily be read
  • Protect your keys!!!
  • Encryption can be symmetric or public key
  • Often both are used to provide authentication and
    confidentiality
  • Digital signatures also prove authentication
  • Message digests provide integrity check

88
Patching and change management
  • Known weaknesses in apps or OSs can be patched
    if you USE the patches!
  • Keeping current is tedious
  • Patches might cause side effects in other apps
  • Change management needs to know what patches are
    installed, what apps should be running, and what
    files should be on production systems

89
Intrusion detection
  • Intrusion detection systems look at packet
    contents to look for attack patterns or look for
    weird patterns of traffic behavior
  • Could also include hardware and software
    monitoring to look for unusual configurations
    (e.g. a NIC in promiscuous mode) or suspicious
    behavior

90
Security management framework
  • Security affects the design of a network, and
    requires policies and procedures to keep it safer
  • Some basic principles of good security management
    include
  • Make security decisions dont ignore the issue!
  • Realize that security threats change and evolve
    dont expect anything to be static

91
Security management framework
  • Consistent change management is critical
  • Educate users what not to click on, how to keep
    passwords secure, why procedures are in place
  • Great ignored procedures are worthless!
  • Use layered security
  • Consider host, network, and application levels of
    security, and prioritize measures

92
Risk management
  • Risk management for availability and security is
    critical
  • Cant avoid all risks, so need to estimate the
    probability of risks occurring, and how severe
    the impact (consequences) of each risk is
  • Obviously, low probability and low impact risks
    are minor threats and high probability and high
    impact risks are critical ones to address

93
Risk management
  • But the other combinations (low probability, high
    impact, or high probability, low impact) are
    harder to assess
  • E.g. we often pay for insurance against unlikely
    but rare events, like severe illness or death
  • Can define expected lossprobabilityimpact
  • But intangible losses are hard to quantify
  • New technologies may add new risks (complexity,
    instability)

94
Incident management
  • All infrastructures experience incidents, so its
    important to plan for them
  • What could be typical incidents affecting
    availability and/or security?
  • Plan for actions to be taken before, during, and
    after an incident

95
Actions before an incident
  • Design the infrastructure for recoverability and
    failure tolerance
  • Follow your own procedures, especially for change
    management and data backup
  • Document procedures and configurations carefully

96
Actions before an incident
  • Have crisis management procedures
  • How do you diagnose problems?
  • Who is available to help?
  • Practice incident response
  • Do you have current contact information for key
    people?
  • What outside resources are available to help?

97
Actions during an incident
  • Beyond the apparent technical issues, there are
    many other factors in a crisis
  • Emotional responses (confusion, denial, panic)
  • Wishful thinking
  • Political maneuvering, avoiding responsibility
  • Leaping to conclusions, ignoring unwanted evidence

98
Actions during an incident
  • Public relations issues can also be overwhelming
  • Reluctant to admit how serious the problem is
    (FEMA in NO?)
  • Major decisions are risky, and you have to make
    confident decisions even if data is never
    complete

99
Actions after an incident
  • After an incident, may have to rebuild part of
    the infrastructure, or even everything
  • This is why you had good CM!
  • Processes might have to be changed to accommodate
    the new infrastructure
  • Document lessons learned from this incident, to
    help reliving it in the future!
  • What caused it? How can you prevent it?

100
Actions after an incident
  • May also need to explain to customers and other
    stakeholders what happened, and what your actions
    have been
  • Again can be a PR issue to show your steps to
    secure your infrastructure are sound and thorough

101
Summary
  • Availability for IT infrastructures
  • How to calculate availability with serial or
    parallel components
  • Features needed for high availability facilities
  • Security threats and defenses
  • Security management framework
  • Risk and incident management
About PowerShow.com