35 research outputs found
Criticality estimation of IT business functions with the Business Continuity Testing Points method for implementing effective recovery exercises of crisis scenarios
The primary goal of the present paper is the introduction of a new approach
of defining IT unit business functions exact criticality levels and
respectively categorize them to the appropriate recovery tests, prior to their
thorough documentation which includes actual desired recovery time frames. The
method is entitled as Business Continuity Testing Points and it is based on the
concept of Use Case Points, a fundamental project estimation tool utilized for
sizing of object-oriented system development. The aim of the contribution is to
ameliorate the existing manual way of determining recovery time of IT business
functions that is based exclusively on experience of IT personnel, by
introducing a calculation method of multiple factors that can negatively affect
the recovery process. The elimination of damage as a result of tested immediate
response action in a crisis situation that disrupts core IT operations
constitutes the aimed advantage of the proposed contributionComment: 9 pages. International Journal of Computer Science Issues, 201
Risk-based control of the negative effect of discontinued automated processes: a case from the agricutlural domain
The current paper delineates a modern algorithmic procedure for estimating the risk and calculating
a realistic duration of interrupted critical computerized business activities, in order to mitigate or
prevent their corresponding negative consequences. The contribution is formulated via merging
risk management and business continuity concepts. The formulation of an integrated business
continuity management policy includes the proactive determination of approximate recovery
timeframes for critical business functions. Practically, this estimation is based on recovery tests
which are executed under ideal conditions, and unexpected factors which may emerge during
a real process interruption and signifi cantly delay its recovery are ignored. Agriculture is a domain
where the incorporation of an integrated business continuity management system is a crucial
issue. The interruption of agricultural computerized activities can be triggered by and can result to
various undesirable environmental phenomena. Thus, especially for agriculture, the consideration
of unexpected factors when executing recovery tests is highly demanded. The currently presented
algorithm accepts as initial input the estimated recovery time which is based on recovery exercises
executed under ideal conditions. Then, a precise number of potential unpredictable hazards (factors)
are taken into consideration and the risk magnitude of each threat is semi-quantitatively estimated.
The total risk magnitude is utilized to estimate the time deviation from the initially defi ned recovery
time. After the risk analysis process is terminated, a new recovery timeframe is proposed. The time
deviation from the initially defi ned recovery time is calculated in its absolute value. The algorithm
is fi nally validated by applying the calculated extended timeframe to the system availability formula
which measures the achieved system availability levels for any information system. The validation
of the approach is demonstrated via a practical case study from the agricultural domain, namely the
greenhouse irrigation scheduling system interruption scenario
Calculation of Unpredictable Time Deviation from Defined Enterprise Information System Recovery Effort in Emergency Situations
Abstract The present paper deals with creation of a model which estimates the negative impact of an unexpected factor on an enterprise information system recovery process, which is planned by the Business Continuity Management teams, towards a system outage caused by another foreseen crisis event. The core hypothesis of the contribution is the simultaneous occurrence of an unexpected factor during the information system restoration procedure, after a failover triggered by a crisis situation, for which the action steps are delineated in the Business Continuity Plan. In such case, the unexpected factor can negatively influence the estimated Recovery Time Effort (RTE) of the corresponding IT Business Process. Important part of the current work is the calculation of the approximate time deviation from the initially planned recovery time of the business function. The developed model is based on the Composite Risk Index theory of Risk Management
A 3-Factor Model Relating Communication to Risk Mitigation of Extended Information System Failover
This paper aims to analyse the relation between timely and effective communication and risk mitigation of late recovery after an unexpected information system outage in enterprises. An unforeseen information system failure in modern enterprise units, may result to significant operational and financial damage. In such a critical incident, effective communication between the team leaders and the recovery team involved, can minimize or even eliminate this negative impact. An extended information system outage can be perceived as a time deviation from the Maximum Accepted Outage (???) timeframe, proposed by the business continuity management, according to the value of which dependent business functions may be interrupted without any serious effects to the company. The paper examines the relation between 3 basic factors and the efficient communication between team members. The factors are: timely information distribution, staff availability and network availability. Through the current paper, the author proposes a risk analysis model, based on the Composite Risk Index theory of Risk Management, which can significantly diminish the possibility of an extended information system outage, as well as calculate the extended time required to recover a system when the aforementioned factors emerge in their worst form. The precise calculation of recovery time can be achieved via the execution of business continuity tests which include scenarios, according to which an unexpected system outage coexists with delayed information distribution as well as low staff and network availability