Criticality estimation of IT business functions with the Business Continuity Testing Points method for implementing effective recovery exercises of crisis scenarios

The primary goal of the present paper is the introduction of a new approach of defining IT unit business functions exact criticality levels and respectively categorize them to the appropriate recovery tests, prior to their thorough documentation which includes actual desired recovery time frames. The method is entitled as Business Continuity Testing Points and it is based on the concept of Use Case Points, a fundamental project estimation tool utilized for sizing of object-oriented system development. The aim of the contribution is to ameliorate the existing manual way of determining recovery time of IT business functions that is based exclusively on experience of IT personnel, by introducing a calculation method of multiple factors that can negatively affect the recovery process. The elimination of damage as a result of tested immediate response action in a crisis situation that disrupts core IT operations constitutes the aimed advantage of the proposed contributionComment: 9 pages. International Journal of Computer Science Issues, 201

Risk-based control of the negative effect of discontinued automated processes: a case from the agricutlural domain

The current paper delineates a modern algorithmic procedure for estimating the risk and calculating a realistic duration of interrupted critical computerized business activities, in order to mitigate or prevent their corresponding negative consequences. The contribution is formulated via merging risk management and business continuity concepts. The formulation of an integrated business continuity management policy includes the proactive determination of approximate recovery timeframes for critical business functions. Practically, this estimation is based on recovery tests which are executed under ideal conditions, and unexpected factors which may emerge during a real process interruption and signifi cantly delay its recovery are ignored. Agriculture is a domain where the incorporation of an integrated business continuity management system is a crucial issue. The interruption of agricultural computerized activities can be triggered by and can result to various undesirable environmental phenomena. Thus, especially for agriculture, the consideration of unexpected factors when executing recovery tests is highly demanded. The currently presented algorithm accepts as initial input the estimated recovery time which is based on recovery exercises executed under ideal conditions. Then, a precise number of potential unpredictable hazards (factors) are taken into consideration and the risk magnitude of each threat is semi-quantitatively estimated. The total risk magnitude is utilized to estimate the time deviation from the initially defi ned recovery time. After the risk analysis process is terminated, a new recovery timeframe is proposed. The time deviation from the initially defi ned recovery time is calculated in its absolute value. The algorithm is fi nally validated by applying the calculated extended timeframe to the system availability formula which measures the achieved system availability levels for any information system. The validation of the approach is demonstrated via a practical case study from the agricultural domain, namely the greenhouse irrigation scheduling system interruption scenario

Calculation of Unpredictable Time Deviation from Defined Enterprise Information System Recovery Effort in Emergency Situations

Abstract The present paper deals with creation of a model which estimates the negative impact of an unexpected factor on an enterprise information system recovery process, which is planned by the Business Continuity Management teams, towards a system outage caused by another foreseen crisis event. The core hypothesis of the contribution is the simultaneous occurrence of an unexpected factor during the information system restoration procedure, after a failover triggered by a crisis situation, for which the action steps are delineated in the Business Continuity Plan. In such case, the unexpected factor can negatively influence the estimated Recovery Time Effort (RTE) of the corresponding IT Business Process. Important part of the current work is the calculation of the approximate time deviation from the initially planned recovery time of the business function. The developed model is based on the Composite Risk Index theory of Risk Management

A 3-Factor Model Relating Communication to Risk Mitigation of Extended Information System Failover

This paper aims to analyse the relation between timely and effective communication and risk mitigation of late recovery after an unexpected information system outage in enterprises. An unforeseen information system failure in modern enterprise units, may result to significant operational and financial damage. In such a critical incident, effective communication between the team leaders and the recovery team involved, can minimize or even eliminate this negative impact. An extended information system outage can be perceived as a time deviation from the Maximum Accepted Outage (???) timeframe, proposed by the business continuity management, according to the value of which dependent business functions may be interrupted without any serious effects to the company. The paper examines the relation between 3 basic factors and the efficient communication between team members. The factors are: timely information distribution, staff availability and network availability. Through the current paper, the author proposes a risk analysis model, based on the Composite Risk Index theory of Risk Management, which can significantly diminish the possibility of an extended information system outage, as well as calculate the extended time required to recover a system when the aforementioned factors emerge in their worst form. The precise calculation of recovery time can be achieved via the execution of business continuity tests which include scenarios, according to which an unexpected system outage coexists with delayed information distribution as well as low staff and network availability