Chapters 5 and 6
advertisement
IT Infrastructure Chapters 5 & 6 INFO 410 Glenn Booker Images are from the text author’s slides 1 INFO 410 Chapters 5-6 Five competitive forces Before diving into the second module, we’ll examine the five competitive forces that shape strategy (case study 1-1) – – The most obvious competitive force is your competitors in the industry – 2 Technology can influence or drive all of them Our overall goal is to be profitable (yay capitalism!) Most don’t look beyond that INFO 410 Chapters 5-6 Five competitive forces 3 Customers can play you against your rivals, lowering prices Suppliers can limit your profits by charging high prices Threat of new rivals can increase capacity, and increase the investment needed to play Substitute products can steal customers INFO 410 Chapters 5-6 The big picture So we need to consider all five major forces in a given industry to produce a good strategy A common approach is to position yourself where forces are weakest – – 4 Paccar sells custom trucks to owner-operators MP3s created a substitute for buying music CDs; Apple filled the void with iTunes INFO 410 Chapters 5-6 Tricks to win 5 Limit supplier power via standardized parts Expand services so it’s harder for customers to leave Invest in products different from your rivals, to avoid price wars Invest in R&D to scare off new rivals Make products very available, to offset subs INFO 410 Chapters 5-6 Strength of forces drives profit When competitive forces are all strong (airlines, textiles) there is little profit Conversely, weak competition leads to high profits (soda, software, toiletries) Profitability, measured by ROIC (return on invested capital) is typically 10-20% – – 6 Airlines and mail order about 5% Soda and software are over 35% INFO 410 Chapters 5-6 Strength of forces drives profit 7 Short term profits are affected by many things (weather, industry cycles) but long term performance is dominated by these five forces The strongest competitive force(s) determines how profitable an industry can be Hence it/they are key factors in choosing the best strategy INFO 410 Chapters 5-6 Threat of new rivals New players add capacity to produce products, and pressure to lower prices Especially if they are established firms in other areas – – – 8 Pepsi bottled water Microsoft Web browsers Apple music distribution INFO 410 Chapters 5-6 Threat of new rivals 9 To avoid this threat, existing producers must hold down prices, and/or invest in new products to keep customers loyal (Starbucks) Notice it’s the threat of rivals, not actual new rivals, that limits profitability Barriers to entry help keep out new competition INFO 410 Chapters 5-6 Barriers to entry Supply-side economies of scale – – Demand-side benefits of scale – – – 10 It’s cheaper to make lots of stuff than a little Every aspect of the value chain, even marketing and research, benefit from large scale operations Larger companies attract more customers “No one ever got fired for buying IBM” eBay has more auctions, so more people use it INFO 410 Chapters 5-6 Barriers to entry Customer switching costs – – Capital requirements – – 11 Changing vendors may mean changing product specs, retraining staff, adapting processes, etc. ERP systems have huge switching costs! Make it expensive to compete with you Facility costs, provide credit to customers, inventory costs, start-up costs, ads, R&D, etc. INFO 410 Chapters 5-6 Barriers to entry Incumbent advantages – – – Unequal access to distribution channels – 12 Not just for politicians! May have cost or quality advantages over rivals, proprietary technology, best sources, best locations, known brand identity Counter by placing self away from rivals (Wal-Mart) Limited shelf space, available distributors INFO 410 Chapters 5-6 Barriers to entry Government policies – – 13 Government can limit or forbid new entrants in an industry (e.g. radio, liquor, taxi, airlines) Government can also encourage new entrants – subsidies, grants, 8(a) programs, etc. Of course, new entrants in a field could expect retaliation INFO 410 Chapters 5-6 Barriers to entry - retaliation Retaliation is likely, if incumbent players – – – 14 Have squashed rivals before Have lots of money Can cut prices to drive you out of business Or if industry growth is slow INFO 410 Chapters 5-6 Power of suppliers 15 Key suppliers can simply charge more for their products, reducing your profitability This can include suppliers of labor! Microsoft reduces profitability of PCs by OS costs INFO 410 Chapters 5-6 Power of suppliers Suppliers are powerful if – – They are more concentrated than the industry they supply (1 Microsoft vs. many PC makers) The supplier doesn’t depend on one industry for revenue – There are high switching costs to another supplier 16 If you only have one customer, you have to take better care of them! Training, location, etc. could contribute INFO 410 Chapters 5-6 Power of suppliers Or if – – – 17 Supplier offers unique products (or at least different, such as drug products) There is no substitute for the supplier (airline pilots) The supplier could enter the market themselves (Shuttle selling barebones computers) INFO 410 Chapters 5-6 Power of buyers 18 Customers (buyers) can force down prices, demand better quality or service, reducing your profitability through price reductions Buyer power is similar for consumers and B2B customers Consumer needs may be harder to pin down INFO 410 Chapters 5-6 Power of buyers Buyers have power if – There are few of them, and/or they purchase in large volume – – – 19 The latter especially if the industry has high fixed costs (telecom, chemicals, oil drilling) Products are standardized (paper clips) Switching costs are low The buyers can integrate backward, and make the product themselves (packaging for sodas) INFO 410 Chapters 5-6 Power of buyers Buyers are price sensitive if – – – – 20 The products are a major fraction of its budget (mortgages) Buyers earn little profit, or have little cash, or otherwise need to cut purchasing costs Buyer’s product quality is little affected by the items bought (opposite of movie cameras) Product has little effect on buyer’s other costs INFO 410 Chapters 5-6 Power of buyers Intermediate customers (distribution or assembly channels) also gain power when they influence customers’ buying decisions – – 21 Consumer electronics or jewelry retailers, or agriculture equipment distributors Producers may avoid this through direct channels to consumers, or exclusive distribution channels (sweeteners, DuPont Stainmaster, bike parts) INFO 410 Chapters 5-6 Threat of substitutes A substitute does the same function as a product in a different manner – – – – 22 Videoconference instead of traveling Email instead of snail mail Software for travel agents, when people shop online instead Only have a cell phone instead of wired phones INFO 410 Chapters 5-6 Threat of substitutes Because substitutes may be very different products, they’re easy to overlook – 23 Used vs new products, or do-it-yourself vs. purchased could also be factors High threat of substitutes lowers profitability Industries often need to distance themselves from well known substitutes INFO 410 Chapters 5-6 Threat of substitutes Threat of substitutes is high if – – 24 There is good price-performance compared to the industry product (Skype vs long distance calls, Netflix vs YouTube) Switching cost to substitute is low (generic drugs) Hence need to monitor other industries for new substitutes (e.g. plastic for car parts instead of metal) INFO 410 Chapters 5-6 Competitive rivalry Rivalry among competitors in an industry is very familiar – 25 Sales, new products, ad campaigns, service improvements Rivalry limits profitability Rivalry has dimensions of intensity and the basis upon which it depends INFO 410 Chapters 5-6 Competitive rivalry Intensity of rivalry is high when – – – – – 26 There are many competitors, or they are the same size & power Industry growth is slow, makes for fight over market share Exit barriers are high, hence stuck in industry Rivals are striving for leadership Rivals can’t read each others’ strategies well INFO 410 Chapters 5-6 Competitive rivalry Rivalry is worst for profits when it’s on the basis of price alone Price rivalry is common when – – – – 27 Products or services can’t be told apart Fixed costs are high Capacity need to grow in leaps to be efficient Product is perishable! (produce, or hotel rooms) INFO 410 Chapters 5-6 Competitive rivalry Competitive rivalry can have other basis – – 28 Features, support, delivery speed, brand image These are less likely to affect price, since they help differentiate products If you compete on the same basis as your rivals, might be fighting over the same customers; instead of winning new ones via differentiation, a positive sum game INFO 410 Chapters 5-6 Other factors The five competitive forces are key to developing a good strategy But there are other factors to consider – – – – 29 Industry growth rate Technology and innovation Government Complementary products and services INFO 410 Chapters 5-6 Industry growth rate Fast-growing industries often have little rivalry, but gives suppliers a lot of power Low barriers to entry will guarantee a lot of competitors – 30 PCs have been very low in profit for that reason Substitutes might still exist INFO 410 Chapters 5-6 Technology and innovation 31 Technology alone will rarely make an industry attractive New technology attracts a lot of interest, and hence rivals Low tech, price insensitive industries are often the most profitable INFO 410 Chapters 5-6 Government Government involvement could be good or bad Look at how they affect the five forces – – – 32 Patents create barriers to entry, for example Unions often raise supplier power Lenient bankruptcy rules favor excess capacity and more rivalry Consider different levels of government too INFO 410 Chapters 5-6 Complementary products 33 Some product go well together, like hardware and software! Complements can affect demand for a product; see how they affect the five forces Can affect barriers to entry (app development), threat of substitutes (hydrogen cars, iTunes), rivalry (pro or con) INFO 410 Chapters 5-6 Changes over time Everything so far has been at one moment in time; now consider how these factors can change over time New entries can arise from a patent expiring – – 34 Limited retail freezer space can limit new products Large scale retailers create barriers for small competitors INFO 410 Chapters 5-6 Changes over time 35 Consolidation of appliance retailers have limited the power of their suppliers Travel agents have little power over their commissions, due to online sales Technology often shifts price/performance (microwaves) or creates new substitutes (flash drives instead of small hard drives) INFO 410 Chapters 5-6 Changes over time Rivalries often intensify over time, as industry growth slows Rivals become more alike as products become similar, consumer taste settles down – 36 Some areas avoid this, e.g. casino catering to different populations Mergers, acquisitions, and technology can alter rivalries, create customer backlash INFO 410 Chapters 5-6 Strategy implications All of these forces and factors should play into creating a good business strategy – – – 37 Where do you stand relative to buyers, suppliers, new entrants, rivals, and substitutes? What changes in these forces can be anticipated? Can you change the industry structure? Your strategy should defend against the strong forces, and exploit the weak ones INFO 410 Chapters 5-6 Positioning the company Also consider the entry and unpopular exit options – is this a good time to enter or leave a market? Or industry? Are there changes in the industry of which you can take advantage? – 38 Often such changes can create prime opportunities, if you can spot them INFO 410 Chapters 5-6 Reshape industry structure 39 This can be done by redividing profitability; changing the forces which affect the current industry’s profitability Find which forces are key limits on profits, and do something to release them! INFO 410 Chapters 5-6 Reshape industry structure Or expand the profit pool; increase overall demand for the products – – – – 40 Find new buyers Make channels become more competitive Coordinate with suppliers Improve quality standards, etc. INFO 410 Chapters 5-6 Play in the right sandbox Make sure you have clear industry boundaries Sounds basic, but each industry typically needs its own strategy – Huge mistakes can result otherwise! – 41 Identify product or services scope, and geographic scope of each industry Miss major markets, product needs, etc. INFO 410 Chapters 5-6 Competition and value The five forces (and lesser factors) identify how competition will affect a business strategy Key is not only to identify competitive threats, but also possible opportunities Also helps investors understand a business – 42 Separate short term blips from structural changes INFO 410 Chapters 5-6 The Business of IT Understanding IT infrastructure 43 INFO 410 Chapters 5-6 IT a key capability 44 IT is now a critical part of how businesses realize their business models This module is about how IT affects management of a business, affects availability and security, makes new service models possible, and supports project management INFO 410 Chapters 5-6 IT infrastructure Cheap computing and universal networks have formed the foundation for levels of information sharing and services never possible before The challenges its implementation introduces can be huge, however – – 45 Reliability, interoperability with legacy systems Reduced ability to differentiate from competition INFO 410 Chapters 5-6 Infrastructure constraints Dangers include basing your infrastructure on a technology which dies Business needs and technology decisions need to be interwoven – 46 That’s where IS people are critical interfaces! So what drives technology changes? INFO 410 Chapters 5-6 Moore’s “Law” Gordon Moore (later cofounder of Intel) noted in 1965 that computer chip prices stayed about the same, but their speed doubled every 18-24 months – The 60’s and 70’s saw centralized computer architecture – 47 Still true today! Mainframes, punch cards, ttys, dumb terminals INFO 410 Chapters 5-6 Computer evolution The “computer on a chip” concept started roughly in 1971 with the Intel 4004 CPU, leading to the 8088, 286/386/486/Pentium, PII, PIII, P4, etc. With the introduction of PCs in 1981, computing started to spread from the mainframes throughout an organization – 48 Spreadsheets, databases, CAD, programming INFO 410 Chapters 5-6 Computer evolution Then the baby computers started talking to each other – the LAN was born – – And the world saw the Internet explode in the early 90’s – 49 Led to the client/server architecture Let the PCs do some of the work! WANs, internetworking technologies, open standards, and of course WWW INFO 410 Chapters 5-6 Computer evolution Robert Metcalfe’s Law: “The usefulness of a network increases with the square of the number of users connected to the network” – Network capacity grew even faster than Moore’s Law, with cheap powerful CPUs and easy TCP/IP networks – 50 Metcalfe created Ethernet, founded 3Com Led to changes in computing infrastructure INFO 410 Chapters 5-6 Computer evolution But these changes have been so fast that many organizations are left with fragments from different eras of technology Internetworking infrastructure consists of – – – 51 Network(s) Computer HW and SW (“processing systems”) Facilities INFO 410 Chapters 5-6 Network elements LANs, WANs Routers, switches, … hubs?? Wireless access points Network cards (wireless or not) Firewalls Cache, media, print, or other servers – 52 If it performs a business function, it’s a processing element; otherwise it’s a network element INFO 410 Chapters 5-6 Network(s) Includes links, network hardware, software, policy management and monitoring Key issues include – – – – – 53 Selecting technologies and standards Selecting and managing partners Assuring reliability Maintaining security Interconnection among networks INFO 410 Chapters 5-6 Processing system elements 54 Client devices and systems (PCs, cell phones, cars, refrigerators, etc.) Servers – general processing, transaction, file, database, Web, and application servers Enterprise servers (and legacy mainframes) Middleware – often overlooked Network management software Business applications INFO 410 Chapters 5-6 Processing systems Includes most servers, clients, phones, and software (custom code, SAP, Oracle, etc.) Management issues include – – – – – 55 What’s internally developed vs. outsourced How to grow, deploy, & modify Connecting to legacy systems Problem management Disaster recovery INFO 410 Chapters 5-6 Facility elements Facilities include – – – – – 56 Buildings, physical spaces Network conduits and links Power Environmental control systems (temp, humidity) Security (physical and network) INFO 410 Chapters 5-6 Facilities Includes data centers, network ops centers, data closets, managed services Issues include – – – – 57 Manage internally vs. outsource Choosing the right facilities model Reliability, security Energy efficiency & environmental impact INFO 410 Chapters 5-6 Internetworking characteristics Internetworking technologies differ from some other info technologies in several ways – – – – – 58 Based on open standards Operate asynchronously (think datagram network) Have inherent latency (delivery delays) Are decentralized (no single point of failure) Are scalable (lots of pathways help here) INFO 410 Chapters 5-6 Business implications On a fast network, all computers can act essentially as one – – – Physical location is less important, changing outsourcing, partnerships, industry structure – 59 The network becomes a computer Sequential events become nearly simultaneous Huge paradigm shift But increasing complexity, interactions, threats INFO 410 Chapters 5-6 Real-time infrastructures The mainframe era used batch computing, often at the end of the day Real-time (or nearly so) computing has erased those expectations Other benefits include – Better data, better decisions 60 Easier synchronization of data sources INFO 410 Chapters 5-6 Real-time infrastructures – Better process visibility – Improved process efficiency – JIT inventory, faster cycle times, response to market conditions From ‘make and sell’ to ‘sense and respond’ 61 Instant order status Respond to actual demand, rather than forecasted demand, e.g. Dell Requires faster transaction and communication systems INFO 410 Chapters 5-6 Not all good The faster response time has produced new threats – – – 62 Wall St panic on 10/19/1987, due largely to automated stock buying programs causing a chain reaction While value can be created faster, so can bad side effects Need high availability, fast disaster response, and improved security INFO 410 Chapters 5-6 New service delivery models IT can be a service provided by outsourcing, instead of being internally managed – – – – – 63 Scarcity of IT people is partly driving this! The industry is becoming more standardized, and cost reduction pressure is strong Where exactly is your Gmail??? Similar to shifts from answering machines to voice mail, or power as a commodity Need to manage IT providers and partners well! INFO 410 Chapters 5-6 Managing legacy systems Any infrastructure from an older organization probably still has legacy components in it – – – 64 Often obsolete, proprietary Also includes legacy organizations, processes, and cultures! How do new technologies relate to the legacy systems? Change the organization, processes, and culture? INFO 410 Chapters 5-6 Future of internetworking The technologies we rely on have been refined over the last 30-40 years Markets want reliable, secure, high speed connectivity – – 65 Changes to QoS (quality of service) possible on the Internet are needed to help meet demand Availability, authentication, security, bandwidth guarantees, nonrepudiation are all highly desired INFO 410 Chapters 5-6 Summary 66 Internetworking infrastructure includes not only the physical hardware and software, but the processes, organization, and culture that use them Technology changes are creating faster, more flexible, interoperable global networks, speeding creation of value at the cost of high complexity, uncertainty, and new threats INFO 410 Chapters 5-6 The Business of IT Assuring reliable and secure IT services 67 INFO 410 Chapters 5-6 Reliability of the Internet The reliability of the Internet is based on its many redundant paths among hosts – Most organizations don’t have the luxury of that much redundancy! – 68 Failures at one or more routers are unlikely to stop a message from getting to its destination Key tradeoff is the expense of redundancy, versus the reliability it can bring INFO 410 Chapters 5-6 How much can you afford? Added complexity of redundant systems adds new kinds of possible failures So it boils down to asking: how much reliability can you afford? – – 69 Kind of like ‘how fast do you want your car?’ How expensive is a 15-minute failure of your IT infrastructure? 12 hours? How does reliability differ from availability? INFO 410 Chapters 5-6 Availability 70 No. of 9’s Data Center Availability Down time / year 2 Level 1 99% 87.6 hours 3 Level 1 99.9% 8.8 hours 4 Level 2 Level 3 99.99% 53 minutes 5 Level 4 99.999% 5.3 minutes 6 Level 4 99.9999% 31.5 seconds INFO 410 Chapters 5-6 Timing The number of failures and their duration each is also important – Timing when failures occur also matters – 71 Many very brief failures may have less impact than one long one 3:00 am often not as bad as 10:00 am? Planned system outages don’t ‘count’ INFO 410 Chapters 5-6 Calculating availability For systems that all need to be running at once (serial), multiply their individual availabilities – – – 72 System avail = P [component avail] So a system of five serial components, each with 98% availability, will have a system availability of System avail = 0.98*0.98*0.98*0.98*0.98 = 90.4% Adding more components hurts overall availability INFO 410 Chapters 5-6 Calculating availability If components are in parallel (any of the redundant components could perform the function), then multiply the failure rates of the components to get the system failure rate – 73 Failure rate = 1 – Availability rate So five components in parallel would have a failure rate of (1 - 0.98)^5 = 3.2E-09 for an availability of 1 - 3.2E-9 = 99.99999968% INFO 410 Chapters 5-6 High availability facilities A typical high availability data center should have many features – Uninterruptible power supply – 74 Major equipment should have multiple power supplies, powered by separate circuits A UPS is ready to take over if main power source fails UPS might be a diesel generator for sustained outages Physical security to restrict access to the equipment INFO 410 Chapters 5-6 High availability facilities – Extreme facilities might be protected from blast or other attacks – – Climate control and fire suppression Network connectivity to two or more backbone Internet providers 75 Weighing visitors, biometric identification, etc. could be used Might have redundant NOCs INFO 410 Chapters 5-6 High availability facilities – – Help desk incident response procedures N+1 or N+N redundancy – See earlier availability chart for Level 1 to 4 Data Center classifications 76 N+1 means at least one redundant system standing by; typically good for up to 3 9’s of availability N+N means double the number of systems normally needed, needed for 4 or more 9’s of availability A single component can have redundant features, even if the entire component isn’t duplicated INFO 410 Chapters 5-6 Malicious threats It’s no secret that there are many threats to network security, from casual bored hackers to well organized spies and terrorists Threats can be loosely grouped into three categories – – – 77 External attacks Intrusion Viruses and worms INFO 410 Chapters 5-6 External attacks External attacks hurt a site or degrade its services, without getting access inside it – – – 78 Denial of service attacks (DoS) typically flood web servers with TCP SYN messages, until they crash Distributed DoS (DDoS) attacks do the same thing from many computers at once IP spoofing might be used to mask the true source of these attacks INFO 410 Chapters 5-6 External attacks 79 DoS attacks are easy to do – script kiddies And are hard to defend against Slow DoS attacks can look like normal traffic INFO 410 Chapters 5-6 Intrusion Intrusion attacks gain access inside your network – – – 80 Guess or obtain user names and passwords (maybe via packet sniffing, or clever social engineering) Back doors left by developers Port scanning to look for open entries to servers INFO 410 Chapters 5-6 Intrusion Once inside the network, hackers might – – – – 81 Download, alter, or delete data (SSN, CC numbers) Deface web sites Posing as a user, send malicious messages Leave software to perform DDoS later, or time bombs to delete data Proving what they did is often very hard Can produce tough PR issues! INFO 410 Chapters 5-6 Viruses and worms Viruses and worms are self-replicating programs – 82 Viruses need help to spread, worms don’t Both are often incorporated into other attacks, e.g. set up a DDoS attack INFO 410 Chapters 5-6 Defensive measures Many types of defenses are often used – – – – – – 83 Security policies Firewalls Authentication Encryption Patching and change management Intrusion detection and network monitoring INFO 410 Chapters 5-6 Security policies Security policies are needed to define – – – – – – 84 How passwords are managed Who has accounts on the network? What security is needed on network computers? What services are running in the network? What can users download? How are these policies enforced? INFO 410 Chapters 5-6 Firewalls Firewalls can be hardware- and/or softwarebased methods to control network access – – – – 85 Can people access the network from outside? Most firewalls filter packets to look for attacks, illegal applications, IP spoofing, etc. Can’t stop internal traffic, most viruses, or bypassing the network (wireless, flash drives) They also provide good traffic monitoring points INFO 410 Chapters 5-6 Authentication Authentication proves you are who you claim to be – could be applied to hosts or users – – 86 Could be as basic as ‘user name and password’, or involve certificate authorities, biometrics, etc. How tough are passwords? Change them how often? Can you reuse them? After that, can control access to data, network resources based on identity INFO 410 Chapters 5-6 Encryption Encryption provides confidentiality of data – – Encryption can be symmetric or public key – Often both are used to provide authentication and confidentiality Digital signatures also prove authentication – 87 Even if intercepted, can’t easily be read Protect your keys!!! Message digests provide integrity check INFO 410 Chapters 5-6 Patching and change management Known weaknesses in apps or OS’s can be patched – if you USE the patches! – – 88 Keeping current is tedious Patches might cause side effects in other apps Change management needs to know what patches are installed, what apps should be running, and what files should be on production systems INFO 410 Chapters 5-6 Intrusion detection 89 Intrusion detection systems look at packet contents to look for attack patterns; or look for weird patterns of traffic behavior Could also include hardware and software monitoring to look for unusual configurations (e.g. a NIC in promiscuous mode) or suspicious behavior INFO 410 Chapters 5-6 Security management framework Security affects the design of a network, and requires policies and procedures to keep it safer Some basic principles of good security management include – – 90 Make security decisions; don’t ignore the issue! Realize that security threats change and evolve; don’t expect anything to be static INFO 410 Chapters 5-6 Security management framework – – Consistent change management is critical Educate users what not to click on, how to keep passwords secure, why procedures are in place – Use layered security 91 Great ignored procedures are worthless! Consider host, network, and application levels of security, and prioritize measures INFO 410 Chapters 5-6 Risk management Risk management for availability and security is critical Can’t avoid all risks, so need to estimate the probability of risks occurring, and how severe the impact (consequences) of each risk is – 92 Obviously, low probability and low impact risks are minor threats; and high probability and high impact risks are critical ones to address INFO 410 Chapters 5-6 Risk management But the other combinations (low probability, high impact, or high probability, low impact) are harder to assess – Can define expected loss=probability*impact – – 93 E.g. we often pay for insurance against unlikely but rare events, like severe illness or death But intangible losses are hard to quantify New technologies may add new risks (complexity, instability) INFO 410 Chapters 5-6 Incident management All infrastructures experience incidents, so it’s important to plan for them – 94 What could be typical incidents affecting availability and/or security? Plan for actions to be taken before, during, and after an incident INFO 410 Chapters 5-6 Actions before an incident 95 Design the infrastructure for recoverability and failure tolerance Follow your own procedures, especially for change management and data backup Document procedures and configurations carefully INFO 410 Chapters 5-6 Actions before an incident Have crisis management procedures – – Practice incident response – – 96 How do you diagnose problems? Who is available to help? Do you have current contact information for key people? What outside resources are available to help? INFO 410 Chapters 5-6 Actions during an incident Beyond the apparent technical issues, there are many other factors in a crisis – – – – 97 Emotional responses (confusion, denial, panic) Wishful thinking Political maneuvering, avoiding responsibility Leaping to conclusions, ignoring unwanted evidence INFO 410 Chapters 5-6 Actions during an incident Public relations issues can also be overwhelming – – 98 Reluctant to admit how serious the problem is (FEMA in NO?) Major decisions are risky, and you have to make confident decisions even if data is never complete INFO 410 Chapters 5-6 Actions after an incident After an incident, may have to rebuild part of the infrastructure, or even everything – Processes might have to be changed to accommodate the new infrastructure Document lessons learned from this incident, to help reliving it in the future! – 99 This is why you had good CM! What caused it? How can you prevent it? INFO 410 Chapters 5-6 Actions after an incident May also need to explain to customers and other stakeholders what happened, and what your actions have been – 10 0 Again can be a PR issue to show your steps to secure your infrastructure are sound and thorough INFO 410 Chapters 5-6 Summary Availability for IT infrastructures – – 10 1 How to calculate availability with serial or parallel components Features needed for high availability facilities Security threats and defenses Security management framework Risk and incident management INFO 410 Chapters 5-6
