Scribd Logo
Upload

Welcome to Scribd!

  • Two 405

    Uploaded by

    Jayaletchumi Moorthy
    15 views16 pages
    Two-405

    Original Title

    Two-405

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Two-405

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views16 pages

    Two 405

    Uploaded by

    Jayaletchumi Moorthy
    Two-405

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    IT RISK MANAGEMENT BEST

    PRACTICES TOOLS AND


    PROCEDURES
    -- A Panel Discussion --

    Prepared For

    Futures & Options Expo


    2002

    AGENDA
    I.
    II.
    III.

    IV.
    V.

    Introduction, Purpose and Organization


    of This Panel Discussion
    About Our Panelists
    What Are IT Risk Management Best
    Practices Tools And Procedures?

    How Do They Work?

    How Do They Manage Risk?

    What Are Their Pros and Cons?


    What Are Our Panelists Experiences?
    Questions From the Floor

    I. INTRODUCTION, PURPOSE AND


    ORGANIZATION OF THIS PANEL
    DISCUSSION
    1. INTRODUCTION
    In the Financial Services Industry, when you
    think of RM, you think of trading controls.
    And, those trading controls usually rely
    heavily on automated applications of many
    types and flavors. But, what if one of these
    critical applications failed or did not operate
    properly. What type of IT risk management
    tools does the CIO use? Whats available to
    him? Is a suite of risk management tools in
    place? How are they managed? How do they
    integrate? How do they manage risk?

    purpose and scope

    The PURPOSE of this session is to discuss


    IT risk management procedures that will
    significantly reduce business risk, capital
    drain and loss of competitiveness. Its
    intention is to make the audience aware
    of these types of tools both
    technologists and users alike so they
    can be applied in your own offices. In
    fact, IT risk management is the front
    line in the battle to achieve business risk
    avoidance.

    purpose and scope

    The session is organized as follows:

    Ill tell you the pedigrees of our panelists

    Next, I will give a brief introduction and


    explanation about what IT risk
    management tools are

    Then, I will ask our panelists to address


    specific questions about how they acquired
    these tools and how they use them

    And, for the last 5-10 minutes of our


    allotted time, we will answer questions
    from the audience

    II. ABOUT OUR PANELISTS

    Steve Bass, Senior Vice President, Chief Information


    Officer, New York Board of Trade
    William Farrow, Executive Vice President, Chicago
    Board of Trade
    Brett Paulson, Senior Vice President, Chief Information
    Officer, Board of Trade Clearing Corporation
    Phillip Marks, Project Management Consultant, Rolfe &
    Nolan Plc
    Roman Szymansky, President, MicroDesign Services,
    Inc.
    Jonathan Weisblatt, Senior Vice President,
    eTrading/eCommerce, Man Financial
    Jerry Tellefsen, Moderator, Senior Vice President,
    Tellefsen Consulting Group, Inc.

    III. WHAT ARE IT RISK MANAGEMENT

    BEST PRACTICES TOOLS?

    We will discuss six types of RM tools and


    processes today:
    Rapid Application Development (RAD)
    Quality assurance (QA)
    Automated test tools
    Version control
    Disaster recovery
    Business continuity planning
    Lets take a brief look at each.

    best practices tools

    RAPID APPLICATION DEVELOPMENT (RAD) TOOLS


    WHAT ARE THEY?
    There are rule-based licensed software, that once
    learned, allow the tool user to have thousands of lines
    of code developed automatically almost instantly.

    WHAT BUSINESS RISK DO THEY HELP AVOID?


    Mainly, time to market! Imagine if development time
    would normally take six-nine months to complete and
    you can do that in one-third the time. The earlier the
    service is provided to the business user, the less risk
    there is of losing market share.

    best practices tools

    QUALITY ASSURANCE (QA)


    WHAT DOES IT DO WHEN ITS DONE PROPERLY
    It assures that the likelihood of failure of any new
    application put into production is extremely low
    because it has been so methodologically tested and
    retested. It is a very strict regimen and almost as
    importantly an insurance policy for the CTO/CIO.

    WHAT BUSINESS RISK DOES IT HELP AVOID?


    Many kinds. The risk of starting up and failing because
    the system doesnt perform as advertised. The risk of
    losing disappointed users. The risk of losing the
    business. The risk of the CTO/CIO getting fired.

    best practices tools

    AUTOMATED TEST TOOLS (ARROWS IN


    THE QA QUIVER)
    WHAT DO THEY DO
    They speed significantly all kinds of testing
    functionality, stress and failover. They allow one to
    simulate and test and understand bandwidth
    requirements. They can be licensed from multiple
    sources and take some time to learn how to use
    properly but well worth investigating.

    WHAT BUSINESS RISK DO THEY HELP AVOID?


    Many! Including but not limited to: speedier testing of
    new and revised software (time to market) and
    ensuring no system failure when running at maximum
    capacity.

    best practices tools

    VERSION CONTROL
    WHAT DOES IT DO
    Version Control (aka Change Management) keeps track
    of where (in which computers) each version of
    application and system software is running. Its
    methodology ensures that all preliminary steps
    required to verify the readiness of a new software
    version to go into production has been accomplished.

    WHAT BUSINESS RISK DOES IT HELP CONTROL?


    Mainly, that mission critical applications dont go down
    when new versions of application and system software
    are upgraded. It ensures that old versions of existing
    software will work as expected with the application
    version being upgraded, and that new features and bug
    fixes are actually implemented in new releases.

    best practices tools

    DISASTER RECOVERY (D/R)


    WHAT DOES IT INCLUDE
    First, D/R is not the same as failover. D/R is a
    capability to keep computer systems running at a backup data center with minor hitches when a
    catastrophe occurs at a primary data center.

    WHAT BUSINESS RISK DOES IT HELP CONTROL?


    Loss of data processing capability

    best practices tools

    BUSINESS CONTINUITY PLANNING


    (BCP)
    WHAT IS IT
    Its different than D/R, but clearly includes D/R. Its a
    strategy and plan to keep the business running by
    assuring that the people needed to run the business
    have required facilities and information provided to
    them quickly. A BCP is very inclusive and detailed and
    is a dynamic document with multiple accesses for
    instant availability.

    WHAT BUSINESS RISK DOES IT HELP AVOID


    Talk to anyone affected by 9/11

    IV. WHAT ARE OUR PANELISTS


    EXPERIENCES?

    QUESTIONS FOR PANELISTS


    1.
    2.
    3.
    4.
    5.
    6.

    What are your experiences with rapid


    application development tools?
    For those of you who do not use RAD, why
    not?
    Has the QA department ever saved your
    bacon?
    Is the role of the QA department clearly
    understood and appreciated?
    How do you do new application testing
    today?
    How have application testing tools helped
    you to be risk adverse?

    questions for panelists

    7.
    8.
    9.
    10.
    11.
    12.
    13.

    What network and security measures do you


    use?
    How do you effect version control in your
    company?
    Have you ever had a version control disaster?
    Does your firm have D/R plan .. and do you
    practice it?
    What effect did 9/11 have on your D/R
    focus?
    Who maintains the BCP in your firm?
    Did your firm have one on 9/11?

    You might also like