IntroductionWe different impacts of downtime. Business size
IntroductionWe all must have encountered that dreaded feeling when a due date is rapidly coming closer and disaster strikes, for example, a power blackout or your system breaking down. These issues can prompt productivity standstills, as well as wind up costing us a lot. As the director of a business, you must give your representatives the correct devices to be profitable. While it can be hard to avoid power outages, it is easier to maintain downtime issues. Through this assignment I would like to address the issues that are faced by an insurance company called Liberty mutual. Liberty Mutual Group, more commonly known by the name of its primary line of business, Liberty Mutual Insurance, is an American diversified global insurer, and the fourth-largest property and casualty insurer in the United States.It ranks 76th on the Fortune 100 list of largest corporations in the United States based on 2013 revenue. Based in Boston, Massachusetts, it employs over 50,000 people in more than 900 locations throughout the world. Even a prestigious companies like Liberty Mutual face downtime issues also know as network outage which is when the policies and quotes claimed by the customers don’t get uploaded to the database which is accessible for further references by the company staff.Downtime costs additionally fluctuate fundamentally inside industries, particularly because of the different impacts of downtime. Business size is the most clear factor, however it isn’t the just a single reason. Setting a measure implies building up the nature and implications of the failure.Risk Example and DiscoveryDiscovery of Business RisksA failure of a critical application can lead to a few types of losses:- Loss of the application service– the effect of downtime shifts with the application and the business. – Loss of information – the potential loss of information because of a network outage can have significant and money related effect.Presently everybody would agree that the present data centers should never go down, and applications ought to be accessible all day and all night, and internal as well as external end-clients overall should have the capacity to depend on data centers accessibility for basic information and application accessibility whenever. In any case, that doesn’t imply that inside the data centers, nothing ever truly stops. Whenever there is network outage the policies and quotes which are enrolled by the customers will not to loaded to the data base and even after the network is back there will be few information missing which will cause lot of issues. Business Objectives• Checks and balanceCode codes in programming advancement have turned into a best practice that is expanded code quality and altogether decreased blunders. IT groups ought to embrace a comparative survey for network changes.• MonitoringGuarantee systems are checked appropriately before any progressions are made and arrange cautions with the goal that IT groups can react rapidly if the health, accessibility or execution of a network is affected adversely following a change. • Keep things straightforwardA progression of changes influencing various parts of the IT foundation can make it hard to seclude and remediate mistakes. Break down massive changes into smaller, more manageable chunks that can be reverted atomically. • Build in space for blunderIT groups regularly proceed in taking off changes without considering how they will return to the past state. These groups ought to accept mistakes will happen, and make the activity get ready for tending to those blunders once they do. • Communication Any application impacted by changes should be notified of changes prior to their implementation.Network outage is something which is very unexpected and cannot to be avoided. But there are ways for planned network outage where the back up will be taken before the outage happens. IR Plan Description• Agency directorIn charge of data security in the office, for reducing risk exposure, and for guaranteeing the office’s exercises don’t acquaint undue hazard with the undertaking. The director likewise is in charge of guaranteeing consistence with state enterprise security policies, standards, and security activities, and with state and government regulations. • Incident response point of contactIn charge of speaking with State Incident Response Team (SIRT)and organizing office activities with SIRT in response to a data security incident.• Information ownerIn charge of making initial information classification, endorsing choices with respect to controls and access benefits, performing occasional renaming, and guaranteeing consistent audits for esteem and updates to oversee changes to chance.The measures which has to be taken care for preventing the network outage are• Evidence PreservationThe operations has to be restored and the evidence has to be preserved, this part is critical in incident response. During a network outage the policies and quotes which are not recorded has to be recorded and at the same time the errors has to be recorded. • Threat EradicationAfter an incident, efforts will focus on identifying, removing and repairing the vulnerability that led to the incident and thoroughly clean the system. To do this, the vulnerability needs to be clearly identified so the incident isn’t repeated. The goal is to prepare for the resuming of operations with confidence that the initial problem has been fixed.• Confirm that Threat has been EliminatedAfter the cause of the outage has been eradicated and information or related data is restored, it is basic to affirm all vulnerabilities have been effectively mitigated and that new dangers or vulnerabilities have not been introduced.• Resumption of OperationsResuming operations is an important decision, but it is important to see that the preceding steps to ensure it is safe to do so.• Post-incident ActivitiesAn analysis will be performed for all incidents after the effect. The analysis has to consist of meetings or reports. The purpose of the analysis should give participants an opportunity to share and document details about the incident and to learn the lessons. Within the one week of closing of an incident a meeting should be held.Technology Requirements• Human errorsThe human element the network outage can be caused because of human errors. • Incompatible changes?Network changes that are not properly evaluated are another common cause of incidents. The impact on the business varies.• Manual dependenceIT teams often manually find if the network is functioning properly after making a network change. • Predictive monitoringMonitoring helps in finding the network outage and helps in eradicating the threats.• Resolution timeThe resolving time has to reduced so that the results because of the outage will be minimum.InfoSec Risk ExampleNegative reputation impact- Loss of customer and or employee confidence- Disruption to business operations Due to network outage there will be a lot of negative reputation caused. If a consumer quotes for a policy and due to the network outage if it is not available than it might lead to negative reputation. As insurance is a really valuable one can ask for it will be a major issue in this case. Due to the network outage there might be loss of customer as well. When companies are measuring their customer turnover, they typically make the distinction between gross attrition and net attrition. Gross attrition is the loss of existing customers and their associated recurring revenue for contracted goods or services during a particular period. Net attrition is gross attrition plus the addition or recruitment of similar customers at the original location. Spontaneous outages are IT obligation to determine. Be that as it may, toward the day’s end they are, basically, business issues. Some portion of an exhaustive assessment process is ascertaining how much cash you will lose for every hour (or minute, or some other time augmentation of your decision) of downtime. For endeavors with income models that depend entirely on the server farms’ capacity to convey IT and systems administration administrations to clients –, for example, broadcast communications specialist co-ops and web based business organizations – downtime can be especially expensive, with the most noteworthy cost of a solitary occasion topping $1 millionLessons LearntOrganizations take eradicating loss by network outage a step further and deploy their systems using a multi-cloud architecture or a hybrid cloud architecture. Multi-cloud typically means subscribing with different cloud providers (e.g. Amazon, Azure, and Google), while hybrid cloud typically means deploying systems in public cloud and private (on-premise) infrastructures. Recommendations • Strengthen your shields. The first level of defense is ensuring firewalls are configured properly and systems are patched with the latest security updates. Will this prevent a successful attack? No, but ignoring these basics steps leaves organizations vulnerable.• Remain vigilant. Appropriately monitor firewalls and key systems in your network to detect abnormal events, including high connection counts and high CPU and bandwidth utilizations. These systems should be capable of alerting IT staff to abnormal network behaviors and events.Technology Solution It is the obligation of the network designer to ensure that a system blackout does not occur. When it happens, an all around planned framework will additionally lessen the impacts of a blackout by having confined blackouts which can be identified and settled as quickly as time permits. A procedure should be set up to identify a breakdown – arrange checking – and to reestablish the system to a working condition – this by and large includes an assistance work area group that can investigate an issue, one made out of prepared designers; a different enable work area to group is generally important with a specific end goal to handle client input, which can be especially requesting amid a downtime. A system administration network can be utilized to distinguish broken or corrupting segments preceding client protests, with proactive blame correction. Risk management techniques can be utilized to decide the effect of system outages on an association and what activities might be required to limit chance. Risk may be minimised by using reliable components, by performing maintenance, such as upgrades, by using redundant systems or by having a contingency plan or business continuity plan. Technical means can reduce errors with error correcting codes, retransmission, checksums, or diversity scheme.One of the greatest reasons for downtime is misconfiguration, where an arranged change turns out badly. Commonly associations depend on manual push to deal with the procedure of arrangement reinforcements, yet this requires exceptionally talented architects with an opportunity to deal with the procedure over a multi-merchant organize. Mechanization devices are accessible to oversee reinforcements, yet there are not very many arrangements that handle design recuperation which is expected to limit the general effect of the blackout.Communications ConsiderationsOutages and service interruptions are inevitable. No system has perpetually perfect uptime. For customer service teams, outages are both a tough day at the office and an opportunity to stand out.Several studies have shown that recovering well from a failure in service can lead to a higher customer satisfaction level than never having a failure at all — the “Service Recovery Paradox.”During the stress of a major service outage, it’s easy to forget that your customers are often in an even more difficult situation. They are impacted by the outage, but they also have far less information about what is happening. In many cases, they also have their own customers that are asking them for answers.By being an accurate, clear and timely source of information, you can reduce their stress significantly. Communication during an outage should:* Inform the customer: Let them know what is happening and what that means for them* Build their confidence: Let them know the situation is being taken seriously and actively worked on, so they can safely do other work in the meantime.Make your communication accessibleGreat communication starts by making sure your message can be received. Your artisanal, exquisitely handcrafted status message means nothing to people who never see it, so wherever you store your status updates, make sure your customers know where to look.* Link to your status page prominently in key locations like your contact us page, your support/operations Twitter account, and your help documentation.* During an incident, push out messages on your primary support channels, acknowledging the issue and linking people to the status page as the source of updates.* Keep your status page on separate infrastructure to minimize the risk of an incident taking down your service and status page at the same time.