Fri Apr 8 06:47:17 PDT 2016

Redundancy: Interdependencies: How is redundancy applied to interdependent mechanisms?


Options:

Option 1: Interdependencies should be ignored.
Option 2: All components and systems should be treated equally.
Option 3: Only internal dependency analysis should be undertaken.
Option 4: Interdependency analysis and proper planning for interdependencies should be done.

Basis:

Interdependencies should be ignored.
If no business continuity or disaster planning is done, it is likely that no interdependency analysis will be required either because the time and effort spent in analysis will not be applied to provide for recovery or continuity, and this is typically the most important reason to apply it.

All components and systems should be treated equally.
In cases where risk levels are spread amongst all systems and capabilities relatively equally, there is no requirement to do specific analysis of different components or their interdependencies. Rather, everything can be treated uniformly, with redundancy for one component implying the need for redundancy for all. While this will give an imprecise solution, it is reasonable and saves time and effort that would be spent in analysis on redundancy.

Only internal dependency analysis should be undertaken.
For enterprises that are largely outsourced or have only external dependencies on larger or more reliable entities than themselves, contract mechanisms should be relied upon to provide the necessary level of assurance for external dependencies and only internal dependency analysis should be done.

Interdependency analysis and proper planning for interdependencies should be done.
Analysis of interdependencies should indicate risk aggregations, timeliness, and other requirements that apply to those resources, and the redundancy analysis for each of the interdependent items should be provided for according to their redundancy requirements.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved