The Eight Questions – Resilience in Software-Based Systems

by

Click here to access the PDF version of this article

This issue of The Eight Questions addresses challenges and helps avoid harmful, yet common, practices in deploying and managing critical software-based solutions.  The key is to ensure the operational continuity and resilience of these systems which are critical to day-to-day operations and compliance.

We are often asked by senior business leaders: “How do I know my critical software-based systems are resilient?”

Although that can be a loaded question, here are eight questions to be the starting point for an intelligent and valuable conversation.

  1. How are new system capabilities developed, documented, demonstrated, verified, and refined to proactively reduce risk in production systems?
  2. How is the requirement for stable security systems and services balanced against the desire to deliver enhanced services, capabilities, and value to the organization?
  3. What departments within the company are involved in the ongoing assurance of our critical systems through the system lifecycle?  How are those relationships functioning, and what is being done to maximize the health of those departmental relationships?
  4. What is the basis of confidence that proposed updates/ changes to operation systems, applications, and hardware are verified before being applied to the production environment?
  5. Explain to me how we are applying appropriate levels of cyber and physical protection to our critical software-based and network-connected systems.
  6. How are critical production security systems and services physically and logically isolated from unrelated business systems, services, and infrastructure?
  7. How are user access/privileges to critical systems granted, managed, and maintained?  Is the process role-based, or involving individual assignments?
  8. Explain how your solution plans address all aspects of your systems life-cycle:  installation, upgrade, enhancement, maintenance patches, and replacement.

Butchko, Inc. is an invaluable resource to proactively assess programs and assist leaders in answering these critical questions. We do this using the disciplined and success-driven Butchko Solutions Process.