Crisis

Leadership

Business Continuity

Technology & Operations

Critical Incident

Cyber Information

Security

KeyBank Presents Critical Incident at itSMF

2

KeyBank Presents Critical Incident at itSMF

Engage Business Continuity & Cyber Security as needed

3

KeyBank Presents Critical Incident at itSMF

4

Metrics: Add (not reduce) Value

Some measures can drive undesirable results through behavior

• SLA in Incident Response can introduce risk

• Focus on missing a targeted restoration instead of the restoration itself

• Reduction of Risk assessment to hurry if approaching a deadline

• Wait if assumption is an easy fix

• Ownership is blame over opportunity & knowledge

• Risk of unidentified trends when looking at Enterprise metrics cut into parts of the whole

The Right Metrics & Goals

• Enterprise Level Measures for Process Maturity & Improvement

• Critical Incident Response is an ASAP while managing risk model through removal of the term “SLA”

• Focus on restoration• Risk is weighed against potential

restoration efforts• Decisions for business not

numbers• Ownership is opportunity to better

support a line of business• Trend Analysis remains to identify

trouble areas• Reporting & Analysis is moving to

impact over cause to improve reliability of platforms as a whole

KeyBank Presents Critical Incident at itSMF