Risk management is the practice of identifying, monitoring, and limiting risks to a manageable level. It doesn’t eliminate risks, but instead identifies methods to limit or mitigate them. The amount of risk that remains after managing risk is residual risk.
Senior management is ultimately responsible for residual risk—the amount of risk that remains after mitigating risk. Management must choose a level of acceptable risk based on the organization’s goals. They use a variety of tools and metrics to identify the risks, and then decide what resources (such as money, hardware, and time) to dedicate to manage the risk.
Some of the common metrics they use are:
- Mean time between failures (MTBF)
- Mean time to failure (MTTF)
- Mean time to recover (MTTR)
What is Failure?
These metrics are important to understand when evaluating the failure rate of critical business systems. Typically, a critical business system will have multiple redundancies in place to ensure it stays operational even after a fault occurs. In other words, critical systems can tolerate faults without actually failing.
If a server has one hard drive, and the one hard drive fails, the server fails. This is a system failure.
However, if a server has a redundant array of independent disks 6 (RAID- 6), and one drive fails, the server continues to operate. This is not a system failure.
Mean Time Between Failures (MTBF)
The mean time between failures (MTBF) metric provides a measure of a system’s reliability and is usually represented in hours. More specifically, the MTBF identifies the average (the arithmetic mean) time between failures.
Higher MTBF numbers indicate a higher reliability of a product or system. Administrators and security experts attempt to identify the MTBF for critical systems with a goal of predicting potential outages.
Mean Time to Failure (MTTF)
The mean time to failure (MTTF) is the length of time you can expect a device to remain in operation before it fails. It is similar to MTBF, but the primary difference is that “between” in the MTBF metric indicates you can repair the device after it fails.
In contrast, the MTTF metric indicates that you will not be able to repair a device after it fails. It is permanent. For example, the MTTF of a power supply within a server indicates how long the power supply may last before it fails and needs to be replaced.
Mean Time to Recover (MTTR)
The mean time to recover (MTTR) identifies the average (the arithmetic mean) time it takes to restore a failed system. In some cases, people interpret MTTR as the mean time to repair, and both mean essentially the same thing.
Organizations that have maintenance contracts, such as service level agreements (SLEs), often specify the MTTR as a part of the contract. The supplier agrees that it will, on average, restore a failed system within the MTTR time.
The MTTR does not provide a guarantee that the supplier will restore the system within the MTTR every time. Sometimes it may take a little longer and sometimes it may be a little quicker, with the average defined by the MTTR.
MTBF, MTTF, MTTR Summary
As a short summary these metrics are:
- Mean time between failure (MTBF) – provides a measure of a system’s reliability and identifies the average time between failures. It is often used to predict potential outages with critical systems.
- Mean time to failure (MTTF) – the length of time you can expect a device to remain in operation before it fails. It indicates failure is permanent, while MTBF indicates it can be repaired.
- Mean time to repair (MTTR) – the average time it takes to restore a failed system.
No comments:
Post a Comment