How to Derive Value from Business Continuity Planning
|
|
- Doreen Strickland
- 5 years ago
- Views:
Transcription
1 How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, BCM Challenges BCM funding is limited or shrinking BCM doesn t have organizational commitment BCM is targeted for reductions Economic Downturn Continuity 2
2 BCM Drivers Release Cycle/ Change Process Development Testing Prod. Implementation DR Exercise Y/ Y DR Exercise Cycle 2. Recovery System Risk Exposure BCM Drivers BCM updates tied to tests or exercises BCM managed as an annual project 2-4+ weeks Plan Update Exercise Publication Risks: services and systems s are always ays changing g BC/DR plans and environments remain unchanged waiting for a an exercise date or a project deliverable 3 BCM Approach Plan To Pass Audits & Meet Regulatory Compliance Poor Investment Embrace Audits & Exceed Regulatory Compliance Valuable Investment 4
3 Plans BCM Approach - Siloed Practices Risk Crisis Disaster Recovery Continuity Disjointed Lacks Integration Enbroiled in Politics 5 Plan Execution and Coordination Planning is focused on How to build the plan We don t focus on How to execute the plan Execute on the Fly Chaos Stress Impacts 6
4 Continuity (BCM) Program Risk (RM) BCM BC Program Governance and Continuity (BC - work area recovery) Crisis/ Emergency (CM/EM) Disaster Recovery (DR - system recovery) Each organization is unique Different levels of responsibly Each BCM Program is at a different level of maturity BCM is a long journey 7 Continuity Planning Cycle Maintain Assess Maintain Readiness Test/Exercise BCM Planning Cycle Prioritize Address Changes Implement Approve Plan Train Personnel 8
5 Focus of Today's Discussion D 2011 BCM Governance J F M A M J J A S O D 2012 J D Oversight of BCM Program Sets Direction and Expectations Buy-in and Endorsement 2011 BCM Planning Cycles BCM Planning Cycles 1.Pre-Cycle 2.Planning Cycle 3.Post-Cycle J F M A M J J A S O D 2012 J Planning Processes and Procedures Deliverables and Time Tables Planning Cycles for BCM (CM, BC, DR) 96 Continuity Pre-Cycle 10
6 BCM Program Governance BCM Governance Continuity Steering Committee Ownership Responsibility Commitment BCM Strategic Direction Educate Metrics Reporting Structure 11 BCM Ownership and Execution Ownership Corporate IT Headquarters Headquarters Europe Asia Pacific Latin America Finance Coordination Regional Coordinators (Secondary) Marketing Sales Customer Services HR Legal IT Division Coordinators (Primary) Facilitation Continuity Planners Continuity Planners BC Plans CM Plans DR Plans Continuity 12
7 Continuity Pre- Cycle Timeline D 2011 Continuity Oversight J F M A M J J A S O D 2012 J BC Steering BCM Objectives 2011 Cycle Deliverables 2011 Cycle Communication D 2011 Continuity Planning Cycles J F M A M J J A S O D 2012 J Develop 2011 Cycle Def. Cycle Kickoff Objectives Processes Meetings with Develop Coordinators Tools Planning Strategies Templates Metrics 13 Continuity Planning Cycle 14
8 Crisis/Emergency (CM/EM) Crisis/Emergenc y (CM/EM) of incident Assessment perspective otification & Assembly Communications Decisions - Activation Life Safety - First Response Crisis 15 Value of Crisis/Emergency CM Organization & Plans Enterprise-wide Assign responsibilities Setup Command Centers Train people Practice roles and procedures ational Incident System (IMS) 16
9 Crisis Planning Strategies Office Type Corporate and Core Offices Regional and Select Offices (Offices with significant # of people/operations) Crisis Team Assigned* - Corporate Incident Response Team (CIRT) - Local Incident Response Teams (LIRT) - Initial Assessment Teams (IAT) - Local Incident Response Teams (LIRT) - Initial Assessment Teams (IAT) Smaller Offices Initial Assessment Teams (IAT) * Based on ICS Structure 17 Crisis Cycle Matrix Deliverables Corporate/Co re CIRT/LIRTs Regional/Selec t LIRTs Smaller IATs Due Dates CIRT/LIRT otification Tests During exercises CIRT/LIRT Functional Group Training CIRT/LIRT Scenario Based Exercise Apr Sept Y 8 30 Dallas 04/15 SF 10/20 LIRT Self Exercise May Aug IAT otification Tests Mar, Jun, Sept IAT Training Mar Jul IAT Exercises/Self Exercises May Sept 18
10 Continuity Planning (BC) Continuity (BC - work area recovery) service function Department People Processes & procedures Information Function Function Function Function Service DR System DR System DR System Systems/applications Technology Dependencies Customers 3rd parties/vendors 19 Value of Continuity Protection of critical assets Access to critical Customer information Continuity communications (BC - work area recovery) Interdependencies Recovery locations process analysis Process improvement Office Infrastructure 20
11 BC Planning Strategies Office Type Corporate/Core Offices BC Planning Levels BC planning at business function level Regional and Select Offices BC planing at department level Smaller Offices Plan Criticality Essential Plans Deferred Plans BC planing at office level Recovery Times and Facilities Critical business functions RTO < 7 days Recovery facilities pre-established Less critical business functions >7 days) o recovery facilities established 21 Continuity Planning Cycle Deliverables Core Key Small Start Date End Date Impact Analysis (BIA) Review (Ess/Def) Y Y Y 1-Mar 31-Mar BIA Sign-off by Senior Leader Y Y Y 1-Mar 31-Mar Plan Review/Update (Ess/Def) Y Y /A 1-Apr 30-Jun Continuity Manual Review/Update /A Y Y 1-Apr 30-Sep Plan Roster Review/Update (Ess/Def - Qrtly) Y Y Y Jan, Apr, Jul, Oct Work From Home Validation (Ess/Def) Y Y Y 15-Mar 31-Jul Team Activation Exercise (Ess/Def) Y Y Y 1-Apr 30-Sep Plan Walkthrough Exercise (Ess/Def) Y Y /A 1-Apr 30-Sep Recovery Site Exercise (Ess only) Y /A /A Office-1: Jun 21/Sep 13 Office-2: May 17/Aug 7 Office-3: Jun 1/ ov
12 Continuity Planning Cycle Continuity Planning Cycle M A M J J A S O BIA Reviews BIA Sign-offs Plan Review/Updates BC Manual Review/Updates W-F-H Validation Alternate Site Functional Exercise Team otification Tests Plan Walkthrough Exercises Alternate Site Functional Exercise Roster Updates Quarterly End-user Training 23 Disaster Recovery (DR) Planning Disaster Recovery (DR - system recovery) Primary Site Cost Reductions Alternate Site DR Strategy Shared Disk Shared Disk DR Testing etworks Data Backup 24
13 Value of Disaster Recovery Reduce recovery objectives Reduce loss of data Primary Site DB Live Switches Less Planned Outages Co-processing Virtualization Cloud Computing Alternate Site DB Improve Utilize DR system design resources Enhance operating flexibility 25 DR Planning Strategies Data Centers Planning & Exercises Primary Data Center (Internal Control) Co-location Data Center Outsourced Processing DR Plan Criticality Tier 1 Systems Tier 2 Systems Tier 3 Systems - Full DR plans Tier 1& 2 systems - Full functional exercises Tier 1 systems - DR plans for Tier 1&2 systems - Coordinated DR exercises with provider - DR plans oversight and evaluation Recovery Times and Facilities Critical systems RTO = 0-3 days Hot recovery site established Critical systems RTO = 4-14 days DR plans developed, Warm recovery site Critical systems RTO = >14 days o recovery site established 26
14 Disaster Recovery Planning Cycle Deliverables Tier 1 Tier 2-3 Start Date End Date System Impact Analysis (BIA) Review (Tier 1, 2 & 3) Y Y 1-Mar 31-Jul BIA Sign-off by Tech Owner and Owner Y Y 1-Mar 31-Jul Recovery Plan Reviews 1-Apr 31-Oct Y Y Technical Recovery Manual Review/Update Y Y 1-Sept 31-Oct Plan Roster Review/Update (Quarterly) Y Y Jan, Apr, Jul, Oct Team Activation Exercise Y Y 1-Apr 30-Sep Plan Walkthrough h Exercise Y Y 1-Apr 30-Sep Disaster Recovery Exercise (Tier 1) Y /A Primary DC: Jun /Sep Secondary DC: May/Aug Secondary DC: Jul/ Oct Remote DC: Aug Remote DC: July 27 Continuity Cycle Timeline D Continuity Oversight 2011 J F M A M J J A S O D 2012 J BC Steering ew Requirements Escalations to D Continuity Planning Cycles 2011 J F M A M J J A S O D 2012 J Manage CM, BC, DR Planning Cycles 2012 Budgets and Plans Crisis Planning Cycle Continuity Planning Cycle Technical Recovery "DR" Planning Cycle 28
15 Continuity Planning Post-Cycle 29 BCM Metrics Gain commitment Show readiness Meet compliance Below Expectations < 6.0 Partially Meets Expectations 6.0 to < 8.0 Meets Expectations
16 Build Measurements into Cycle Action plan underway: Establish BRP Ownership Build management relationships Enhance Continuity it Plans Practice & test plans Below Expectations < 6.0 Partially till Meets Expectations tti t to < Meets Expectations Measurements Based on BCM Cycles Crisis Cycle Matrix Deliverables Corporate/C ore CIRT/LIRTs Regional/Sel ect LIRTs Smaller IATs Due Dates Continuity it Cycle Matrix CIRT/LIRT otification i Tests During exercises CIRT/LIRT Functional Group Deliverables 1 Core 1 Key 0 Small Apr Sept Start Date End D Training Impact Analysis (BIA) Review (Ess/Def) Y Y Y 1-Mar 31-M CIRT/LIRT BIA Sign-off Scenario by Senior Based Leader Disaster Recovery Y Y Cycle Y 1-Mar Matrix May & Oct 31-M Exercise Deliverables Tier 1 Tier 2-3 Start Date Plan Review/Update System Impact (Ess/Def) Analysis (BIA) Review (Tier 1, 2 & 3) Y Y /A Y 1-Mar 1-Apr 30-J Continuity BIA Sign-off Manual by Tech Review/Update Owner and Owner /A Y Y 1-Mar 1-Apr 30-S LIRT Self Exercise May Aug IAT otification Tests Mar, Jun, Sept Plan Roster Recovery Review/Update Plan Reviews (Ess/Def - Qrtly) Y Y Y 1-AprJan, Apr, Jul, Oct Technical Recovery Manual Review/Update Y Y 1-Sept IAT Training Mar Jul Work From Home Validation (Ess/Def) Y Y Y 15-Mar 31-J IAT Exercises/Self Exercises May Sept Team Activation Plan Exercise Roster Review/Update (Ess/Def) (Quarterly) Y Y Y Jan, 1-Apr, Jul, Oct 30-S Plan Walkthrough Exercise (Ess/Def) Y Y /A 1-Apr 30-S Recovery 32 Team Activation Site Exercise Exercise (Ess only) Y /A Y /A Y 1-Apr Office-1: Jun 21/Sep
17 BCM Inculcation System Project Define Requirements Design and Develop System Perform System and Integration Testing Implement Production System Continue to Maintain the Recovery System & Environment Perform BIA Update Recovery Matrix Design and Develop Recovery Capabilities Implement Recovery Capabilities Contingency Exercise Suite Perform Exercise Assessment Integrate into Contingency Exercises Test Recovery Capabilities and Develop Plans Assimilation Repeatability Reduces Politics 33 Redesign Testing & Exercise Requirements Redesign Testing Requirements System Release Cycle Requirements Design Development Testing Production Recovery System Analysis Plan Update System Update Process Recovery Test Recovery System Update Process Modify Exercise Program Recovery System Analysis Meetings Recovery Plan Updates Procedure Validation Owner sign-off on recovery status Modify exercise approach to focus on Core Services Conduct Ad-hoc DR Exercises (limit size and scope) Test DR Plans for Deferred Systems 34
18 Maintenance Processes and Cycles Reliable information EtblihShdl Establish Schedule Define responsibilities Dynamic Significant Volume of Data Automate Reuse data - single source Develop Streamline Processes 35 Continuity Post-Cycle Timeline D 2011 Continuity Oversight J F M A M J J A S O D 2012 J BC Steering BOD Endorsement D 2011 Continuity Planning Cycles J F M A M J J A S O D 2012 J Develop 2011 Reports Develop 2012 Objectives Emergency Planning Cycle Recovery Planning Cycle Technical Recovery "DR" Planning Cycle Maintenance Cycles Plan and Exercise Evaluations 36
19 Value of BCM Planning Cycle Continuity Program Defines measurable BCM requirements Inculcates BCM practices into business culture Provides mechanism to educate BCM Sets BCM deliverables into business cycles Makes BCM processes consistent & repeatable Leads to BCM Program Maturity 37 Continuity Cycle - Full Timeline D Continuity Oversight 2011 J F M A M J J A S O D 2012 J BC Steering 2011 Objectives 2011 Cycle Deliverables 2011 Cycle Communication ew Requirements BC Steering BC Steering BOD Endorsement Escalations to D Continuity Planning Cycles 2011 J F M A M J J A S O D 2012 J Develop 2011 Cycle Def. Cycle Kickoff Objectives Processes Develop Tools Planning Strategies Templates Metrics Manage CM, BC, DR Planning Cycles 2012 Budgets & Plans Emergency Planning Cycle Recovery Planning Cycle Technical Recovery "DR" Planning Cycle Maintenance Cycles Develop 2011 Reports Develop 2012 Objectives Plan and Exercise Evaluations 38
20 Randall J. Till, MBCP Till Continuity Group
Session 5: Business Continuity, with Business Impact Analysis
Session 5: Business Continuity, with Business Impact Analysis By: Tuncay Efendioglu, Acting Director Internal Oversight Division, WIPO Pierre-François Gadpaille, Audit Specialist (Information Systems),
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationImplementing a Global Business
GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationImplementing a BCM Programme
Implementing a BCM Programme EPICC Vancouver BC April 2009 Russ Stewart UK Head of Continuity Safety & Security Europe KPMG LLP Russell.stewart@kpmg.co.uk 1 Implementing a BCM Programme Lots of good stuff
More informationInfocomm Professional Development Forum 2011
Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience
More informationBuilding a BC/DR Control Library and Regulatory Response Program
Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationDisaster recovery strategic planning: How achievable will it be?
April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationIntroduction to Business Continuity Management
Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services
More informationMHA Consulting BCM Metrics Resiliency Through Measurement
0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More informationUsing ITIL to Measure Your BCP
Using ITIL to Measure Your BCP 1 Agenda ITIL v3 Overview Why Use ITIL ITIL Continual Improvement Process Critical Success Factors and Key Performance Indicators Creating Metrics Scoring System Sample BCP
More informationWHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA
WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY Integrating Resiliency into Our Culture and DNA Table of Contents Executive Summary.... 3 Background.... 4 Charter.................................................................4
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationKeeping it Simple Driving BCM Program Adoption Through Simplification
Keeping it Simple Driving BCM Program Adoption Through Simplification This case study will discuss how Time Warner Cable has redesigned the BCM program to focus on simplicity in planning and preparation
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationPECB Change Log Form
GENERAL INFORMATION Owner / Department* Approver / Department * Training Development Department Quality Assurance Department Date of Approval* 2019-01-09 Course name: Language: New Version: Previous Version:
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationBCM Program Development
BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationSecrets to Success! Accountability in Global Organizations. Marisa Rogers & Jenifer Garone, Microsoft Ruby Zefo, Intel
Secrets to Success! Accountability in Global Organizations Marisa Rogers & Jenifer Garone, Microsoft Ruby Zefo, Intel AGENDA Accountability at the top Accountability across the business Assessments & Reporting
More informationMid-Market Data Center Purchasing Drivers, Priorities and Barriers
Mid-Market Data Center Purchasing Drivers, Priorities and Barriers Featuring Sophia Vargas, Forrester Research Inc. 30 May 2014 Introducing today s presenters: Matt Miszewski Senior Vice President of Sales
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More information7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network
7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network Business Impact Analysis A Regional Perspective Presented by Lim Sek Seong Vice President Sek_Seong@BCM-Institute.org
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationData Governance Quick Start
Service Offering Data Governance Quick Start Congratulations! You ve been named the Data Governance Leader Now What? Benefits Accelerate the initiation of your Data Governance program with an industry
More informationHow to Conduct a Business Impact Analysis and Risk Assessment
How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda
More informationDHS Overview of Sustainability and Environmental Programs. Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs
DHS Overview of Sustainability and Environmental Programs Dr. Teresa R. Pohlman Executive Director, Sustainability and Environmental Programs DHS Mission DHS Organization Getting to Know DHS Mission: Secure
More information10 Reasons Why Your DR Plan Won t Work
10 Reasons Why Your DR Plan Won t Work Jim Damoulakis CTO, GlassHouse Technologies, Inc. Sept. 29, 2005 DR Vision Imagine Prepared to handle multiple categories of disaster Clearly documented policies
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10
More informationISE Canada Executive Forum and Awards
ISE Canada Executive Forum and Awards September 19, 2013 "Establishing a Cost Effective PCI DSS Compliance Program by Having a Can Do Attitude Della Shea Chief Privacy & Information Risk Officer Symcor
More informationTechnical Recovery Planning
Technical Recovery Planning Statistics NEDRIX 2006 Annual Conference Business Continuity 52 offices in 26 countries 258 Business Continuity Plans 260 Business Continuity Manager (BCM) / Alt BCM / Team
More informationBest-in-Class Crisis Preparation: Maximize Readiness with the Four T s. Business Continuity Readiness Overview
Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s Robert Edson Vice President, Global Sales and Marketing Business Continuity Readiness Overview Business Continuity Management (BCM)
More informationOVERVIEW BROCHURE GRC. When you have to be right
OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationServiceNow knowledge 2016
ServiceNow knowledge 2016 Resiliency Navigator: an integrated approach to resiliency point of view May 2016 Agenda Introduction to resiliency Integrated solution to resiliency Aligning the business from
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity
More informationIT Audit Process Prof. Liang Yao Week Six IT Audit Planning
Week Six IT Audit Planning IT Audit Planning Process Institute of Internal Audit Standards - Section 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities
More informationDisaster Recovery Webinar August 11, 2015
Disaster Recovery Webinar August 11, 2015 SPEAKERS Marcelo Oliveira, Product Director, Cable & Wireless Marcelo has several years of experience in Information Technology, having worked with organizations
More informationRSA Advanced Cyber Defence Summit
Lee Edge Head Archer Business UK&I RSA Advanced Cyber Defence Summit London 30-April-2015 1 64% 8% 2014 Gartner CEO and Senior Executive Survey: 'Risk-On' Attitudes Will Accelerate Digital Business. 2
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationTABLE OF CONTENTS ONLY IT Resiliency Benchmarking Report
TABLE OF CONTENTS ONLY IT Resiliency Benchmarking Report Prepared by BC Management, Inc. October 2016 Benchmarking. Plan Ahead. Be Ahead. Data collected between July September 2016 Table of Contents Reporting
More informationWriting a business continuity plan according to ISO Presenter: Dejan Kosutic
Writing a business continuity plan according to ISO 22301 Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationNORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives
NORTH CAROLINA MANAGING RISK IN THE INFORMATION TECHNOLOGY ENTERPRISE NC MRITE Nominating Category: Nominator: Ann V. Garrett Chief Security and Risk Officer State of North Carolina Office of Information
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationNorth American Portability Management, LLC LNPA Transition Contingency Rollback. Industry Working Session January 16 th, 2018
North American Portability Management, LLC LNPA Transition Contingency Rollback Industry Working Session January 16 th, 2018 Agenda Resubmission Aid Issue 2 Refinements and updated plan Decision Process
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationEQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING
EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING BUSINESS CONTINUITY EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES The key to every successful Business Continuity Solution
More information34% DOING MORE WITH LESS How Red Hat Enterprise Linux shrinks total cost of ownership (TCO) compared to Windows. I n a study measuring
WHITEPAPER DOING MORE WITH LESS How shrinks total cost of ownership (TCO) compared to Windows I n a study measuring the TCO of Windows and servers, Red Hat Enterprise platforms exhibited 34% lower annual
More informationUnderstanding Cyber Insurance & Regulatory Drivers for Business Continuity
Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber
More informationHow to Embed BCP: A Strategic Roadmap. Content
How to Embed BCP: A Strategic Roadmap A Case Study May 10, 2006 Kate Willis, Global Business Continuity Manager Nike, Inc. Content Company History & Profile Development Strategy Future State Development
More informationSan Francisco Department of Public Health. IT and Epic Project Update
San Francisco Department of Public Health IT and Epic Project Update Health Commission, April 16, 2019 IT: Infrastructure Accomplishments Sweeping Improvements Across DPH Thousands of devices are Epic
More informationSFC strengthens internet trading regulatory controls
SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with
More informationFlorida State University
Florida State University Disaster Recovery & Business Continuity Planning Overview October 24, 2017 1 Key Readiness Questions Has your department identified the business functions and infrastructure that
More informationFederal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan
Federal Data Center Consolidation Initiative (FDCCI) Workshop I: Initial Data Center Consolidation Plan June 04, 2010 FDCCI Workshop I Agenda for June 4, 2010 1. Welcome Katie Lewin GSA Director Cloud
More informationEARTH Ex 2017 Middle Planning Conference
EARTH Ex 2017 Middle Planning Conference 20 April 2017 Emergency All-sector Response to Transnational Hazards Exercise 23 August 2017 1 EARTH Ex 2017 MPC Sector Objectives Review EARTH Ex Plan, Concepts
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationAUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationINTERNAL AUDIT DIVISION REPORT 2017/138
INTERNAL AUDIT DIVISION REPORT 2017/138 Audit of business continuity in the United Nations Organization Stabilization Mission in the Democratic Republic of the Congo There was a need to implement the business
More informationProject Management Pre-Implementation Project status reporting Post Implementation Assessment Phase Solidify Project Scope
Project Management 321 days 10/22/01 01/30/03 Pre-Implementation 14 days 10/22/01 11/08/01 Detailed Scope / Deliverable definition 5 days 10/22/01 10/26/01 Complete Work Breakdown Structure 1 day 10/22/01
More informationBusiness Continuity An Integral Part of Risk Management At Constellation Energy
Business Continuity An Integral Part of Risk Management At Constellation Energy World Disaster Management Conference Toronto, Canada June 19, 2006 Robert W. Cornelius Director Business Continuity Operating
More informationState of Florida Enterprise
State of Florida Enterprise E-mail Florida House of Representatives Appropriations Committee October 6, 2011 AGENCY FOR ENTERPRISE INFORMATION TECHNOLOGY David Taylor, Executive Director Coleen Birch,
More informationAre Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments
Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments Who am I? Bobby Williams is the Director of IT Resiliency Planning
More informationEnsuring Stability to our Rapidly Changing (DR) World. Larry Heck October 7, 2014 Case Study
Ensuring Stability to our Rapidly Changing (DR) World Larry Heck October 7, 2014 Case Study What cards have you been dealt? Problem Statement 1 mile between datacenters No clear visibility of DR program
More informationThe Project Charter. Date of Issue Author Description. Revision Number. Version 0.9 October 27 th, 2014 Moe Yousof Initial Draft
The Project Charter Project Title: VDI Data Center Design and Build Project Sponsor: South Alberta Data Centers Inc. (SADC Inc.) Project Customer: The City of Calgary Project Manager: Moe Yousof Document
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationHow ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016
How ISO 22301 helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016 Copyright SP PowerGrid Ltd Threat Threat 1 Threat 2 Organisation Threat 3 2 Threat - Terrorist actions ST 19Mar16
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationBusiness Continuity Management System 2016 Management WE CUSTODY TODAY THE VALUE OF TOMORROW
Business Continuity Management System 2016 Management Index DCV Objectives - Definitions Corporate Governance Continuity Management Vision DCV Evolution and Business Continuity Methodology Business Impact
More informationDISASTER RECOVERY PRIMER
DISASTER RECOVERY PRIMER 1 Site Faliure Occurs Power Faliure / Virus Outbreak / ISP / Ransomware / Multiple Servers Sample Disaster Recovery Process Site Faliure Data Centre 1: Primary Data Centre Data
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationREPORT 2015/186 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/186 Audit of information and communications technology operations in the Secretariat of the United Nations Joint Staff Pension Fund Overall results relating to the effective
More informationBC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology?
BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology? Executive Director Business Continuity Services April 1, 2008 2008 Development Company, L.P. The information contained herein
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationREPORT 2015/010 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/010 Audit of information and communications technology strategic planning, governance and management in the Investment Management Division of the United Nations Joint
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationGreen Governance Growth
G3 Data Centers Green Governance Growth DELIVER MORE WITH LESS The economic downturn changed the dynamics of the business world. It shifted the measure of success, driving companies to rethink how they
More information2 The IBM Data Governance Unified Process
2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.
More information