MHA Consulting BCM Metrics Resiliency Through Measurement
|
|
- Sharlene Hall
- 6 years ago
- Views:
Transcription
1 0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu of Standards Trends in Today s Standards Reality in Today s Environment What Standard Do We Choose? MHA s Approach Tier 1 & Tier 2 Metrics Practical Application
2 Experience & Qualifications 2 Who We Are Leading boutique consulting firm since 1999 Provider of consulting services to Fortune 1000 companies across the USA Proven cross-industry experience in Business Continuity, Disaster Recovery and IT Optimization What We Do What Makes Us Different Business Continuity Planning Disaster Recovery Planning Physical Security Consulting Information Technology Optimization & Best Practices Data Center Moves & Relocations Experienced professionals that possess a unique blend of knowledge Experience combines focus, dedication and independence of a specialty firm Proven methodologies and tools Financial and management stability Domestic presence and deep skill-sets of the Big 4 or larger consulting firm MHA combines the strengths of the large consulting companies and independent alternatives without compromise Michael Herrera CEO, MHA Consulting Experience & Qualifications 3 MetroWaterDistrict
3 BCM Metrics 4 BCM Metrics If you don't know where you are going, any road will get you there. Lewis Carroll A Menu of Standards 5 1. British Standard (BS 25999) 2. National Fire Protection Act (NFPA) ASIS Organizational Resilience Standard 4. Disaster Recovery Institute International G.A.P. 5. Federal Financial Inst Examination Council (FFEIC) 6. International Std for Organization (ISO) Health Insurance Portability & Account Act (HIPAA) 8. Information Technology Infrastructure Library (ITIL) 9. North American Electric Reliability Council (NERC) 10.Business Continuity Institute (BCI) Good Practices
4 What do the Standards Address? 6 Management Oversight Budget Policy Threat & Risk Assessment Business Impact Analysis Recovery Strategy Development Business Continuity Planning Disaster Recovery Planning Crisis/Incident Management Training Testing & Validation Maintenance Trends in Today s Standards 7 1. Core objectives remain the same 2. Higher level of specificity and sophistication 3. Reflect lessons learned from major disasters 4. Address higher-level of customer/client expectations 5. Reflect greater demands of up-time and timely response 6. Permitting the BCM process to be more clearly auditable and certifiable
5 The Reality in Today s Environment 8 1. Too many standards; can be difficult to understand 2. Very few, if any, use standards and metrics at all 3. Most struggle with just choosing a standard 4. Many are under false security their program can recover or do not know where critical gaps exist 5. Management does not understand BCM standards 6. Compliance doesn t always mean you can recover your business 7. Auditors / customers are increasingly sophisticated in their line of questioning and understanding of BCM So Which One Should I Use? 9 Majority are specific to an industry or a company in a particular commission or entity. Determine if your company falls under requirement of any BCM regulations. Standards represent focuses such as ISO, ITIL, etc. There are standards and practices that cover overall BCM development and management without any single/specific focus, such as: British Standards: BS The Disaster Recovery Institute International (DRII): Business Continuity Planning Professional Practices
6 How MHA Implemented Metrics 10 Tier 1 & 2 Metrics Characteristics of Sound Metrics Persistent: Outcome of a given action at one time will be similar to the outcome of the same action at another time. 2. Predictive: There is a causal relationship between the action the statistic measures and the desired outcome. 3. Sound Metrics: Measure skills that are persistent Distinguish between skill and luck Predict the result you are seeking Source: Harvard Business Review The True Measure of Success Oct 2012
7 MHA s Approach Selected DRII Business Continuity Planning Professional Practices as our baseline. 2. Compiled a composite set of questions addressing overall BCM management. 3. Also incorporated questions from leading standards and practices (e.g., BS25999, NFPA 1600, etc.). 4. Its realistic for the majority, if not all, of the industries we work with and for today. 5. Easy to understand and implement. MHA s Approach Using DRII subject areas, we created two tiers of metrics to assess program compliance and capability: Tier 1 Assess underpinnings of the program Tier 2 Assess demonstrated ability to to recover 1. Created questions for each tier for the following subject areas: Program Administration Tier 1 Crisis Management Tier 1 and 2 Business Recovery Tier 1 and 2 Disaster Recovery Tier 1 and 2 2. Implemented weighting and compliance scoring for each question to permit measurement of performance.
8 MHA s Approach Each question consists of two parts: Critical Success Factor (CSF) Element critical to the service and maps to department objectives. Key Performance Indicator (KPI) Measures level of compliance with the CSF. 2. Added weighting and compliance scores: CSF Weighting: (6-Critical, 3-Moderate, 1-Low) KPI Compliance: (0-None, 1-Low, 2-Moderate, 3-Fully Compliant 3. Readiness Score & Level Multiplying the CSF weight time the KPI compliance scores gives you the readiness score for that question. Adding up all scores in an area gives you the readiness level for the subject area. Oversight Questions Sample CSF: Executive assigned as sponsor/owner of the BCM program. KPI: Assigned and regularly participating in active oversight of the program. 2. CSF: Executives assigned to provide management oversight function for the BCM program. KPI: Assigned and holding regular meetings to review BCM status, issues, etc. 3. CSF: Executives assigned to management oversight are representative of the organization. Executives include representation from key organizational departments, parts and KPI: functions 4. CSF: Dedicated internal or external resources assigned to implement the BCM program. KPI: BCM Office created, person(s) assigned and roles/responsibilities defined. 5. CSF: Dedicated internal or external resources actively managing the BCM program. BCM Office has sufficient authority and resources to actively manage and maintain the KPI: program 6. CSF: Dedicated internal or external resources assigned to implement the IT Disaster Recovery Planning (DRP) program KPI: IT DRP Office created, person(s) assigned and roles/responsibilities defined. 7. CSF: Dedicated internal or external resources actively managing the IT DR program IT DR Office has sufficient authority and resources to actively manage and maintain the KPI: program
9 BIA Questions Sample CSF: Business Impact Analysis studies conducted to determine impacts of an outage. KPI: Studies are conducted a minimum of every two years for each business unit. 2. CSF: Business Impact Analysis questionnaire is tailored to the organization. Questionnaire is consistent with industry best practices and the needs of the KPI: organization. 3. CSF: Business Impact Analysis questionnaire identifies the financial impacts of an outage. KPI: Quantitative impacts of not performing business processes over time are measured. 4. CSF: Business Impact Analysis questionnaire identifies non-financial impacts of an outage. KPI: Qualitative impacts of not performing a business process over time are measured. Business Impact Analysis questionnaire identifies critical systems and applications of the 5. CSF: organization. KPI: Critical systems and applications used by each business process are identified by the questionnaire. 6. CSF: Business Impact Analysis questionnaire identifies interdependencies. Internal and external business process interdependencies are identified by the KPI: questionnaire. 7. CSF: Business Impact Analysis questionnaire identifies Recovery Time Objectives (RTOs). The time to recover each business process and associated computer KPI: systems/applications is determined. Policy Questions Sample CSF: BCM policy is committed to best practices. KPI: Policy has statements to comply with accepted industry best practices and standards. 2. CSF: BCM policy is committed to continual improvement. KPI: Policy has statements to address risk prevention, reduction and mitigation. BCM policy is committed to alignment with organizational legal and regulatory 3. CSF: requirements Policy has statement(s) to comply with applicable organizational legal and regulatory KPI: requirements. 4. CSF: BCM policy is approved and maintained. Policy is approved by senior management, reviewed at regularly scheduled intervals KPI: and/or when significant changes occur. 5. CSF: BCM policy communicated to the organization. Policy existence and responsibility to comply with is communicated to all employees of KPI: the organization. C C C C C
10 Tier 1 Program Admin Metrics 18 Program Administration Metrics BCM Office BCM Policy Budget Oversight Metrics BIA Threat Assessment Exists, experience, training, certifications, etc. Documented, approved, enforced, maintained, etc. Line item, multi-year, appropriate, etc. Sponsor, oversight group, regularly meets, etc. Standard adopted, regular, approved, etc. Consistent with best practices, regular, approved, etc. Consistent with best practices, regular, approved, etc. Tier 1 Program Admin Metrics 19 Program Administration Metrics Recovery Strategies Recovery Exercises Aligned with BIA, management approved, realistic to needs, maintained, etc. Standardized approach, regularly scheduled, business process focused, etc. Maintenance Standardized, regular, approved, enforced, etc. Training & Awareness Multi-level, regular, approved, enforced, etc. Document Repository Secure, houses key documents, auditable, etc.
11 Tier 1 CM, BRP and DRP Metrics 20 Tier 1 CM, BRP and DRP Metrics Crisis Management Use team approach, enlists operational command centers, standardized plan, holds regular exercises, communication tools and plans, etc. Business Recovery Aligns with BIA, follows team approach, uses recovery strategy standards, enlists standard template, follows testing standards, etc. Disaster Recovery Aligns with BIA, follows team approach, uses recovery strategy standards, enlists standard template, follows testing standards, etc. How MHA Implemented Metrics 21 Sample Tier 1 Questions & Reporting
12 Tier 2 CM, BRP and DRP Readiness Metrics 22 Tier 2 CM, BRP and DRP Metrics Crisis Management Command Center Readiness, Notification System Readiness, Level of Mock Exercise Performed, Training Readiness, Supply Readiness, etc. Business Unit Recovery Plans BIA Completed, Plan Documented, Level of Exercise Performed, Training Readiness, Supply Readiness, etc. Disaster Recovery Plans BIA Completed, Plan Documented, Level of Infrastructure/Application Exercise Performed/Demonstrated, RTO/RPO Met, etc. Summary Standards Pick one that works for your organization. You may need to create your own tool. 2. Tier 1 Metrics Assesses underpinnings of the program. Does not assess true recovery capabilities. 3. Tier 2 Metrics Assesses recovery capability of key components (Crisis Management, Business Recovery, Disaster Recovery). Requires additional in-depth objective assessment of these areas. 4. Past Experiences Tier 1 versus Tier 2. Be prepared for pushback or less than truthful answers.
13 24 MHA Consulting Applying Tier 2 Metrics to Disaster Recovery Presented by: Michael Herrera, CBCP March, MHA MHA Consulting All All Rights Rights Reserved. Reserved. Applying Tier 2 DR Metrics Agenda 25 Traditional Metrics Metrics that Make a Difference Implementing Tier 2 Metrics Management Reporting Conclusion
14 Disaster Recovery Program Metrics Two Types of Metrics Basic and Advanced 2. Basic Metrics Examples % age of Applications that have Test Plans % age of Applications Tested w/in RTO Targets % age of Applications Backed Up 3. Advanced Metrics Measures Overall Health, Usefulness and Reliability of the Recovery Program Basic DR Metrics Examples 27
15 MHA s Approach Built advanced metrics to assess Overall Health, Usefulness and Reliability of the DR Program. 2. Assess infrastructure and application recoverability. 3. Present dashboard of recoverability for management. 4. Its realistic for the majority, if not all, of the industries we work with and for today. 5. Easy to understand and implement. Advanced Metrics Examples 29
16 Advanced Metrics Infrastructure Infrastructure Risk Infrastructure Yellow Zone Infrastructure Red Zone 0.0 Q Q Q Q Infrastructure Period Risk Red Zone Yellow Zone Q Q Q Q Metrics that Make a Difference 31 Tier 2 DR Infrastructure / Application Readiness Metrics Recovery Site Established, connected, tested, in or out region, integrated with CM and SDLC, etc. Network Storage Data Management Desktop Images Can recover voice/data, sized properly, capacity tested, time to switch, etc. Capacity met, performance adequate, no capacity issues, etc. Offsite copies, replicated updates, in-synch with business, etc. Image available, maintained, integrated with CM & SDLC.
17 Metrics that Make a Difference 32 Tier 2 Infrastructure/Application Readiness Metrics Application Access Unlimited access by IT and business, VPN and otherwise, no performance degradation, capacity tested, etc. Systems at Recovery Site Adequate equipment, integrated with CM & SDLC, sizing, performance, etc. Security at Recovery Site Application Recovery Plans Physical and logical security in place and operational. BIA Completed, Plan Documented, Level of Application Exercise Performed, RTO/RPO Met, Training Readiness, integrated with CM and SDLC, etc. MHA Metric Implementation 33 Sample Tier 2 Questions & Reporting
18 Generating Advanced Metrics Infrastructure 34 Generating Advanced Metrics Infrastructure 35
19 Generating Advanced Metrics Applications 36 Generating Advanced Metrics Applications 37
20 Metrics that Make A Difference 38 EXECUTIVE DASHBOARD These metrics present a real world picture of your recovery capability based on what is in place and been exercised. Implementing Tier 2 Metrics 39 Internal Team Support 1. DR Coordinator 2. Data Backup & Offsite Storage 3. Data and Voice Network 4. Storage 5. Desktop 6. Infrastructure 7. Applications
21 Implementing Tier 2 Metrics 40 Create Assessment Questions STORAGE Level 0: Level 1: Level 2: Level 3: Level 4: Level 5: Insufficient Storage Exists at Recovery Site for a Complete Restore of all Data Sufficient Storage Exists, But Restore Times Takes Too Long to Meet RTO Objectives Sufficient Storage Exists, Restore Times Meets RTO Objectives, Performance of Storage Less Than Adequate Sufficient Storage, Restore Times Meet RTO, Performance Adequate, Cannot Meet Daily Backup Requirements Sufficient Storage, Restore Times Meet RTO, Performance Adequate, Daily Backups Meet Requirements, Near or At Capacity Sufficient Storage, Restore Times Meet RTO, Performance Adequate, Daily Backups Meet Requirements, No Capacity Issues Implementing Tier 2 Metrics 41 Create Assessment Questions
22 Implementing Tier 2 Metrics Create Questions for Each Area to be Measured. 2. Measure Compliance for Each Area. 3. Weight Questions Based on Importance. 4. Calculate Maturity Levels. 5. Create Simplistic Graphs to Show Capability. Reporting the Results 43 Key Considerations 1. Produce One Page Executive Dashboard 2. Create Supporting Detail Reports as Needed 3. Weight Questions Based on Importance 4. Zero in on Red and Yellow Zone Issues 5. Teach Management to Focus on Tier 2 6. Be Prepared to Defend Your Analysis 7. If You Spend A lot of Dollars and the Metrics Show Low Capability, Figure Out What is Wrong! 8. If You Don t Spend A lot of Dollars and the Metrics Show Low Capability, Ask for More Money in the Key Areas that are Weak
23 Metrics that Make A Difference 44 EXECUTIVE DASHBOARD TIER 2 DISASTER RECOVERY METRICS These metrics present a real world picture of your recovery capability based on what is in place and been exercised. Further Questions? 17 If you have questions about what we ve covered or BCM related inquiries, please call or Michael Herrera Phone: herrera@mha-it.com
BCM Program Development
BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationUsing ITIL to Measure Your BCP
Using ITIL to Measure Your BCP 1 Agenda ITIL v3 Overview Why Use ITIL ITIL Continual Improvement Process Critical Success Factors and Key Performance Indicators Creating Metrics Scoring System Sample BCP
More informationDeciphering Overlapping Standards and Requirements, Using the BCP Genome
Deciphering Overlapping Standards and Requirements, Using the BCP Genome Disaster Recovery Journal Webinar Series February 13, 2013 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationHENRY EE, FBCI, CBCP
10 Things You Should Know When Reimagine Your ERM With BCM Program 27 July 2016 Presented by : Henry Ee, FBCI, CBCP, ISO22301 LA, Fellow of Business Continuity Institute (FBCI) Certified Business Continuity
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic
ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationBuilding a BC/DR Control Library and Regulatory Response Program
Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance
More informationSFC strengthens internet trading regulatory controls
SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with
More informationSession 5: Business Continuity, with Business Impact Analysis
Session 5: Business Continuity, with Business Impact Analysis By: Tuncay Efendioglu, Acting Director Internal Oversight Division, WIPO Pierre-François Gadpaille, Audit Specialist (Information Systems),
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationHow to Conduct a Business Impact Analysis and Risk Assessment
How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic
ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationInfocomm Professional Development Forum 2011
Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience
More informationPECB Change Log Form
GENERAL INFORMATION Owner / Department* Approver / Department * Training Development Department Quality Assurance Department Date of Approval* 2019-01-09 Course name: Language: New Version: Previous Version:
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationNetwork Performance, Security and Reliability Assessment
Network Performance, Security and Reliability Assessment Presented to: CLIENT NAME OMITTED Drafted by: Verteks Consulting, Inc. 2102 SW 20 th Place, Suite 602 Ocala, Fl 34474 352-401-0909 ASSESSMENT SCORECARD
More informationWeighing in on the Benefits of a SAS 70 Audit for Third Party Administrators
Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More information7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network
7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network Business Impact Analysis A Regional Perspective Presented by Lim Sek Seong Vice President Sek_Seong@BCM-Institute.org
More informationHow to Derive Value from Business Continuity Planning
How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, 2011 1 BCM Challenges BCM funding is limited
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationDisaster recovery strategic planning: How achievable will it be?
April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationIntroduction to Business Continuity Management
Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationHIPAA RISK ADVISOR SAMPLE REPORT
HIPAA RISK ADVISOR SAMPLE REPORT HIPAA Security Analysis Report The most tangible part of any annual security risk assessment is the final report of findings and recommendations. It s important to have
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationRic Mims, itsmf Houston LIG and HDI Houston
Ric Mims, itsmf Houston LIG and HDI Houston Currently Service Delivery Specialist at BP America in Global Operations 25 years in IT Service Support Industry Local chapter officer for HDI Houston and ITSMF
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationUsing International Standards to Implement a Business Continuity Management System (BCMS)
Using International Standards to Implement a Business Continuity Management System (BCMS) Dr. Abdulrahman AlEnezi Dr. Fawaz AlEnezi Eng. Maryam AlRadhwan Dr. Sultan AlEnezi Agenda Introduction Business
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationWhy the Cloud is Changing the Face of DR
Why the Cloud is Changing the Face of DR Janson Hoambrecker Director of World Wide Cloud Incubation Services EVault, Inc., a Seagate Company 2012 EVault, Inc. All Rights 1 Upgrading DR Capability Seen
More informationBusiness Resiliency in the Cloud: Reality or Hype?
Business Resiliency in the Cloud: Reality or Hype? Karen Jaworski Senior Director, Product Marketing EVault, a Seagate Company 8/10/2012 2012 EVault, Inc. All Rights Reserved 1 Who is EVault? Cloud-Connected
More informationContents. Chapter 3: Chapter 4: Critical Server Ranking Classifying Systems for Recovery Priority Mission-Critical Only, Please...
Chapter 1: Building a Disaster Recovery Plan The Need...... 1 The Need............................ 3 Plan for All Types of Disasters................ 11 Reasons for Planning.................... 13 Let s
More informationImplementing a Global Business
GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationBusiness Continuity Planning
Information Systems Audit and Control Association www.isaca.org Business Continuity Planning AUDIT PROGRAM & INTERNAL CONTROL QUESTIONNAIRE The Information Systems Audit and Control Association With more
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10
More informationUnderstanding Cyber Insurance & Regulatory Drivers for Business Continuity
Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber
More informationImplementing a BCM Programme
Implementing a BCM Programme EPICC Vancouver BC April 2009 Russ Stewart UK Head of Continuity Safety & Security Europe KPMG LLP Russell.stewart@kpmg.co.uk 1 Implementing a BCM Programme Lots of good stuff
More informationAre Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments
Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments Who am I? Bobby Williams is the Director of IT Resiliency Planning
More informationInformation Security Risk Strategies. By
Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationBest Practices & Lesson Learned from 100+ ITGRC Implementations
Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview
More informationISO 27001:2013 certification
www.pwc.ch/cybersecurity ISO 27001:2013 certification Building confidence in your digital future Our approach to certification PwC offers a four-phase approach to help with your ISO 27001 project, using
More informationDell helps you simplify IT
Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationDisaster Recovery Self-Audit
Disaster Recovery Self-Audit Disaster Recovery Audit There are 3 steps to this process: 1. Identify all data and IT-related functions (like credit card processing, documents on your file server, member
More informationBusiness Continuity Risk Management IT Service Continuity
Business Continuity Risk Management IT Service Continuity The Three Musketeers All for one, one for all Author: Athol Culpan, Isaacs George and Ray Botardo Agenda Introductions Athol Culpan Case Study
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationBuilding the Business Case for Emergency Notification
Building the Business Case for Emergency Notification Presented by Michelle Gjerde, Marketing Director Amcom Software The Big Picture The fast growing BCM software market includes four components: Business
More informationMaximizing IT Security with Configuration Management WHITE PAPER
Maximizing IT Security with Configuration Management WHITE PAPER Contents 3 Overview 4 Configuration, security, and compliance policies 5 Establishing a Standard Operating Environment (SOE) and meeting
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationSecurity Metrics Establishing unambiguous and logically defensible security metrics. Steven Piliero CSO The Center for Internet Security
Security Metrics Establishing unambiguous and logically defensible security metrics Steven Piliero CSO The Center for Internet Security The Center for Internet Security (CIS) Formed - October 2000 As a
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationFive Key Considerations for Selecting Cloud Recovery Services
Five Key Considerations for Selecting Cloud Recovery Services Looking for a cloud-based solution for backup and recovery? Here are some important things to keep in mind when interviewing providers. By
More informationPolicy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures
More informationRejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009
Rejuvenating BCM - Infrastructure Business Continuity Awareness Week 23 27 March 2009 Brigitte Theuma MBCI, CBCMMA, CBCMP, CBCITP, MIAEM 23 March 2009 Total of 5 pages Table of Contents I. ICT Service
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationDR Planning for SMBs. E-Guide
E-Guide Improving DR plans is always top of mind for storage professionals at small and medium sized organizations. This guide provides storage pros with the necessary information to improve the effectiveness
More informationHITRUST Common Security Framework - Are you prepared?
ALLINIAL HITRUST Common Security Framework - Are you prepared? Michael Kanarellis, HITRUST CCSFP May 17, 2017 MEMBER OF PKF ALLINIAL NORTH GLOBAL, AMERICA, AN ASSOCIATION AN OF LEGALLY OF LEGALLY INDEPENDENT
More information