ServiceNow knowledge 2016
|
|
- Amy Heath
- 5 years ago
- Views:
Transcription
1 ServiceNow knowledge 2016 Resiliency Navigator: an integrated approach to resiliency point of view May 2016
2 Agenda Introduction to resiliency Integrated solution to resiliency Aligning the business from end to end EY and ServiceNow s Resiliency Navigator EY resiliency team s culture of helping clients Getting started with the Resiliency Navigator Business and information technology (IT) executives see value Appendix A: EY resiliency case studies Appendix B: Team biographies Appendix C: Enablers and accelerators Page 1 ServiceNow knowledge 2016
3 Introduction to resiliency Resiliency is the process of making sure that critical infrastructure elements are designed to minimize disruption to business functions and mitigate the productivity impact. Unfortunately, resiliency methodologies may contain significant gaps, thereby increasing operational risk. As a result, regulatory focus has shifted to include both business and technology resiliency capabilities to better identify the risk of dependencies across resources, assets and technology. Industry risk trends Enterprise risk definitions and severity ratings are not consistently applied Inconsistent method to understand resiliency, such as misaligned top-tier application RTOs Inability to confirm validity of severity rating changes Resiliency testing and analysis reports with insufficient confirmation data Regulatory community focus Response plans: Businesses invest in developing documentation to support the response process rather than testing operating documents Response plan and testing appear to occur in silos within the line of business or function Impact analysis does not reveal the severity of dependencies across resources, assets and technology Proof of capability: Businesses (environments) do not conduct true integrated testing that forces business, operations and technology to come together simultaneously to determine gaps and risks Tests seem to focus on short timelines (0 4 days) and not on tiered 0 30 business days to understand impact on productivity, consumers, and resiliency of the enterprise Page 2 ServiceNow knowledge 2016
4 Integrated solution to resiliency Effective resiliency management involves a shift from isolated technology focal areas to a broader, enterprise-wide operational effort, incorporating critical key business functions. Regulatory and industry resiliency challenges call for a more robust, integrated solution, that leverages existing configuration management databases (CMDB), enabling risk identification with the enterprise resiliency framework. Challenge Integrated resiliency solution Value add Making certain resiliency processes remain aligned with business rules Applying a consistent resiliency riskrating methodology Providing document confirmation for each resiliency rating High business impact to execute resiliency testing and reporting Business rules are systematically integrated across all resiliency calculations through an easy-to-use dashboard Risk rating definition and thresholds are set at the enterprise level and automated during resiliency testing and reporting Risk ratings require supporting documentation and management rating approval signatures Reduced resource requirements due to automated testing and reporting functionality Business risk alignment Accuracy of resiliency planning Entry management Bidirectional validation capabilities Consistent and repeatable resiliency methodology and processes Page 3 ServiceNow knowledge 2016
5 Aligning the business from end to end Effective technology and business resiliency management requires defined linkages between all business functions and the technology service provider to support that function. Insufficient mapping of business functions with the technical counterparts could result in resiliency being defined vertically, with the potential of incorrect reporting of varying risk-rating methodologies. As displayed below, an integrated resiliency solution can enable an organization to understand more than just its risk exposure, including its operational risk. People Procedures Assets Technology Business continuity information Governance, risk and compliance information Skill Quantity Location Requirements Manual Procedures Operating Methods Communications Facilities Transport Equipment Service Operations Application Services Infrastructure Criticality Rating Criticality Rating Criticality Rating Criticality Rating Disaster recovery information Technical configuration information Governance, risk and compliance information Business continuity information Disaster recovery information Technical configuration information Various solutions providing risk ratings under differing methodologies Systems produce reports and dashboards in silos based on the solution s ability to integrate with other systems Provides a view into the technology enablement layer as a service composite that provides an end-to-end service Ability easily to integrate leading practices, such as ITIL V3, COBIT 5 and quality-of-service concepts Page 4 ServiceNow knowledge 2016
6 EY and ServiceNow s Resiliency Navigator The Resiliency Navigator analyzes service, application, technology, financial, governance, risk and compliance information based on customizable business rules and draws meaningful conclusions to help organizations strengthen and manage their IT environment. The Resiliency Navigator, coupled with the powerful visualization and scenario modeling capabilities of ServiceNow, can help you reduce the complexity of your IT infrastructure. Page 5 ServiceNow knowledge 2016
7 EY resiliency team s culture of helping clients Our team understands that resiliency comes down to maintaining a minimal business impact from unusual business conditions. Our approach is collaborative in nature working with business lines to determine their goals, while assessing technology capabilities to confirm the goals are achievable across all interdependencies, both internal and external to the organization regardless of the industry. Understand the health of your risk programs Industries Automotive Financial Health care Insurance Review the programs that enable response capability including business continuity, disaster recovery, incident response and crisis management Link the risk definitions and business function exposures with the program and compliance and standards guidelines (regulatory and industry leading practices) Review response capability with respect to unusual business conditions Operational and technology resiliency mapping and analysis Establish clear linkage between a business function and the services provided to support that function: Establish risk and resiliency index Map the people, assets and resource needs, and the interdependencies Identify operational endurance to sustain productivity Identify the technology application service suites: Identify the application services and underlying components Map all interdependencies and validate resiliency variables Perform scoring and identify mismatch of components across tiers Continuous improvement and validation Iterative reconciliation of service performance against resiliency ratings Integrate disaster recovery failover test results to identify desired to achievable recovery timeline challenges Map failure mode probability Implement resiliency improvements How ServiceNow can help you Provides a single solution to enter all of the risk ratings of all service provided components Allows for all business areas to rate their risk under a consistent methodology Iterative updates allow for users to see how changes affect overall risk ratings immediately Automated ranking of critical components Identification of resource risks associated with high-riskranked assets Customizable mapping of dependencies across resources, assets and business functions Immediately integrate lessons learned from reporting findings Conduct preliminary reports to identify regulatory and operational gaps Provides increased accountability for improvement integration Page 6 ServiceNow knowledge 2016
8 Getting started with the Resiliency Navigator The Resiliency Navigator is able seamlessly to integrate with existing ServiceNow functions and leverage existing data to execute a consistent risk-rating methodology. Identifying critical key business functions is the first step to getting started, followed by collecting business requirements based on enterprise-level risk rating definitions. The Resiliency Navigator then uses all of this information through the CMBD platform for provide risk ratings to all components, which then can be leveraged to map resource and asset requirements based on business needs or risk criticality. Map business functions to operating structures and assets Business functions identify risk ratings of their components Business continuity information Disaster recovery information Identify resiliency score and dependencies Map resources and asset requirements based on need People Resources Configuration information Performance dashboard and reports Governance, risk and compliance Page 7 ServiceNow knowledge 2016
9 Business and IT executives see value Value to CIO Accuracy of data entry and risk rating accountability Certainty or providing consistent functionality to business functions Ability to seize benefits in technology breakthroughs to reduce IT costs Consistent risk-rating framework for managing resiliency reviews and reporting Value to C-suite Regulatory compliance and increased internal reporting functionality Centralized methodology with a standardized resiliency definition and risk-rating process Alignment of business rules with the resiliency program Improved response capability of the business environment Value to CFO Long-term saving opportunities through consecutive improvement Shortened analysis and reporting schedules with increased accountability Centralized mechanism to measure resiliency improvement results and value Ability to better understand return on investment of resiliency funding and technology investments Page 8 ServiceNow knowledge 2016
10 Appendix A EY resiliency case studies Page 9 ServiceNow knowledge 2016
11 Case study Disaster recovery program, application services resiliency, and operational endurance review Client Client issue Key elements of work Benefits to client American multinational financial services corporation While this was a disaster recovery program review, the focus was on resiliency and maturity of the environment, specifically the inscope application services. Absence of application and infrastructure dependency mapping to provide end-to-end resiliency and recoverability Complex and mature environment with HA across sites Application in formation stored in multiple repositories but data quality and currency remain a big challenge Lack of consistency, completeness and quality of existing technical recovery documentation across the landscape Lack of a more granular and robust BIA process, including capturing the requirements for recovery point objectives Disaster recovery program, application services resiliency and operational endurance review EY used resiliency mapping methodology as the base to evaluate the resiliency and improvement opportunities for the application services environment across data centers Mapped the end-to-end application service, along with upstream and downstream dependencies, via a series of cross-functional meetings that included application service owners Used the EY BURN Enabler Tool to analyze data from TAI, SIMS, DNA and other sources, and Operations data based on interviews to perform a resiliency analysis Mapped the entire technology stack to HA configurations to identify gaps and opportunities Conducted a resiliency analysis of 23 applications and identified potential risk of not being able to meet the desired RTO of the primary application, based on the dependency mapping analysis and recovery tier mismatches Identified opportunities for improvement but found several that need to be executed by teams or areas other than enterprise disaster recovery, but impact the resiliency and recovery capabilities Established a governance and oversight mechanism that enables the clear articulation of requirements, raises concerns for discussion, and obtains direct feedback from key stakeholders about resiliency and operational endurance issues Established a framework to link critical business applications and supporting risk and severity ratings through to the technical components Page 10 ServiceNow knowledge 2016
12 Case study Business resiliency mapping Client Client issue Key elements of work Benefits to client Top 20 global bank No central repository, categorization or catalog of assets (including type, function and dependency) Business owners did not identify dependencies or productivity loss impacts over time to understand true risk exposure Resource requirements (facility, seating, equipment) were not maintained by area and relocation, causing oversubscription or critical assets were not identified due to assumptions that another group would make the asset available Business resiliency mapping Employed our proprietary Resiliency Analysis Model to map the four critical lines of business and conducted an analysis Mapped the business process value chain and supporting people, resource and asset requirements Mapped the recovery timeline to the asset availability, volumes and dependencies to calculate variances and establish resiliency scores and validated against data collected by the BIA Established a framework to conduct tabletop tests to confirm gaps and areas of risk exposure Defined options to provide effective staffing and resource (facilities, transport, equipment, etc.) availability in tiered timeline to support resiliency for 30 business days Client had a prioritized risk-andresiliency-rated matrix of business functions with recovery or asset gaps and potential risk exposure points Business owners were able to understand workload transfer capability and corresponding productivity changes over the duration of planned for outage serving as a resource shortage guide Business was able to focus on specific business functions to bolster access to asset and resource requirements and options based on tiered timeline through 30 days Client was unable to effectively identify areas of deficiency Page 11 ServiceNow knowledge 2016
13 Case study Business resiliency capability assessment Client Client issue Key elements of work Benefits to client Top 10 insurance firm Operations in each region and country worked in isolation, managing and contracting their own resources and assets No single program structure to support and promote consistency across the global enterprise Heavy investment in real estate and supporting equipment, forcing the business to rely on moving people instead of the workload across the landscape Regional operations center did not communicate with local offices to define workload volumes and absorption needs Each region and location performed testing in isolation Business resiliency capability assessment EY performed program assessment review based on a resiliency framework, culminating in two country-level tabletop tests Mapped critical business functions and corresponding risk exposures Reviewed information and granularity of the BIA and identified desired recovery timelines, which were then validated against the asset launch to operability timelines Established a resiliency framework to identify recovery variances and exposures by function and asset, including incremental requirements based on a tiered timeline Established a framework for a table-top test and conducted test to verify and confirm gaps in the current program Established an opportunities for improvement road map Risk office had a stratified opportunities for improvement and a resiliency improvement deployment road map used to obtain funding and support from the board of directors Business owners became aware of major gaps and specific actions to take to make certain there was adequate support for high risk locations, based on the resiliency index Enterprise crisis management was provided a single view of all asset requirements, forecasted utilization, and associated productivity loss rates for a 35-day business cycle Program was extended to mapping the technology resiliency supporting the business functions reviewed Page 12 ServiceNow knowledge 2016
14 Appendix B Team biographies Page 13 ServiceNow knowledge 2016
15 Biographies Paul Sussex Principal Technology Strategy Tel: Dan Stavola Executive Director Enterprise Service Automation Tel: Background Paul Sussex is a principal in the IT Advisory Services practice of Ernst & Young LLP. Paul works on complex IT transformation programs, helping clients improve how their IT capability adds value to their business, delivers efficiently and manages risk. Paul has extensive experience in IT infrastructure and operations, identity and access management (IAM), IT service management and IT risk management disciplines. Paul has more than 20 years of professional services experience working with Fortune 100 companies in the financial services industry. Selected experience: Engagement lead for an IT Service Management transformation program for a major financial service company resulting in more than $250 million in cost savings. Paul led a global team to identify business and technical requirements and defined an IT strategy to transform the IT organization from a product-orientated to a services-oriented provider. Developed a leading practice IT process framework and supporting metrics to promote standardized processes, tool consolidations and operational efficiencies. Engagement leader for a post-merger IT integration program for a major financial services company integrating IT infrastructure and operations. Designed, help implement and led program management functions to manage network, desktop and application integration (with zero client interruption) of more than 120,000 end-user devices in five countries. Led a project team to assess IAM infrastructure, processes and capabilities. The team also defined the future state operating model and multiyear road map to achieve maturity objectives, decrease risk and reduce overall cost. Background Dan Stavola is an executive director in Ernst & Young LLP s Strategic Technology Advisory Services practice, where he is responsible for the design and delivery of infrastructure and operations-based advisory services. As a practice leader and IT operations professional with more than 24 years of experience, Dan has worked with leading global financial services firms in the design and delivery of IT performance improvement programs, leveraging his deep industry knowledge and the pragmatic application of industry standards and leading practices. Selected experience: Served as the engagement lead and principal architect of a multiyear major IT transformation program. Focused on improving IT operations performance, the program consisted of current state operational assessment and base line, rationalization of all dimensions of IT resulting in cost rationalization, operating model redesign, IT optimization across the IT organization and a governing continuous improvement program. Served as the engagement lead in a data center consolidation of a banking and capital markets firm acquisition. The project included pre- and post-merger support, rationalization of technology and investment governance, as well as migration and consolidation of IT operations and application and infrastructure technologies. Served as the engagement lead and principal architect of a program risk management office for a highly complex data center separation for a banking and capital markets firm divestiture. The project included both project risk governance, investment protection and post-separation operational risk management Page 14 ServiceNow knowledge 2016
16 Biographies Nazir Vellani Senior Manager Tel: Luke Miller Manager Financial Services Advisory Tel: Background Nazir Vellani is a senior manager in Ernst & Young LLP s Advisory Services practice and has more than 22 years of technology and business consulting experience with a proven ability in business process reengineering, risk and resiliency, business continuity, disaster recovery strategy and planning, IT strategies and transformation, cost optimization and cloud computing focusing on leveraging current and emerging technologies for the financial and high-tech service industries. Selected experience: His recent project work includes teaming with the CIO and the senior executive team at a multinational financial services company to design and develop the enterprise level risk and resiliency operating model and business continuity program in alignment with the objectives set by the risk office. Provided program oversight for the development of the enterprise business continuity program strategy to obtain regulatory and audit compliance in Latin America and Asia- Pacific. Nazir has experience as a program director responsible for evaluating, developing and advising on an enterprise-level resiliency program focused on establishing operational endurance and designing supporting applications and infrastructure environments for resiliency, including responding to extreme cybersecurity breaches and events. He has served as an engagement director responsible for evaluating and establishing a strategy for a three-year $48 million operational resiliency program with a focus on linking the business process risk index with the underlying application services technology architecture. Background Luke Miller is a manager in Ernst & Young LLP s Advisory Services practice with more than 13 years of industry experience with a focus on technology strategy and transformation, risk and resiliency, and business continuity and disaster recovery planning and deployment. His career has spanned multiple lines of business within the financial services environments, where he has participated in disaster recovery failover tests, risk and resiliency assessments. In addition, Luke is able to combine his background and experience in infrastructure and data center architecture to deploy effective risk and resiliency models. Selected experience: Senior consultant responsible for assisting a global bank with the most extensive branch network in the US designing and developing a strategy for a data center facilities risk and resiliency model and framework. Primary focus was on developing the framework, scoring methods, and designing the operational model to be used by the global business continuity and risk group. Senior consultant for several private equity firms performing IT audits with specific focus on disaster recovery strategy and planning, including scripting and auditing the test failover of the environment. Performed IT audit according to the EY disaster recovery audit and fail-over risk and resiliency methodology using a 40-point validation program. Developed all required audit scoring and management reports for review and sign-off by the applicable risk and audit associates. Supported the design and development of an operating model focused on improving the overall resiliency of shared services to mitigate risks and failure points. Developed the operating model processes and subprocesses, including the deployment and sustainability guide. Page 15 ServiceNow knowledge 2016
17 Biographies Ben Winfrey Manager FSO Technology Strategy Tel: Background Ben Winfrey is a manager in Ernst & Young LLP s Financial Services Organization with more than eight years of industry experience in technology strategy and transformation, business continuity and disaster recovery planning and deployment, and isolated recovery services. Ben has participated across multiple industry lines including Insurance, retail banking, and the trading environments, where he has participated in IT audits, disaster recovery failover tests, and risk and resiliency reviews and assessments. Using his prior infrastructure and operations experience, Ben has participated in design for resiliency exercises using regulatory and industry leading standards including FFIEC, OCC, FINRA, ISO 27001, 22301, ITIL V3, and COBIT5. Selected experience: Leading a project to design, develop and deploy a framework to evaluate capital markets test criteria to meet and respond to a current MRA from the OCC to include governance, policies, collateral and an enablement tool to determine test criteria For a top-five retail bank, supported the design and development of an IT resiliency operating model to establish a tiered quality of service framework to support and enable overall service delivery and operations. Focused on defining the target state resiliency thresholds and developing the standard operating procedures and supporting process guides. Supported IT and business continuity and disaster recovery audit exercises, including the review and development of the risk control matrix, scoring method and validation of effective test controls aligned with the GAAS principles. Supported the development of a standard audit toolkit and business continuity and disaster recovery audit operating model and methodology for a large insurance firm located in Peoria, IL Designing an isolated recovery services strategy framework to prove the sequencing and certification method required to restore T0 and T1 enablement layers from an extreme data loss condition Page 16 ServiceNow knowledge 2016
18 Appendix C Enablers and accelerators Page 17 ServiceNow knowledge 2016
19 EY s resiliency enablers Resiliency accelerator Business function alignment Resources and technology supporting component alignment Six Sigma mapping and FMEA methodologies EY and ServiceNow Resiliency Navigator Page 18 ServiceNow knowledge 2016
20 EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US Ernst & Young LLP. All Rights Reserved ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com
Copyright 2016 EMC Corporation. All rights reserved.
1 BUILDING BUSINESS RESILIENCY Isolated Recovery Services NAZIR VELLANI (ERNST & YOUNG) & DAVID EDBORG (EMC GLOBAL SERVICES) 2 PRESENTERS Nazir Vellani (EY) Senior Manager Tel: +1 214 596 8985 Email: nazir.vellani@ey.com
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationIntroduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services
When it comes to GDPR compliance, is OK for now enough? EY CertifyPoint s GDPR certification process will help you achieve and demonstrate compliance. Minds made for protecting financial services Introduction
More informationStep 1: Open browser to navigate to the data science challenge home page
Step 1: Open browser to navigate to the data science challenge home page https://datascience.ey.com/ Step 2: Logging in You will need to create an account if you are a new user. Click the sign up button
More informationISACA Cincinnati Chapter March Meeting
ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview
More informationEY s data privacy service offering
EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world Introduction Data privacy encompasses the rights and obligations
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSafeguarding unclassified controlled technical information (UCTI)
Safeguarding unclassified controlled technical information (UCTI) An overview Government Contract Services Bulletin Safeguarding UCTI An overview On November 18, 2013, the Department of Defense (DoD) issued
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationEY Norwegian Cloud Maturity Survey 2018
EY Norwegian Cloud Maturity Survey 2018 Current and planned adoption of cloud services EY Norwegian Cloud Maturity Survey 2018 1 It is still early days for cloud adoption in Norway, and the complexity
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationEY Consulting. Is your strategy planning for the future or creating it? #TransformativeAge
2018 Ernst & Young Advisory. All rights reserved. Graphics studio France 1802SG1267. ED 04082018 EY Consulting Is your strategy planning for the future or creating it? #TransformativeAge The better the
More informationDemonstrating data privacy for GDPR and beyond
Demonstrating data privacy for GDPR and beyond EY data privacy assurance services Introduction The General Data Protection Regulation (GDPR) is ushering in a new era of data privacy in Europe. Organizations
More informationMHA Consulting BCM Metrics Resiliency Through Measurement
0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu
More informationDanish Cloud Maturity Survey 2018
Danish Cloud Maturity Survey 2018 Current and planned adoption of cloud services Danish Cloud Maturity Survey 2018 1 Early days for cloud adoption with concerns for security and expertise, and complexity
More informationConvergence of BCM and Information Security at Direct Energy
Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationIf you were under cyber attack would you ever know?
If you were under cyber attack would you ever know? EY and Los Alamos National Laboratory introduce a shift in cybersecurity strategy and bring behavioral analytics inside Asking behavioral questions inside
More informationAchieving effective risk management and continuous compliance with Deloitte and SAP
Achieving effective risk management and continuous compliance with Deloitte and SAP 2 Deloitte and SAP: collaborating to make GRC work for you Meeting Governance, Risk and Compliance (GRC) requirements
More informationDisaster recovery strategic planning: How achievable will it be?
April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationEY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services
EY Norwegian Cloud Maturity Survey 2019 Current and planned adoption of cloud services Contents 01 Cloud maturity 4 02 Drivers and challenges 6 03 Current usage 10 04 Future plans 16 05 About the survey
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationREPORT 2015/149 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/149 Audit of the information and communications technology operations in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationOVERVIEW BROCHURE GRC. When you have to be right
OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationHow to Conduct a Business Impact Analysis and Risk Assessment
How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationVMware BCDR Accelerator Service
AT A GLANCE The rapidly deploys a business continuity and disaster recovery (BCDR) solution with a limited, pre-defined scope in a non-production environment. The goal of this service is to prove the solution
More informationDeveloping your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)
Developing your GDPR response for competitive advantage EU General Data Protection Regulation (GDPR) Introduction In May 2018, the EU s new GDPR ushers in unprecedented levels of data protection for EU
More informationWhat s new in EY Atlas. November 2018
November 2018 EY tlas is regularly evolving and being enhanced to make your experience with the tool even better. This document highlights the new features and enhancements made since EY tlas was launched
More informationBuilding a BC/DR Control Library and Regulatory Response Program
Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance
More informationCYBERSECURITY AND THE MIDDLE MARKET
CYBERSECURITY AND THE MIDDLE MARKET The Importance of Cybersecurity and How Middle Market Companies Manage Cyber Risks IN COLLABORATION WITH 2 Concerns about cybersecurity are not matched by plans. IMPORTANCE
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationAN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION
WHITE PAPER AN APPLICATION-CENTRIC APPROACH TO DATA CENTER MIGRATION Five key success factors Abstract IT organizations today are under constant business pressure to transform their infrastructure to reduce
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationFifteen Best Practices for a Successful Data Center Migration
Fifteen Best Practices for a Successful Data Center Migration Published: 6 March 2017 ID: G00324187 Analyst(s): Henrique Cecci Data center migrations are often complex and risky. These best practices will
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More informationForensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services
Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More informationCyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services
Cyber Diligence EY Deals Forum 2018 Ian McCaw EY Transaction Advisory Services Finance & Commercial Diligence 2 B COMPANY: Power Life INDUSTRY: ENERGY REVENUE: 192m EBITDA: 875k (35% growth in 5 years)
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationCASE STUDY: RELOCATE THE DATA CENTER OF THE NATIONAL SCIENCE FOUNDATION. Alan Stuart, Managing Director System Infrastructure Innovators, LLC
CASE STUDY: RELOCATE THE DATA CENTER OF THE NATIONAL SCIENCE FOUNDATION Alan Stuart, Managing Director National Science Foundation s New Headquarters in Alexandria, Virginia 1. Introduction to the National
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationOptimisation drives digital transformation
January 2017 Executive summary Forward-thinking business leaders are challenging their organisations to achieve transformation by harnessing digital technologies with organisational, operational, and business
More informationDATACENTER SERVICES DATACENTER
SERVICES SOLUTION SUMMARY ALL CHANGE React, grow and innovate faster with Computacenter s agile infrastructure services Customers expect an always-on, superfast response. Businesses need to release new
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationEmbedded SIM Study. September 2015 update
Embedded SIM Study September 2015 update Executive summary Following a first white paper drawing upon interviews with mobile network operators in 3Q 2014, EY decided to perform a second round of interviews
More informationAvanade s Approach to Client Data Protection
White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success
More informationDefining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline
Resiliency Model A Holistic Approach to Risk Management Discussion Outline Defining the Challenges and Solutions The Underlying Concepts of Our Approach Outlining the Resiliency Model (RM) Next Steps The
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationEY s Data Privacy Services. January 2019
EY s Data Privacy Services January 2019 Introduction Data privacy encompasses the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationHeadline Verdana Bold
Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary
More informationAUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary
More informationSix Sigma in the datacenter drives a zero-defects culture
Six Sigma in the datacenter drives a zero-defects culture Situation Like many IT organizations, Microsoft IT wants to keep its global infrastructure available at all times. Scope, scale, and an environment
More informationTHE JOURNEY OVERVIEW THREE PHASES TO A SUCCESSFUL MIGRATION ADOPTION ACCENTURE IS 80% IN THE CLOUD
OVERVIEW Accenture is in the process of transforming itself into a digital-first enterprise. Today, Accenture is 80 percent in a public cloud. As the journey continues, Accenture shares its key learnings
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationIT123: SABSA Foundation Training
IT123: SABSA Foundation Training IT123 Rev.002 CMCT COURSE OUTLINE Page 1 of 8 Training Description: SABSA is the world s leading open security architecture framework and methodology. SABSA is a top-tobottom
More informationQuality Management Systems (ISO 9001:2015 and ISO 29001) Lead Auditor training (EY/IMSA Q03)
Quality Management Systems (ISO 9001:2015 and ISO 29001) Lead Auditor training (EY/IMSA Q03) Doha, 4 8 March 2018 IMSA is an IRCA/CQI Approved Training Provider Contents Section 1: About the program 04
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationBusiness Architecture Implementation Workshop
Delivering a Business Architecture Transformation Project using the Business Architecture Guild BIZBOK Hands-on Workshop In this turbulent and competitive global economy, and the rapid pace of change in
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationCyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD)
Randall Sandone, CCISO Executive Director Critical Infrastructure Resilience Institute rsandone@illinois.edu Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal
More informationThree Key Challenges Facing ISPs and Their Enterprise Clients
Three Key Challenges Facing ISPs and Their Enterprise Clients GRC, enterprise services, and ever-evolving hybrid infrastructures are all dynamic and significant challenges to the ISP s enterprise clients.
More informationImplementing a Global Business
GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationSupporting the Cloud Transformation of Agencies across the Public Sector
SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationGain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services
Solution Overview Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services OPTIMIZE YOUR CLOUD SERVICES TO DRIVE BETTER BUSINESS OUTCOMES Reduce Cloud Business Risks and Costs
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationRISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach
INTELLIGENCE RISK INTELLIGENCE Assurance and efficiency improvement through a robust Enterprise Risk Management approach Carla De Geyseleer CFO Investor Days 2018, Bordeaux CERTIFICATION ACTIVATION 2 Prioritizing
More information