L18: Integrate Control Disciplines to Increase Control and Save Money
|
|
- Blaise Wells
- 5 years ago
- Views:
Transcription
1 L18: Integrate Control Disciplines to Increase Control and Save Money Kathleen Lucey, FBCI Montague Risk tel:
2 Connections Information Security (computer security, data security, cyber security, logical security) Records Emergency Crisis Business Continuity (disaster recovery, contingency planning, resilience)
3 InfoSec Overview Modern usage begins with the growth of information technology Traditionally ends at the last point controlled by IT Generally reports within IT Professional knowledge base and jargon
4 InfoSec Control Principles Transference of Risk Prevention, Avoidance, Deterrence (Defensive Depth) Detection Mitigation & Recovery Correction
5 Records Overview Exists since the use of paper documents, but particularly since the use of printed documents Organizes and stores critical documents for future access Regulated Third-party industry for short- and long-term archive Professional knowledge base and jargon Generally reports to an internal administrative department (CFO, CAO)
6 Records Control Principles Transference of risk Loss Prevention, Avoidance, Deterrence (Defensive Depth) Detection Recovery Correction
7 Emergency Overview Primarily concerned with the safety of personnel during an infrastructure or other climate-induced or physical failure. Involves many third parties Regulated Professional knowledge base(s) and internal jargon (many) Supports controls used by other functions Generally reports to Facilities or HR, which reports to either the COO, CFO, or CAO
8 Emergency Control Principles Transference of risk and damages Prevention of human injury and loss of life Prevention, Avoidance, Deterrence of an infrastructure-related failure Detection of an emergency condition Mitigation & Recovery from an incident Correction
9 Crisis Overview Shapes and manages the communications to the employees, press, and other parties after a major incident Attempts to minimize the follow-on legal, financial and reputation impacts to the organization Third party involvement: Public Relations firm and/or a Law firm Senior executives are usually involved but only at the time of incident Professional knowledge base(s) and internal jargon (multiple) Generally responsible to the CEO or Chairman of the Board May not be formally organized.
10 Crisis Control Principles Transference of risk and damages wherever possible Detection: Early identification of potential crisis; preplanned response Implementation of a Crisis Plan Mitigation & Recovery from an incident: Spin of crisis-related information to minimize negative impacts Control of communications channels to press, public, and staff Correction
11 Business Continuity Overview Modern usage begins with the growth of information technology, and the perceived dependence of the organization on its IT systems. First called DISASTER RECOVERY. Now may be called RESILIENCY. Driven by market forces: availability of inexpensive commercial shared hot sites and similarity of widely shared equipment. Also IT dependence on electrical power. STILL generally reports within IT; advanced organizations use different structures. Concerned with 1) avoiding an incident that interrupts business operations; 2) mitigating damages if one occurs. Often more attuned to operational impacts of IT systems loss: RTO, RPO
12 Business Continuity Control Principles Transference of risk and damages as possible Prevention, Avoidance, Deterrence (Defensive Depth) of ANY and ALL conditions that may provoke a business interruption Early detection and pre-planned, rehearsed response Damage Mitigation & Recovery Correction
13 Initial Interruption INTERRUPTION MANAGEMENT MODEL Crisis Team Media Relations Team Command Center Support Team Recovery Business Recovery Coordination Business Continuity Teams Interruption Team Business Continuity Coordination IT Recovery Coordination Information Technology Recovery Teams Emergency Logistics Site Repair or Relocate Emergency Funding Admin. Services Employee Support Physical Security Site Repair and Restoration Insurance Liaison Purchasing EMT Government Liaison Transportation, Communications HAZMAT Damage Assessment Site Relocation and Recreation 2009 Montague Risk II, Inc. All rights reserved.
14 CONVERGENCE
15 Convergence of Control Disciplines ALL of these disciplines involve controls to minimize the probability and severity of incidents. ALL are concerned with controls to reduce incidentrelated injuries and damages. IT Disaster Recovery was part of InfoSec in the early 80 s: availability. ALL of these disciplines (and more) are often now included in enterprise resiliency programs.
16 Convergence of Control Disciplines RISK MANAGEMENT: must be concerned with all disciplines working to deter and respond to ALL incidents that may result in personnel injury, operational interruptions to the business OR loss of revenue/customers.
17 Risk Program Elements Business Continuity Program Emergency Baseline Notification & Communication Logistics & Incident Team Plans Crisis Team Plans Evacuation and Assembly Points Employee Support Materials Emergency Phone Numbers Local Emergency Organization Training & Testing
18 Risk Program Elements Business Continuity Program Resiliency & Recovery Baseline Continuity Team Plans & Testing IT Offsite Backup & Mirroring IT Systems Recreation Plans & Testing Redundancy & Routing Diversity Multiple Suppliers & Continuity Capability Audits Insurance Adequacy Documentation, Training & Testing
19 Risk Program Elements Business Continuity Program Safety & Security Baseline Visitor Reception Procedures Entry & Exit Safety Premises & Lease Checklist Safety & Security Function & Culture Basic Pandemic Planning Training & Testing
20 Risk Program Elements Business Continuity Program Information Protection Baseline Paper document scan on receipt procedure Classification & role-based Access Intrusion Detection / Monitoring & Response Super-User Monitoring & Response Effective Account / Privilege Housekeeping Practices
21 Risk Program Elements Business Continuity Program Emergency Baseline Resiliency & Recovery Baseline Safety & Security Baseline Information Protection Baseline Notification & Communication Logistics & Incident Team Plans Crisis Team Plans Evacuation Assembly Points Employee Support Materials Emergency Phone Numbers Local Emergency Organization Training & Testing Continuity Team Plans & Testing IT Offsite Backup & Mirroring IT Systems Re-creation Plans & Testing Redundancy & Routing Diversity Multiple Suppliers & Continuity Capability Audits Insurance Adequacy Documentation, Training & Testing Visitor Reception Procedures Entry & Exit Safety Premises & Lease Checklist Safety & Security Function & Culture Basic Pandemic Planning Training & Testing Paper document scan on receipt procedure Classification & Need to Know Access Intrusion Detection / Monitoring & Response Super-User Monitoring & Response Effective Account / Privilege Housekeeping Practices Brand Protection Baseline
22 How does the business perform governance on this inter-related set of complex control activities?
23 Organizing for Effectiveness Like the Audit Department, all control functions that cross the borders of company silos should ultimately report OUTSIDE of those silos. A unified command structure can determine meaningful policies and useful common procedures in ALL silos. Each can learn from the others. Living together will de-mystify the internal jargon of each discipline and encourage cross-disciplinary education.
24 Prototype Risk Governance Organization Board Risk Committee Head of Audit Department (CRO) Corporate Risk Business Continuity Emergency / Facilities Physical Security Safety Crisis Information Security Records Insurance / Legal
25 Benefits The Risk Committee of the Board is legally charged with ensuring that appropriate controls are in place across the enterprise. Reports on controls and their effectiveness can be stated in business terms, and be consonant with operational audits. Audit will become a close partner. It will become possible to implement initiatives across disciplines whose impacts can be understood by the business. Missing or ineffective controls are easier to see when all are grouped together.
26 Benefits Cross-pollination of various control cultures erodes knowledge and jargon barriers. A common language and culture will develop among all control disciplines over time. Duplication of efforts can be eliminated, thus increasing productivity. Enterprise-wide contracts for common products and services can be negotiated at significant cost savings.
27 Benefits Nothing precludes subordinate organizations within silos, but each reports to a company-wide director for that control discipline. Risk budgets can be allocated across the company, instead of competing for resources within department- or silo-level organizations.
28 Benefits All disciplines bring a critical part of the risk and governance equation. Each is therefore essential. Only by grouping all disciplines together can they be harmonized and work together effectively. It s a big boat and there is room for everyone. IF we are willing to learn how to understand each other s languages and work with each other!
29 Prototype Risk Governance Organization Board Risk Committee Head of Audit Department (CRO) Enterprise Risk Director, Enterprise Business Continuity Director, Emergency / Facilities Director, Enterprise Physical Security Director, Enterprise Safety Director, Enterprise Crisis Director, Enterprise Information Security Director, Enterprise Records Director, Enterprise Insurance / Legal
30 Shatter the Walls between Control Disciplines! All control disciplines do basically the same thing: just in different areas. Each has its own jargon, and its own territory to defend. Use formal and informal events to gain trust. Use time to your advantage to gain confidence. Be friendly and supportive!
31 Shatter the Walls between Control Disciplines! Business Continuity Physical Security Crisis Information Security Insurance / Legal Safety Emergency / Facilities Records
32 The Chief Risk Officer The CRO will need to understand and speak the languages of multiple control disciplines. The CRO will need knowledge, certification, and experience in multiple control disciplines. The CRO ranks will be filled by individuals willing to step away from each discipline-specific jargon, and to lead the emergence of a new management function that embraces all control disciplines.
33 Advance Your Career YOU Chief Risk Officer Business Continuity Emergency / Facilities Physical Security Safety Crisis Information Security Records Insurance / Legal
34 QUESTIONS? Contact me at: Phone: (mobile)
Business Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationL33: The Challenge of Assessing Supplier Reliability
L33: The Challenge of Assessing Supplier Reliability Kathleen Lucey, FBCI President, Montague Risk Management President, BCI-USA kalucey@montaguetm.com Eric Staffin VP, Global Head of Product & Infrastructure
More informationWHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA
WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY Integrating Resiliency into Our Culture and DNA Table of Contents Executive Summary.... 3 Background.... 4 Charter.................................................................4
More informationInfocomm Professional Development Forum 2011
Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience
More informationBME CLEARING s Business Continuity Policy
BME CLEARING s Business Continuity Policy Contents 1. Introduction 1 2. General goals of the Continuity Policy 1 3. Scope of BME CLEARING s Business Continuity Policy 1 4. Recovery strategies 2 5. Distribution
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationINFORMATION SECURITY- DISASTER RECOVERY
Information Technology Services Administrative Regulation ITS-AR-1505 INFORMATION SECURITY- DISASTER RECOVERY 1.0 Purpose and Scope The objective of this Administrative Regulation is to outline the strategy
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationa publication of the health care compliance association MARCH 2018
hcca-info.org Compliance TODAY a publication of the health care compliance association MARCH 2018 On improv and improving communication an interview with Alan Alda This article, published in Compliance
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationOur key considerations include:
October 2017 We recognize that our ability to continue to function as an organization is critical to our clients, who rely heavily on our firm and our people to keep their own real estate functioning properly.
More informationHOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through
HOTEL RESILIENT Plan ahead stay ahead With support from the German Government through WHAT CAN GO WRONG WILL GO WRONG Murphy s Law More than 40% of hotels do not reopen after large disasters FEMA 2010
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationSecurity Director - VisionFund International
Security Director - VisionFund International Location: [Europe & the Middle East] [United Kingdom] Category: Security Job Type: Open-ended, Full-time *Preferred location: United Kingdom/Eastern Time Zone
More informationMaking YOUR Organization More Efficient and Effective Through Business Continuity / Continuity of Operations Planning
2017 California Higher Education Collaborative Conference Making YOUR Organization More Efficient and Effective Through Business Continuity / Continuity of Operations Planning Introductions Rick Blackburn,
More informationTHE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT
THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson
More informationBUSINESS CONTINUITY. Topics covered in this checklist include: General Planning
BUSINESS CONTINUITY Natural and manmade disasters are happening with alarming regularity. If your organization doesn t have a great business continuity plan the repercussions will range from guaranteed
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationHENRY EE, FBCI, CBCP
10 Things You Should Know When Reimagine Your ERM With BCM Program 27 July 2016 Presented by : Henry Ee, FBCI, CBCP, ISO22301 LA, Fellow of Business Continuity Institute (FBCI) Certified Business Continuity
More informationTUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY
JUNE 2017 TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the Tufts Health Plan Corporate
More informationMaintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery
Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery Dave Komendat Chief Security Officer The Boeing Company What We Do Today Design, assemble and support
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationBusiness Continuity Planning
Information Systems Audit and Control Association www.isaca.org Business Continuity Planning AUDIT PROGRAM & INTERNAL CONTROL QUESTIONNAIRE The Information Systems Audit and Control Association With more
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationBC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology?
BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology? Executive Director Business Continuity Services April 1, 2008 2008 Development Company, L.P. The information contained herein
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationTemplate. IT Disaster Recovery Planning: A Template
Template IT Disaster Recovery Planning: A Template When disaster strikes, business suffers. A goal of business planning is to mitigate disruption of product and services delivery to the greatest degree
More informationNovember 14, Emergency Management and Hurricane Irma. Florida Human Resources People and Strategy (FLHRPS)
November 14, 2017 Emergency Management and Hurricane Irma Florida Human Resources People and Strategy (FLHRPS) 1 Agenda Hurricane Irma recap Dianne Merrill Emergency Management Process Susan Mueller Lessons
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationSAVANNAH LAKES VILLAGE PROPERTY OWNERS ASSOCIATION, INC. JOB DESCRIPTION
SAVANNAH LAKES VILLAGE PROPERTY OWNERS ASSOCIATION, INC. JOB DESCRIPTION POSITION: CHIEF OPERATING OFFICER FUNCTION: Responsible for all aspects of the SLV POA day-to-day operations. In this capacity,
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Advisors and Special Event Domestic Incident Tracker Overview Federal
More informationContingency Planning
Contingency Planning Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill Procedures are required that will permit
More informationNORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives
NORTH CAROLINA MANAGING RISK IN THE INFORMATION TECHNOLOGY ENTERPRISE NC MRITE Nominating Category: Nominator: Ann V. Garrett Chief Security and Risk Officer State of North Carolina Office of Information
More informationLocal Government Disaster Planning and what can be learned from it.
Local Government Disaster Planning and what can be learned from it. Emergency Operations Plans Emergency Support Functi0ns: ESF-1 ESF-2 ESF-3 ESF-4 ESF-5 ESF-6 ESF-7 Transportation Communications Public
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationFacilities Management and Business Continuity. 10 May 2017
Facilities Management and Business Continuity 10 May 2017 1 Introductions Business Continuity Institute BCI SADC Chapter The Caridon Group 2 The BCI 3 The Caridon Group Consulting Group of select experienced
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Contingency Planning Jan 22, 2008 Introduction Planning for the unexpected event, when the use of technology is disrupted and business operations come close to a standstill
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationFifteen Best Practices for a Successful Data Center Migration
Fifteen Best Practices for a Successful Data Center Migration Published: 6 March 2017 ID: G00324187 Analyst(s): Henrique Cecci Data center migrations are often complex and risky. These best practices will
More informationManager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre
IDENTIFICATION Department Position Title Infrastructure Manager, Infrastructure Services Position Number Community Division/Region 32-11488 Yellowknife Technology Service Centre PURPOSE OF THE POSITION
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT AND BEST PRACTICES Heather Fields, JD, CHC, CCEP (414) 298-8166 hfields@reinhartlaw.com 1000 North Water Street, Suite 1700, Milwaukee, WI 53202 www.reinhartlaw.com 0 Agenda Role
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationIntroduction. Overview. Every Crisis Management Team Needs a Critical Decision Checklist. Presented by Roseanne Rostron, CBCP President Raido Response
Every Crisis Management Team Needs a Critical Decision Checklist Presented by Roseanne Rostron, CBCP President Raido Response Tuesday, May 9, 2006 Introduction Roseanne Rostron, CBCP - President Raido
More informationBusiness Continuity An Integral Part of Risk Management At Constellation Energy
Business Continuity An Integral Part of Risk Management At Constellation Energy World Disaster Management Conference Toronto, Canada June 19, 2006 Robert W. Cornelius Director Business Continuity Operating
More informationBusiness Continuity Planning Keeping Pace with New Technology
Business Continuity Planning Keeping Pace with New Technology Old issues, new threats Force Majeure Increasing severe weather incidents, terrorist attacks Legacy modernization Cutover issues, system crashes,
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationApril Appendix 3. IA System Security. Sida 1 (8)
IA System Security Sida 1 (8) Table of Contents 1 Introduction... 3 2 Regulatory documents... 3 3 Organisation... 3 4 Personnel security... 3 5 Asset management... 4 6 Access control... 4 6.1 Within AFA
More informationNew York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief
Publication Date: March 10, 2017 Requirements for Financial Services Companies (23NYCRR 500) Solution Brief EventTracker 8815 Centre Park Drive, Columbia MD 21045 About EventTracker EventTracker s advanced
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationBuild a viable plan for disaster recovery and crisis management.
Disaster recovery and crisis management solutions To support your IT objectives Build a viable plan for disaster recovery and crisis management. Highlights Build a plan to help respond to and recover from
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationConvergence of BCM and Information Security at Direct Energy
Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc
More informationClarity on Cyber Security. Media conference 29 May 2018
Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26
More informationPromoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ
Promoting the Art and Science of Business Continuity Management Worldwide Official Certification and Education Partner of the DRJ Doug Weldon President, BCI-USA Chapter douglas.weldon@thomsonreuters.com
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationIT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu
January 30, 2017 1 Corporate Structures Shareholders Governance Level: Board of Directors External Director CFO CEO Legal Counsel External Director Responsible for: Evaluate Direct Monitor Internal Directors
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationInformation Security for the Future Seminar Oiva Karppinen, Chief Executive Officer NXme FZ-LLC (Nixu Middle East)
Information Security for the Future Seminar 13.2.2013 Oiva Karppinen, Chief Executive Officer NXme FZ-LLC (Nixu Middle East) Corporate Background NXme is a privately owned Dubai-based IT security company
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationNERC Staff Organization Chart 2015 Budget
NERC Staff Organization Chart President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Associate Director, Member Relations and MRC Secretary (Dept. 2100) Senior Vice President and Chief Reliability
More informationBCP At Bangkok Bank, Thailand
BCP At Bangkok Bank, Thailand Bhakorn Vanuptikul, BCCE Executive Vice President Bangkok Bank Public Company Limited 10 May 2012 1 Agenda Business Continuity Management at Bangkok Bank Success Factors in
More informationNERC Staff Organization Chart
NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability
More information