How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

Size: px
Start display at page:

Download "How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016"

Transcription

1 How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016 Copyright SP PowerGrid Ltd

2 Threat Threat 1 Threat 2 Organisation Threat 3 2

3 Threat - Terrorist actions ST 19Mar16 3

4 Threat Influenza / respiratory infections MERS Ebola 4

5 Threat Fire 5

6 Threat Power Cable failure ST 13Mar14 6

7 Threat Power Disruption ST 26Apr16 7

8 Threat -Adverse media reports 8

9 What can go wrong? Terrorist actions Natural Gas supply disruption Fire or Explosion Equipment failure Cyber attacks (DoS, DDoS, Malware, Website defacement) Loss of critical service provider/ supplier Soil subsidence Denial of access to building SARS, H5N1,H7N9, MERS, Ebola, Zika Natural disaster Haze Adverse media reports Others Source: OngLC 9

10 What is Business Continuity Management (BCM)? 10

11 Business Continuity Management (BCM) Holistic management process that identifies potential threats to an organisation and the impacts to business operations those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capacity for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities Source: ISO

12 SPRING /SP supports the development of new ISO Stds ISO/IEC JTC1 SC 27 IT- Security Techniques WG4 ISO/IEC Guidelines for ICT Readiness for Business Continuity ISO/TC 223 Societal Security WG4 SS 540 ISO Business Continuity Management Systems Requirements ISO Business Continuity Management Systems Guidance Source: OngLC 12

13 SS ISO22301 BCM Systems - Requirements Content 0. Introduction 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 13

14 Operation - Elements of BCM Business Impact Analysis & Risk Assessment Exercising & Testing Operational planning & Control BC Strategy Establish & Implement BC Procedures Source: SS ISO

15 BCM Incident Preparedness Risk Assessment Business Impact Analysis BC Strategy BC Plan (procedures) Testing and Exercising Ops planning & Control Response Recovery Time Business Continuity Mgt Life safety is the first priority during incident response ISO References: ISO22301 BCM Systems - Requirements ISO22313 BCM Systems - Guidance ISO22320 Emergency Mgt iso22398 Exercises & testing ISO31000 Risk Mgt Source: OngLC 15

16 Risk assessment (RA) Maintain a formal documented risk assessment process Identifies, analyses, and evaluates the risk of disruptive incidents to Organisation. Identify risks of disruption to Orgn s prioritized activities Identify the processes, systems, information, people, assets, outsource partners & other resources that support Orgn s prioritized activities Evaluate which disruption related risks require treatment Identify treatments commensurate with BC objectives & in accordance with Orgn s risk appetite 16

17 Business impact analysis (BIA) Maintain a documented evaluation process for determining continuity and recovery priorities, objectives and targets (include assessing the impacts of disrupting activities that support Orgn s services). Identify activities that support the provision of services by Orgn Assess the impacts over time of not performing these activities Set prioritized timeframes (RTO) for resuming these activities at a specified minimum acceptable level [MBCO] Identify dependencies and supporting resources for these activities, including suppliers, outsource partners & other relevant interested parties 17

18 Likelihood Risk Level Matrix (example) RISK LEVEL MATRIX Very High High Medium Low Low Medium High Very High Consequence Source: OngLC 18

19 Strategy - Determination and selection Determination and selection of strategy shall be based on the outputs from the BIA and Risk Assessment. Orgn shall determine an appropriate BC Strategy for a) protecting prioritized activities b) stabilizing, continuing, resuming and recovering prioritized activities & their dependencies and supporting resources c) mitigating, responding to and managing impacts The determination of strategy shall include approving prioritized time frames for the resumption of activities. Orgn shall conduct evaluations of the BC capabilities of suppliers. 19

20 Strategy - Establishing resource requirements Orgn shall determine the resource requirements to implement the selected strategies. The types of resources considered shall include but not be limited to a) people b) information & data c) buildings, work environment & associated utilities d) facilities, equipment & consumables e) information & communication technology (ICT) systems f) transportation g) finance h) partners & suppliers 20

21 BCM Training courses available in Singapore ISO BCMS ISO Emergency Management ISO Risk Management Pandemic Contact Tracing Training Crisis Intervention Crisis Communications Others Source: SIPG/ SPTI 21

22 Training ST 28Oct14 22

23 BC Exercises S/N Types of Exercise 1 Phone Recall 2 Mobilisation 3 Table Top 4 Functional / Deployment S/N Exercise Scenario (examples) 1 Mobilisation 2 Office Accommodation 3 Pandemic 4 Power/ water/ gas supply disruption 23

24 Conclusion 24

25 Conclusion Anything that can go wrong, will go wrong Murphy s Law >> Serious incident can happen any time. Q : Are you Operationally Ready? 25

26 Q : Are you Operationally Ready? Resilience >> ISO >> 居安思危 Risk Assessment Business Impact Analysis BC Strategies BC Plans Training & Exercises Programme Mgt Content 0. Introduction 1. Scope 2. Normative references 3. Terms and definitions 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 26

27 BCM >> Resilience Building a strong and sustainable Business Continuity culture! 27

28 Thank You 28

29 For enquiries, please contact Ong Liong Chuan Mobile : <liongchuan@singaporepower.com.sg> 29

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014

More information

Infocomm Professional Development Forum 2011

Infocomm Professional Development Forum 2011 Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience

More information

Risk Management. Continuity Management

Risk Management. Continuity Management Risk Management vs Continuity Management Marie Hélène Primeau, CA, MBCI President Premier Continuum DRJ Fall World September 12, 2011 Marie-Hélène Primeau, CA, MBCI Chartered Accountant and Member of the

More information

Facilities Management and Business Continuity. 10 May 2017

Facilities Management and Business Continuity. 10 May 2017 Facilities Management and Business Continuity 10 May 2017 1 Introductions Business Continuity Institute BCI SADC Chapter The Caridon Group 2 The BCI 3 The Caridon Group Consulting Group of select experienced

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

ISO Business Continuity Management System

ISO Business Continuity Management System ISO 22301 Business Continuity Management System Ensure continuity of critical business functions in the event of disruptions White paper Abstract This white paper provides an overview of ISO 22301, and

More information

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

BCM s Role in Effective Risk Management: A Risk Manager s Point of View BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

How to Conduct a Business Impact Analysis and Risk Assessment

How to Conduct a Business Impact Analysis and Risk Assessment How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda

More information

Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?

More information

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One

More information

PECB Change Log Form

PECB Change Log Form GENERAL INFORMATION Owner / Department* Approver / Department * Training Development Department Quality Assurance Department Date of Approval* 2019-01-09 Course name: Language: New Version: Previous Version:

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another

More information

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business

More information

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification

More information

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009

Rejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009 Rejuvenating BCM - Infrastructure Business Continuity Awareness Week 23 27 March 2009 Brigitte Theuma MBCI, CBCMMA, CBCMP, CBCITP, MIAEM 23 March 2009 Total of 5 pages Table of Contents I. ICT Service

More information

BUSINESS CONTINUITY MANAGEMENT. A short guide 2017

BUSINESS CONTINUITY MANAGEMENT. A short guide 2017 BUSINESS CONTINUITY MANAGEMENT A short guide 2017 Acknowledgements Business Continuity Institute Founded in 1994, the BCI defined a set of practices for individuals to be able to demonstrate their individual

More information

Implementing a Global Business

Implementing a Global Business GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation

More information

Table of Contents. Sample

Table of Contents. Sample TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...

More information

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC

More information

Bradford J. Willke. 19 September 2007

Bradford J. Willke. 19 September 2007 A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure

More information

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6: TECHNICAL SPECIFICATION ISO/IEC TS 17021-6 First edition 2014-12-01 Conformity assessment Requirements for bodies providing audit and certification of management systems Part 6: Competence requirements

More information

Policy. Business Resilience MB2010.P.119

Policy. Business Resilience MB2010.P.119 MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to

More information

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery Dave Komendat Chief Security Officer The Boeing Company What We Do Today Design, assemble and support

More information

7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network

7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network 7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network Business Impact Analysis A Regional Perspective Presented by Lim Sek Seong Vice President Sek_Seong@BCM-Institute.org

More information

Business Continuity Risk Management IT Service Continuity

Business Continuity Risk Management IT Service Continuity Business Continuity Risk Management IT Service Continuity The Three Musketeers All for one, one for all Author: Athol Culpan, Isaacs George and Ray Botardo Agenda Introductions Athol Culpan Case Study

More information

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents

More information

HENRY EE, FBCI, CBCP

HENRY EE, FBCI, CBCP 10 Things You Should Know When Reimagine Your ERM With BCM Program 27 July 2016 Presented by : Henry Ee, FBCI, CBCP, ISO22301 LA, Fellow of Business Continuity Institute (FBCI) Certified Business Continuity

More information

Promoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ

Promoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ Promoting the Art and Science of Business Continuity Management Worldwide Official Certification and Education Partner of the DRJ Doug Weldon President, BCI-USA Chapter douglas.weldon@thomsonreuters.com

More information

Implementing BCM Frameworks. Monday 19 November Aidan O Brien Head of Resilience and Security National Australia Group Europe

Implementing BCM Frameworks. Monday 19 November Aidan O Brien Head of Resilience and Security National Australia Group Europe Implementing BCM Frameworks Monday 19 November 2012 Aidan O Brien Head of Resilience and Security National Australia Group Europe Murphy s Law 1. If anything can go wrong, it will 2. If there is a possibility

More information

Continuity of Business

Continuity of Business White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be

More information

Using International Standards to Implement a Business Continuity Management System (BCMS)

Using International Standards to Implement a Business Continuity Management System (BCMS) Using International Standards to Implement a Business Continuity Management System (BCMS) Dr. Abdulrahman AlEnezi Dr. Fawaz AlEnezi Eng. Maryam AlRadhwan Dr. Sultan AlEnezi Agenda Introduction Business

More information

Business Continuity Management Program Overview

Business Continuity Management Program Overview Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this

More information

SC27 WG4 Mission. Security controls and services

SC27 WG4 Mission. Security controls and services copyright ISO/IEC JTC 1/SC 27, 2012. This is an SC27 public document and is distributed as is for the sole purpose of awareness and promotion of SC 27 standards and so the text is not to be used for commercial

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

Chapter 1. Chapter 2. Chapter 3

Chapter 1. Chapter 2. Chapter 3 Contents Preface ix Chapter 1 Terrorism 1 Terrorism in General 2 Definition of Terrorism 3 Why Choose Terrorism 4 Goals of Terrorists 5 Selection of Targets and Timing of Attacks 6 Perpetrators 7 Weapons

More information

Global Statement of Business Continuity

Global Statement of Business Continuity Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program

More information

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community Information Security Management Systems Standards ISO/IEC 27001 Global Opportunity for the Business Community Prof. Edward (Ted) Humphreys IPA Global Symposium 2013 23 rd May 2013, Tokyo, Japan CyberSecurity

More information

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD INTERNATIONAL STANDARD ISO/IEC 24762 First edition 2008-02-01 Information technology Security techniques Guidelines for information and communications technology disaster recovery services Technologies

More information

BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017 PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory

More information

GUIDANCE NOTE ON CYBERSECURITY

GUIDANCE NOTE ON CYBERSECURITY GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope

More information

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING BUSINESS CONTINUITY EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES The key to every successful Business Continuity Solution

More information

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability

More information

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power

More information

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes

The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes The importance of STANDARDS to ensure ACCOUNTABILITY and GOVERNANCE in ehealth-ict security processes New targets for cyberattacks New challenges for cybersecurity not only money transaction and bank accounts

More information

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC Draft Version incorporating Management Review [MR] Edits and Comments Document Date: July 2013 Goal One: Ensure Interoperable

More information

Long-Term Power Outage Response and Recovery Tabletop Exercise

Long-Term Power Outage Response and Recovery Tabletop Exercise 1 Long-Term Power Outage Response and Recovery Tabletop Exercise After Action Report [Template] The After-Action Report/Improvement Plan (AAR/IP) aligns exercise objectives with preparedness doctrine to

More information

Introduction to Business Continuity Management

Introduction to Business Continuity Management Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009 Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009

More information

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018 Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

The Metropolitan Police Service Approach to Corporate Resiliency

The Metropolitan Police Service Approach to Corporate Resiliency The Metropolitan Police Service Approach to Corporate Resiliency Chief Inspector Tim Marjason Metropolitan Police Service Emergency Preparedness OCU CO3 - Central Operations New Scotland Yard, London Central

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Introduction to Business continuity Planning

Introduction to Business continuity Planning Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources

More information

Verso ilnuovostandard ISO (BS25999) sullabusiness Continuity Scenari e opportunità

Verso ilnuovostandard ISO (BS25999) sullabusiness Continuity Scenari e opportunità Verso ilnuovostandard ISO 22301 (BS25999) sullabusiness Continuity Scenari e opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits

More information

Port Facility Cyber Security

Port Facility Cyber Security International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose

More information

Business Continuity Management Standards A Side-by-Side Comparison

Business Continuity Management Standards A Side-by-Side Comparison Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan

More information

Business Continuity Management

Business Continuity Management University of Oslo INF3510 Information Security Autumn 2018 Workshop Questions and s Lecture 8: Risk Management and Business Continuity Management Question 1: Risk factors A possible definition of information

More information

John Snare Chair Standards Australia Committee IT/12/4

John Snare Chair Standards Australia Committee IT/12/4 John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC

More information

Shared Responsibility: Roles and Responsibilities in Emergency Management Geoff Hay

Shared Responsibility: Roles and Responsibilities in Emergency Management Geoff Hay Shared Responsibility: Roles and Responsibilities in Emergency Management Geoff Hay Assistant Director General Office of State Security and Emergency Coordination Department of the Premier and Cabinet

More information

_isms_27001_fnd_en_sample_set01_v2, Group A

_isms_27001_fnd_en_sample_set01_v2, Group A 1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001

More information

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY JUNE 2017 TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the Tufts Health Plan Corporate

More information

Tool-Supported Cyber-Risk Assessment

Tool-Supported Cyber-Risk Assessment Tool-Supported Cyber-Risk Assessment Security Assessment for Systems, Services and Infrastructures (SASSI'15) Bjørnar Solhaug (SINTEF ICT) Berlin, September 15, 2015 1 Me Bjørnar Solhaug Bjornar.Solhaug@sintef.no

More information

Prepare your Emergency respons, continuity plan, recovery plan

Prepare your Emergency respons, continuity plan, recovery plan Prepare your Emergency respons, continuity plan, recovery plan Panel Discussion with PortAventura,Europa Park, Disneyland Paris,Liseberg,the Safety Committee members with Q & A from attendees Septembre

More information

The Business Continuity Lifecycle Belfius

The Business Continuity Lifecycle Belfius The Business Continuity Lifecycle Belfius 17 december 2013 ALM Antwerpen Ludo Jappens MBCI Operational Risk Mgt. - Business Continuity & Crisis Mgt Ludo.Jappens@Belfius.be 1 Belfius in brief 1924 1860

More information

Sample Exam Privacy & Data Protection Foundation

Sample Exam Privacy & Data Protection Foundation Sample Exam Sample Exam Privacy & Data Protection Foundation SECO-Institute issues the official Business Continuity courseware to accredited training centres where students are trained by accredited instructors.

More information

Florida State University

Florida State University Florida State University Disaster Recovery & Business Continuity Planning Overview October 24, 2017 1 Key Readiness Questions Has your department identified the business functions and infrastructure that

More information

D2-01_17 PREPARING ICT TOWARDS ELECTRICAL BUSINESS CONTINUITY

D2-01_17 PREPARING ICT TOWARDS ELECTRICAL BUSINESS CONTINUITY CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2013 Colloquium November

More information

GUIDELINES ON MARITIME CYBER RISK MANAGEMENT

GUIDELINES ON MARITIME CYBER RISK MANAGEMENT E 4 ALBERT EMBANKMENT LONDON SE1 7SR Telephone: +44 (0)20 7735 7611 Fax: +44 (0)20 7587 3210 GUIDELINES ON MARITIME CYBER RISK MANAGEMENT MSC-FAL.1/Circ.3 5 July 2017 1 The Facilitation Committee, at its

More information

NW NATURAL CYBER SECURITY 2016.JUNE.16

NW NATURAL CYBER SECURITY 2016.JUNE.16 NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING

More information

standards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in

standards and so the text is not to be used for commercial purposes, gain or as a source of profit. Any changes to the slides or incorporation in ISO/IEC JTC 1/SC 27/WG 4 IT Security Controls and Services M. De Soete, ISO/IEC JTC 1 SC27 Vice Chair copyright ISO/IEC JTC 1/SC 27, 2014. This is an SC27 public document and is distributed as is for the

More information

Business Continuity Planning Keeping Pace with New Technology

Business Continuity Planning Keeping Pace with New Technology Business Continuity Planning Keeping Pace with New Technology Old issues, new threats Force Majeure Increasing severe weather incidents, terrorist attacks Legacy modernization Cutover issues, system crashes,

More information

Public Safety Canada. Audit of the Business Continuity Planning Program

Public Safety Canada. Audit of the Business Continuity Planning Program Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely

More information

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed

More information

Business Continuity: How to Keep City Departments in Business after a Disaster

Business Continuity: How to Keep City Departments in Business after a Disaster Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and

More information

Information technology Security techniques Information security controls for the energy utility industry

Information technology Security techniques Information security controls for the energy utility industry INTERNATIONAL STANDARD ISO/IEC 27019 First edition 2017-10 Information technology Security techniques Information security controls for the energy utility industry Technologies de l'information Techniques

More information

Preparing your C-Suite for a Cyber Crisis

Preparing your C-Suite for a Cyber Crisis Preparing your C-Suite for a Cyber Crisis Andrew Sheves Regester Larkin Orlando, September 12, 2016 3 Introduction Aim and objectives 4 Aim:» To help your business reduce its exposure to strategic cyber

More information

Disaster Recovery and Business Continuity Planning (Mile2)

Disaster Recovery and Business Continuity Planning (Mile2) Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity

More information

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Regional Resilience: Prerequisite for Defense Industry Base Resilience Regional Resilience: Prerequisite for Defense Industry Base Resilience Paula Scalingi, Director Pacific Northwest Center for Regional Disaster Resilience Vice Chair, The Infrastructure Security Partnership

More information

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step

More information

Predstavenie štandardu ISO/IEC 27005

Predstavenie štandardu ISO/IEC 27005 PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security

Brussels. Cyber Resiliency Minimizing the impact of breaches on business continuity. Jean-Michel Lamby Associate Partner - IBM Security Cyber Resiliency Minimizing the impact of breaches on business continuity Jean-Michel Lamby Associate Partner - IBM Security Brussels Think Brussels / Cyber Resiliency / Oct 4, 2018 / 2018 IBM Corporation

More information

Information Technology Disaster Recovery Planning Audit Redacted Public Report

Information Technology Disaster Recovery Planning Audit Redacted Public Report 1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor Information Technology Disaster Recovery Planning Audit Redacted Public Report June 12, 2018 City of Edmonton

More information

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,

More information

INTERNAL AUDIT DIVISION REPORT 2017/138

INTERNAL AUDIT DIVISION REPORT 2017/138 INTERNAL AUDIT DIVISION REPORT 2017/138 Audit of business continuity in the United Nations Organization Stabilization Mission in the Democratic Republic of the Congo There was a need to implement the business

More information

Advanced IT Risk, Security management and Cybercrime Prevention

Advanced IT Risk, Security management and Cybercrime Prevention Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy

More information

The Problem. Business Continuity/ Disaster Recovery. Course Outline and Structure. The Problem The Coverage. Sean Gunasekera

The Problem. Business Continuity/ Disaster Recovery. Course Outline and Structure. The Problem The Coverage. Sean Gunasekera Course Outline and Structure Week 1 Security Governance Week 2 Managing Security in the organisation Risk Management Week 3 Risk management Breaches, threats, vulnerabilities Week 4 IS security access

More information

ISO/IEC Information technology Security techniques Code of practice for information security controls

ISO/IEC Information technology Security techniques Code of practice for information security controls INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01 Information technology Security techniques Code of practice for information security controls Technologies de l information Techniques de

More information

Driving Global Resilience

Driving Global Resilience Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute

More information

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY PRIMARY AGENCY: SUPPORT AGENCIES: Savannah-Chatham Metropolitan Police Department Armstrong-Atlantic Campus Police Department Bloomingdale

More information

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants

More information

Advent IM Ltd ISO/IEC 27001:2013 vs

Advent IM Ltd ISO/IEC 27001:2013 vs Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater

More information

Explore Resilience and Risk Management Around the World

Explore Resilience and Risk Management Around the World Organizational Resilience: Security, Preparedness and Continuity Management Systems - Requirements with Guidance for Use Explore Resilience and Risk Management Around the World ANSI/ASIS SPC.1-2009 Dr.

More information

Overview of the Federal Interagency Operational Plans

Overview of the Federal Interagency Operational Plans Overview of the Federal Interagency Operational Plans July 2014 Table of Contents Introduction... 1 Federal Interagency Operational Plan Overviews... 2 Prevention Federal Interagency Operational Plan...2

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary

More information