Building a BC/DR Control Library and Regulatory Response Program

Size: px
Start display at page:

Download "Building a BC/DR Control Library and Regulatory Response Program"

Transcription

1 Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group

2 Regulatory Compliance & Controls September, 2016

3 Agenda 1 A quick introduction to CME Group 2 Business continuity management at CME 3 The evolution of regulatory response at CME 4 Regulatory response, compliance and controls 5 Questions

4 A Quick Introduction to CME Group Who we are and what we do

5 CME Group The world s leading and most diverse derivatives marketplace Our exchanges - Chicago Mercantile Exchange (CME) - Chicago Board of Trade (CBOT) - New York Mercantile Exchange (NYMEX) - Commodities Exchange (COMEX) Our markets: futures and options based on - Interest rates - Equities indexes - Foreign exchange - Energy - Agricultural commodities - Metals - Weather - Real estate Our reach - Access in 150 countries - Market connections through 11 global hubs - Relationships with 12 partner exchanges - Offices and employees around the world

6 CME Group The world s leading and most diverse derivatives marketplace

7 Business Continuity Management at CME Group What we do and what our regulators want to understand

8 Business Continuity Management at CME Group Our team mitigates potential impacts to our markets, customers, assets and employees based on identified risks. We are committed to ensuring CME Group can respond to an incident while safeguarding the interests of our stakeholders, ensuring the safety of employees and protecting our reputation and brand. BCM Methodology Align with US and International standards; Implement response and recovery strategies that are both flexible and agile; Build effective partnerships throughout the company; Employ tested exercise models that evolve with our environment and architecture; Seek opportunities for enhanced resilience; Identify and apply mitigation plans, based on proper risk tolerance; Establish collaborative relationships with external entities, partnerships and agencies; and Monitor and adjust program components to meet both domestic and international regulatory requirements and to reflect material changes to the business.

9 Business Continuity Management Program Components

10 Methodology

11 Crisis Analysis Focus Areas Execute on the requirements of the Global Program which include: Working with Enterprise Risk Management, we plan against top tier risks. Coordinate with the Threat Analysis & Planning Team and communicate with executive leadership, senior management and subject matter experts about potential threats and mitigation efforts. Key stakeholders include: Senior Leadership, Risk Management Team, Threat Planning & Analysis Team, Global Assurance, Risk Committee of the Board of Directors

12 Business Resilience Focus Areas Execute on the requirements of the Global Program which include: Developing Business Impact Analyses (BIA) & Business Recovery Plans (BRP) Training Business Continuity Coordinators Coordinating Alternate Work Strategies

13 Event Management & Response Focus Areas Employ advanced tools which serve to facilitate: Effective global notifications Leadership communication Cross-functional collaboration and coordination

14 Event Management & Response Q Events 20% 10% Natural Hazard/Weather 20% Protest/Strike 10% 40% Violence/Terrorism System/Infrastructure Health/Environmental

15 Disaster Recovery Focus Areas Engage IT at all levels to ensure complete DR solution for existing and new applications and systems Document recovery strategy and procedures for every component of CME Group s IT systems Analyze recovery gaps and single points of failure Expand DR partner and customer relationships Enhance processes to reduce recovery time capabilities, where possible

16 Exercises & Education Annual Exercise Overview Name Frequency Incident Response Teams Tabletop Exercise Crisis Management Team Emergency Notification Tool Exercise Enterprise Response Team Regional Incident Response Teams National Communication Systems Exercise (GETS) Telecommuting Exercise Full System Failover Exercise Full System Failover & Business Unit Exercise Partner Exchange DR Exercises (PE DR to CME Prod) Industry-wide Exercises Annually Annually Annually Quarterly Annually Annually 2 times a year 2 times a year As requested by Partner Exchange As available & appropriate

17 Exercises & Education Focus Areas BCM program videos and training guides Events and increased focus during Business Continuity Awareness Week & Emergency Preparedness Month Increased BCM program awareness briefings across the enterprise, including presentations at division and task force meetings On-demand tabletops for departments and crossfunctional teams

18 Public/Private Partnerships

19 Customer Outreach Program Features Regular meetings and calls feature guest speakers that offer different perspectives on BC/DR Industry experts on hand to discuss relevant and timely topics of interest Networking opportunities allow for our customers to meet each other and establish new relationships FIA industry-wide DR exercise

20 Program Strategy & Compliance Focus Areas Regulatory Response Program Controls Audits and assessments Benchmarking and reporting Program maturation Policy and program documentation Policy Response New Business Support

21 Program Strategy & Compliance Program Alignment

22 Program Strategy & Compliance Regulatory Compliance Monitor US and International BC/DR regulation for program compliance Monitor global BC/DR standards to ensure program alignment Coordinate, research and respond to regulatory requests and inquiries

23 The Evolution of Regulatory Response at CME Group

24 Regulators and Regulation CME Group s Regulators Increased globalization leads to additional regulators both primary and non primary Increased number of requests Existing businesses in new locations New business in existing and new locations

25 Regulators and Regulation Changes in Regulations Dodd Frank Reform leads to new rules and requirements Business continuity programs must be based on industry best practices Difficult as NIST is not an international standard, but US regulators rely heavily on this standard for BCM Compliance with regulation had to be demonstrated by organizations use of standards and risk methodologies Industry Standards: NIST, FFIEC, ISO 22301, PFMI, NFPA 1600, BSI

26 The Need for BCM Controls

27 Controls A process for assuring achievement of an organizations objectives in operational effectiveness and efficiency, reliable financial reporting, compliance with laws, regulations and policies. Financial reporting AICPA SOX IT & Security ITIL NIST Business & Operations ISO ANSI SOC

28 Why We Need BC/DR Controls Prove operational effectiveness Address risk and understand results of noncompliance Identify tradeoffs Assist in planning Maturation and continuous improvement

29 Developing Controls: Gap Analysis Review all current regulations and standards Choose a guide- Most BCM standards are comparable in content and some are more prescriptive for compliance. If you can, align the program with the most prescriptive, to help avoid missing any aspects of your program a regulator might address Perform a gap analysis

30 Developing Controls: After Gap Analysis Write BC/DR controls based on where you want to be The control should be a clear, concise statement written to be applicable to the organization, not the standard or the regulation Share your efforts with the company. Determine testing schedules Compare controls with other company controls to help ensure alignment

31 Developing Controls: Elements of Our Framework Control ID: Control: Document ID Document Description Risk Description: What risk is this control attributed to? Testing requirements: Using the language from the regulations and standards you decided to use, detail what each control must adhere to. This will be used in the annual review to ensure compliance.

32 Developing Controls: Elements of Our Framework Standard mapping: for each control, map the standards and regulations that apply to the controls to show how the organization is meeting its objectives This also helps show the alignment with the standard the company chose to comply with and the other standards the company meets for the same control.

33 What s Next: Company Decisions Ownership of controls Enterprise view of all controls: IT Financial Operational Tools for managing controls Staff considerations: who will review and maintain the departments controls

34 Final Considerations Operational controls are not new, but how we use them in BCM might be Risk is better addressed within an environment that has controls, and clear visibility of how risk is attributed to controls Having senior leadership buy-in is essential The regulatory landscape, changes and uncertainty

35 Contact Information David Garland Senior Director, Business Continuity Management #cmegroup

36 Thank You

37

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

Global Statement of Business Continuity

Global Statement of Business Continuity Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program

More information

Session 5: Business Continuity, with Business Impact Analysis

Session 5: Business Continuity, with Business Impact Analysis Session 5: Business Continuity, with Business Impact Analysis By: Tuncay Efendioglu, Acting Director Internal Oversight Division, WIPO Pierre-François Gadpaille, Audit Specialist (Information Systems),

More information

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision

More information

Business Continuity Management Program Overview

Business Continuity Management Program Overview Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this

More information

Business Continuity and Disaster Recovery

Business Continuity and Disaster Recovery Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity

More information

Policy. Business Resilience MB2010.P.119

Policy. Business Resilience MB2010.P.119 MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to

More information

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another

More information

The Office of Infrastructure Protection

The Office of Infrastructure Protection The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape

More information

MassMutual Business Continuity Disclosure Statement

MassMutual Business Continuity Disclosure Statement MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments

More information

Enterprise resilience and the role of Standards

Enterprise resilience and the role of Standards www.pwc.co.uk Enterprise resilience and the role of Standards Why do we have Standards? Globalisation Consistency Quality Supply chain and outsourcing Marketing value Slide 2 Stakeholder value Ultimately,

More information

POSITION DESCRIPTION

POSITION DESCRIPTION POSITION DESCRIPTION Engagement Manager Unit/Branch, Directorate: Location: Outreach & Engagement, Information Assurance and Cyber Security Directorate Auckland Salary range: H $77,711 - $116,567 Purpose

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014

More information

Cybersecurity and the Board of Directors

Cybersecurity and the Board of Directors Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education

More information

Driving Global Resilience

Driving Global Resilience Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute

More information

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

THE POWER OF TECH-SAVVY BOARDS:

THE POWER OF TECH-SAVVY BOARDS: THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES

More information

STRATEGIC PLAN. USF Emergency Management

STRATEGIC PLAN. USF Emergency Management 2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

BCM s Role in Effective Risk Management: A Risk Manager s Point of View BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for

More information

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended

More information

falanx Cyber ISO 27001: How and why your organisation should get certified

falanx Cyber ISO 27001: How and why your organisation should get certified falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management

More information

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology Branch Organization of Cyber Security Technical Standard Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:

More information

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS. When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation

B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation Doug Weldon, FBCI, CBRP, CBRA, CISM (Pending) Director, Business Continuity & Operational Risk Management - Ipreo

More information

Role of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions

Role of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions Role of BC / DR in CISRP Ramesh Warrier Director ebrp Solutions You have been HACKED Now what? Incident Response Incident HANDLING Incident RESPONSE Incident HANDLING Assessment Containment Eradication

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

MHA Consulting BCM Metrics Resiliency Through Measurement

MHA Consulting BCM Metrics Resiliency Through Measurement 0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

A Framework for Managing Crime and Fraud

A Framework for Managing Crime and Fraud A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations Agenda Introduction Economic

More information

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent

More information

Table of Contents. Sample

Table of Contents. Sample TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...

More information

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.

More information

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT) DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE

More information

The value of visibility. Cybersecurity risk management examination

The value of visibility. Cybersecurity risk management examination The value of visibility Cybersecurity risk management examination Welcome to the "new normal" Cyberattacks are inevitable. In fact, it s no longer a question of if a breach will occur but when. Cybercriminals

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Business Continuity Management Standards A Side-by-Side Comparison

Business Continuity Management Standards A Side-by-Side Comparison Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan

More information

Using International Standards to Implement a Business Continuity Management System (BCMS)

Using International Standards to Implement a Business Continuity Management System (BCMS) Using International Standards to Implement a Business Continuity Management System (BCMS) Dr. Abdulrahman AlEnezi Dr. Fawaz AlEnezi Eng. Maryam AlRadhwan Dr. Sultan AlEnezi Agenda Introduction Business

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and

More information

Cybersecurity Overview

Cybersecurity Overview Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where

More information

BUSINESS CONTINUITY AND DISASTER RECOVERY POLICY

BUSINESS CONTINUITY AND DISASTER RECOVERY POLICY BUSINESS CONTINUITY AND DISASTER RECOVERY POLICY Manual OCTOBER 2, 2016 CHILDREN IN FREEDOM (CIF) CIF P.O.Box 25286-00100, Kenya, Africa, NY, USA (c) 2016 Page 1 Contents ACKNOWLEDGEMENT... 0 1.0 STATEMENT...

More information

PIPELINE SECURITY An Overview of TSA Programs

PIPELINE SECURITY An Overview of TSA Programs PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the

More information

MNsure Privacy Program Strategic Plan FY

MNsure Privacy Program Strategic Plan FY MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term

More information

Number: USF System Emergency Management Responsible Office: Administrative Services

Number: USF System Emergency Management Responsible Office: Administrative Services POLICY USF System USF USFSP USFSM Number: 6-010 Title: USF System Emergency Management Responsible Office: Administrative Services Date of Origin: 2-7-12 Date Last Amended: 8-24-16 (technical) Date Last

More information

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director National Cyber Security Strategy - Qatar Michael Lewis, Deputy Director 2 Coordinating a National Approach to Cybersecurity ITU Pillars of Cybersecurity as a Reference Point providing the collected best

More information

Introduction to Business Continuity Management

Introduction to Business Continuity Management Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services

More information

SOLUTION BRIEF Virtual CISO

SOLUTION BRIEF Virtual CISO SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten

More information

Applying Mitigation. to Build Resilient Communities

Applying Mitigation. to Build Resilient Communities Applying Mitigation to Build Resilient Communities The Hazards Around Us Think about the natural hazard that... poses the greatest risk to where you live or work OR has had the greatest impact on you personally

More information

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber

More information

ISO Professional Services Guide to Implementation and Certification AND

ISO Professional Services Guide to Implementation and Certification AND ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR

More information

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American

More information

POSITION DESCRIPTION

POSITION DESCRIPTION Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

Achieving Enterprise Resiliency And Corporate Certification

Achieving Enterprise Resiliency And Corporate Certification Achieving Enterprise Resiliency And Corporate Certification By Combining Recovery Operations through a Common Recovery Language and Recovery Tools, While adhering to Domestic and International Compliance

More information

Implementing a Global Business

Implementing a Global Business GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance

More information

SOC 3 for Security and Availability

SOC 3 for Security and Availability SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust

More information

How to Derive Value from Business Continuity Planning

How to Derive Value from Business Continuity Planning How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, 2011 1 BCM Challenges BCM funding is limited

More information

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

Incident Response Services

Incident Response Services Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and

More information

Critical Infrastructure Protection Version 5

Critical Infrastructure Protection Version 5 Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding

More information

What Does the Future Look Like for Business Continuity Professionals?

What Does the Future Look Like for Business Continuity Professionals? What Does the Future Look Like for Business Continuity Professionals? October 26, 2016 Brian Zawada, FBCI President, US Chapter of the Business Continuity Institute Agenda and Objectives Change Standards

More information

Endpoint Security for Wholesale Payments

Endpoint Security for Wholesale Payments Endpoint Security for Wholesale Payments 2018 CHICAGO PAYMENTS SYMPOSIUM EMILY CARON MANAGER, FMI RISK & POLICY FEDERAL RESERVE BOARD The views expressed in this presentation are those of the speaker and

More information

Audit and Compliance Committee - Agenda

Audit and Compliance Committee - Agenda Audit and Compliance Committee - Agenda Board of Trustees Audit and Compliance Committee April 17, 2018, 1:30 2:30 p.m. President s Board Room Conference Call-In Phone #1-800-442-5794, passcode 463796

More information

WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA

WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY Integrating Resiliency into Our Culture and DNA Table of Contents Executive Summary.... 3 Background.... 4 Charter.................................................................4

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?

More information

Continuity of Business

Continuity of Business White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be

More information

New York City Emergency Management Public/Private Collaboration and Support

New York City Emergency Management Public/Private Collaboration and Support New York City Emergency Management Public/Private Collaboration and Support Property of the City of New York and NYC Emergency Management. Redistribution of this material without prior written authorization

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Cyber Security Strategy

Cyber Security Strategy Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from

More information

Cybersecurity Risk Management:

Cybersecurity Risk Management: Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov Cybersecurity in the Department of

More information

SECURITY & PRIVACY DOCUMENTATION

SECURITY & PRIVACY DOCUMENTATION Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network

7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network 7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network Business Impact Analysis A Regional Perspective Presented by Lim Sek Seong Vice President Sek_Seong@BCM-Institute.org

More information

Bradford J. Willke. 19 September 2007

Bradford J. Willke. 19 September 2007 A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure

More information

Enterprise GRC Implementation

Enterprise GRC Implementation Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest

More information

Disaster recovery strategic planning: How achievable will it be?

Disaster recovery strategic planning: How achievable will it be? April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

HENRY EE, FBCI, CBCP

HENRY EE, FBCI, CBCP 10 Things You Should Know When Reimagine Your ERM With BCM Program 27 July 2016 Presented by : Henry Ee, FBCI, CBCP, ISO22301 LA, Fellow of Business Continuity Institute (FBCI) Certified Business Continuity

More information

Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s. Business Continuity Readiness Overview

Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s. Business Continuity Readiness Overview Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s Robert Edson Vice President, Global Sales and Marketing Business Continuity Readiness Overview Business Continuity Management (BCM)

More information

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee

More information

Digital Service Management (DSM)

Digital Service Management (DSM) Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Securing, Managing and Improving the Online Services that Drive the Digital Enterprise itsm003 v.3.0 Agenda and Objectives

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

BCM Program Development

BCM Program Development BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This

More information

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination

More information

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010 JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

Overview of the Cybersecurity Framework

Overview of the Cybersecurity Framework Overview of the Cybersecurity Framework Implementation of Executive Order 13636 Matt Barrett Program Manager matthew.barrett@nist.gov cyberframework@nist.gov 15 January 2015 Executive Order: Improving

More information