Building a BC/DR Control Library and Regulatory Response Program
|
|
- Aubrey Ray
- 5 years ago
- Views:
Transcription
1 Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group
2 Regulatory Compliance & Controls September, 2016
3 Agenda 1 A quick introduction to CME Group 2 Business continuity management at CME 3 The evolution of regulatory response at CME 4 Regulatory response, compliance and controls 5 Questions
4 A Quick Introduction to CME Group Who we are and what we do
5 CME Group The world s leading and most diverse derivatives marketplace Our exchanges - Chicago Mercantile Exchange (CME) - Chicago Board of Trade (CBOT) - New York Mercantile Exchange (NYMEX) - Commodities Exchange (COMEX) Our markets: futures and options based on - Interest rates - Equities indexes - Foreign exchange - Energy - Agricultural commodities - Metals - Weather - Real estate Our reach - Access in 150 countries - Market connections through 11 global hubs - Relationships with 12 partner exchanges - Offices and employees around the world
6 CME Group The world s leading and most diverse derivatives marketplace
7 Business Continuity Management at CME Group What we do and what our regulators want to understand
8 Business Continuity Management at CME Group Our team mitigates potential impacts to our markets, customers, assets and employees based on identified risks. We are committed to ensuring CME Group can respond to an incident while safeguarding the interests of our stakeholders, ensuring the safety of employees and protecting our reputation and brand. BCM Methodology Align with US and International standards; Implement response and recovery strategies that are both flexible and agile; Build effective partnerships throughout the company; Employ tested exercise models that evolve with our environment and architecture; Seek opportunities for enhanced resilience; Identify and apply mitigation plans, based on proper risk tolerance; Establish collaborative relationships with external entities, partnerships and agencies; and Monitor and adjust program components to meet both domestic and international regulatory requirements and to reflect material changes to the business.
9 Business Continuity Management Program Components
10 Methodology
11 Crisis Analysis Focus Areas Execute on the requirements of the Global Program which include: Working with Enterprise Risk Management, we plan against top tier risks. Coordinate with the Threat Analysis & Planning Team and communicate with executive leadership, senior management and subject matter experts about potential threats and mitigation efforts. Key stakeholders include: Senior Leadership, Risk Management Team, Threat Planning & Analysis Team, Global Assurance, Risk Committee of the Board of Directors
12 Business Resilience Focus Areas Execute on the requirements of the Global Program which include: Developing Business Impact Analyses (BIA) & Business Recovery Plans (BRP) Training Business Continuity Coordinators Coordinating Alternate Work Strategies
13 Event Management & Response Focus Areas Employ advanced tools which serve to facilitate: Effective global notifications Leadership communication Cross-functional collaboration and coordination
14 Event Management & Response Q Events 20% 10% Natural Hazard/Weather 20% Protest/Strike 10% 40% Violence/Terrorism System/Infrastructure Health/Environmental
15 Disaster Recovery Focus Areas Engage IT at all levels to ensure complete DR solution for existing and new applications and systems Document recovery strategy and procedures for every component of CME Group s IT systems Analyze recovery gaps and single points of failure Expand DR partner and customer relationships Enhance processes to reduce recovery time capabilities, where possible
16 Exercises & Education Annual Exercise Overview Name Frequency Incident Response Teams Tabletop Exercise Crisis Management Team Emergency Notification Tool Exercise Enterprise Response Team Regional Incident Response Teams National Communication Systems Exercise (GETS) Telecommuting Exercise Full System Failover Exercise Full System Failover & Business Unit Exercise Partner Exchange DR Exercises (PE DR to CME Prod) Industry-wide Exercises Annually Annually Annually Quarterly Annually Annually 2 times a year 2 times a year As requested by Partner Exchange As available & appropriate
17 Exercises & Education Focus Areas BCM program videos and training guides Events and increased focus during Business Continuity Awareness Week & Emergency Preparedness Month Increased BCM program awareness briefings across the enterprise, including presentations at division and task force meetings On-demand tabletops for departments and crossfunctional teams
18 Public/Private Partnerships
19 Customer Outreach Program Features Regular meetings and calls feature guest speakers that offer different perspectives on BC/DR Industry experts on hand to discuss relevant and timely topics of interest Networking opportunities allow for our customers to meet each other and establish new relationships FIA industry-wide DR exercise
20 Program Strategy & Compliance Focus Areas Regulatory Response Program Controls Audits and assessments Benchmarking and reporting Program maturation Policy and program documentation Policy Response New Business Support
21 Program Strategy & Compliance Program Alignment
22 Program Strategy & Compliance Regulatory Compliance Monitor US and International BC/DR regulation for program compliance Monitor global BC/DR standards to ensure program alignment Coordinate, research and respond to regulatory requests and inquiries
23 The Evolution of Regulatory Response at CME Group
24 Regulators and Regulation CME Group s Regulators Increased globalization leads to additional regulators both primary and non primary Increased number of requests Existing businesses in new locations New business in existing and new locations
25 Regulators and Regulation Changes in Regulations Dodd Frank Reform leads to new rules and requirements Business continuity programs must be based on industry best practices Difficult as NIST is not an international standard, but US regulators rely heavily on this standard for BCM Compliance with regulation had to be demonstrated by organizations use of standards and risk methodologies Industry Standards: NIST, FFIEC, ISO 22301, PFMI, NFPA 1600, BSI
26 The Need for BCM Controls
27 Controls A process for assuring achievement of an organizations objectives in operational effectiveness and efficiency, reliable financial reporting, compliance with laws, regulations and policies. Financial reporting AICPA SOX IT & Security ITIL NIST Business & Operations ISO ANSI SOC
28 Why We Need BC/DR Controls Prove operational effectiveness Address risk and understand results of noncompliance Identify tradeoffs Assist in planning Maturation and continuous improvement
29 Developing Controls: Gap Analysis Review all current regulations and standards Choose a guide- Most BCM standards are comparable in content and some are more prescriptive for compliance. If you can, align the program with the most prescriptive, to help avoid missing any aspects of your program a regulator might address Perform a gap analysis
30 Developing Controls: After Gap Analysis Write BC/DR controls based on where you want to be The control should be a clear, concise statement written to be applicable to the organization, not the standard or the regulation Share your efforts with the company. Determine testing schedules Compare controls with other company controls to help ensure alignment
31 Developing Controls: Elements of Our Framework Control ID: Control: Document ID Document Description Risk Description: What risk is this control attributed to? Testing requirements: Using the language from the regulations and standards you decided to use, detail what each control must adhere to. This will be used in the annual review to ensure compliance.
32 Developing Controls: Elements of Our Framework Standard mapping: for each control, map the standards and regulations that apply to the controls to show how the organization is meeting its objectives This also helps show the alignment with the standard the company chose to comply with and the other standards the company meets for the same control.
33 What s Next: Company Decisions Ownership of controls Enterprise view of all controls: IT Financial Operational Tools for managing controls Staff considerations: who will review and maintain the departments controls
34 Final Considerations Operational controls are not new, but how we use them in BCM might be Risk is better addressed within an environment that has controls, and clear visibility of how risk is attributed to controls Having senior leadership buy-in is essential The regulatory landscape, changes and uncertainty
35 Contact Information David Garland Senior Director, Business Continuity Management #cmegroup
36 Thank You
37
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationSession 5: Business Continuity, with Business Impact Analysis
Session 5: Business Continuity, with Business Impact Analysis By: Tuncay Efendioglu, Acting Director Internal Oversight Division, WIPO Pierre-François Gadpaille, Audit Specialist (Information Systems),
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Organisation for the Prohibition of Chemical Weapons September 13, 2011 Overall Landscape
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationEnterprise resilience and the role of Standards
www.pwc.co.uk Enterprise resilience and the role of Standards Why do we have Standards? Globalisation Consistency Quality Supply chain and outsourcing Marketing value Slide 2 Stakeholder value Ultimately,
More informationPOSITION DESCRIPTION
POSITION DESCRIPTION Engagement Manager Unit/Branch, Directorate: Location: Outreach & Engagement, Information Assurance and Cyber Security Directorate Auckland Salary range: H $77,711 - $116,567 Purpose
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationBusiness Continuity Policy
Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationBCM s Role in Effective Risk Management: A Risk Manager s Point of View
BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationfalanx Cyber ISO 27001: How and why your organisation should get certified
falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationWhen Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.
When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationB13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation
B13: The Case for Integration Converting the BCM Silo into an Enterprise Risk Foundation Doug Weldon, FBCI, CBRP, CBRA, CISM (Pending) Director, Business Continuity & Operational Risk Management - Ipreo
More informationRole of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions
Role of BC / DR in CISRP Ramesh Warrier Director ebrp Solutions You have been HACKED Now what? Incident Response Incident HANDLING Incident RESPONSE Incident HANDLING Assessment Containment Eradication
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationMHA Consulting BCM Metrics Resiliency Through Measurement
0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations Agenda Introduction Economic
More informationMitigation Framework Leadership Group (MitFLG) Charter DRAFT
Mitigation Framework Leadership Group (MitFLG) Charter DRAFT October 28, 2013 1.0 Authorities and Oversight The Mitigation Framework Leadership Group (MitFLG) is hereby established in support of and consistent
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationThe value of visibility. Cybersecurity risk management examination
The value of visibility Cybersecurity risk management examination Welcome to the "new normal" Cyberattacks are inevitable. In fact, it s no longer a question of if a breach will occur but when. Cybercriminals
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationUsing International Standards to Implement a Business Continuity Management System (BCMS)
Using International Standards to Implement a Business Continuity Management System (BCMS) Dr. Abdulrahman AlEnezi Dr. Fawaz AlEnezi Eng. Maryam AlRadhwan Dr. Sultan AlEnezi Agenda Introduction Business
More informationBusiness Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationBUSINESS CONTINUITY AND DISASTER RECOVERY POLICY
BUSINESS CONTINUITY AND DISASTER RECOVERY POLICY Manual OCTOBER 2, 2016 CHILDREN IN FREEDOM (CIF) CIF P.O.Box 25286-00100, Kenya, Africa, NY, USA (c) 2016 Page 1 Contents ACKNOWLEDGEMENT... 0 1.0 STATEMENT...
More informationPIPELINE SECURITY An Overview of TSA Programs
PIPELINE SECURITY An Overview of TSA Programs Jack Fox Pipeline Industry Engagement Manager Surface Division Office of Security Policy & Industry Engagement May 5, 2014 TSA and Pipeline Security As the
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationNumber: USF System Emergency Management Responsible Office: Administrative Services
POLICY USF System USF USFSP USFSM Number: 6-010 Title: USF System Emergency Management Responsible Office: Administrative Services Date of Origin: 2-7-12 Date Last Amended: 8-24-16 (technical) Date Last
More informationNational Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director
National Cyber Security Strategy - Qatar Michael Lewis, Deputy Director 2 Coordinating a National Approach to Cybersecurity ITU Pillars of Cybersecurity as a Reference Point providing the collected best
More informationIntroduction to Business Continuity Management
Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationApplying Mitigation. to Build Resilient Communities
Applying Mitigation to Build Resilient Communities The Hazards Around Us Think about the natural hazard that... poses the greatest risk to where you live or work OR has had the greatest impact on you personally
More informationUnderstanding Cyber Insurance & Regulatory Drivers for Business Continuity
Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber
More informationISO Professional Services Guide to Implementation and Certification AND
ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationSOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions
SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion of the American
More informationPOSITION DESCRIPTION
Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationAchieving Enterprise Resiliency And Corporate Certification
Achieving Enterprise Resiliency And Corporate Certification By Combining Recovery Operations through a Common Recovery Language and Recovery Tools, While adhering to Domestic and International Compliance
More informationImplementing a Global Business
GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationCOMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards
November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationHow to Derive Value from Business Continuity Planning
How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, 2011 1 BCM Challenges BCM funding is limited
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationWhat Does the Future Look Like for Business Continuity Professionals?
What Does the Future Look Like for Business Continuity Professionals? October 26, 2016 Brian Zawada, FBCI President, US Chapter of the Business Continuity Institute Agenda and Objectives Change Standards
More informationEndpoint Security for Wholesale Payments
Endpoint Security for Wholesale Payments 2018 CHICAGO PAYMENTS SYMPOSIUM EMILY CARON MANAGER, FMI RISK & POLICY FEDERAL RESERVE BOARD The views expressed in this presentation are those of the speaker and
More informationAudit and Compliance Committee - Agenda
Audit and Compliance Committee - Agenda Board of Trustees Audit and Compliance Committee April 17, 2018, 1:30 2:30 p.m. President s Board Room Conference Call-In Phone #1-800-442-5794, passcode 463796
More informationWHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY. Integrating Resiliency into Our Culture and DNA
WHITE PAPER OCTOBER 2017 VMWARE ENTERPRISE RESILIENCY Integrating Resiliency into Our Culture and DNA Table of Contents Executive Summary.... 3 Background.... 4 Charter.................................................................4
More informationBusiness Continuity Management
Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationNew York City Emergency Management Public/Private Collaboration and Support
New York City Emergency Management Public/Private Collaboration and Support Property of the City of New York and NYC Emergency Management. Redistribution of this material without prior written authorization
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationCybersecurity Risk Management:
Cybersecurity Risk Management: Building a Culture of Responsibility G7 ICT and Industry Multistakeholder Conference September 25 2017 Adam Sedgewick asedgewick@doc.gov Cybersecurity in the Department of
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More information7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network
7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network Business Impact Analysis A Regional Perspective Presented by Lim Sek Seong Vice President Sek_Seong@BCM-Institute.org
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationEnterprise GRC Implementation
Enterprise GRC Implementation Our journey so far implementation observations and learning points Derek Walker Corporate Risk Manager National Grid 1 Introduction to National Grid One of the world s largest
More informationDisaster recovery strategic planning: How achievable will it be?
April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Disaster recovery strategic planning: How achievable will it be? Prudence Marasigan Ernst & Young Advisory Services, Senior Manager prudence.marasigan@ey.com
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationHENRY EE, FBCI, CBCP
10 Things You Should Know When Reimagine Your ERM With BCM Program 27 July 2016 Presented by : Henry Ee, FBCI, CBCP, ISO22301 LA, Fellow of Business Continuity Institute (FBCI) Certified Business Continuity
More informationBest-in-Class Crisis Preparation: Maximize Readiness with the Four T s. Business Continuity Readiness Overview
Best-in-Class Crisis Preparation: Maximize Readiness with the Four T s Robert Edson Vice President, Global Sales and Marketing Business Continuity Readiness Overview Business Continuity Management (BCM)
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationDigital Service Management (DSM)
Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Securing, Managing and Improving the Online Services that Drive the Digital Enterprise itsm003 v.3.0 Agenda and Objectives
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationBCM Program Development
BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationOverview of the Cybersecurity Framework
Overview of the Cybersecurity Framework Implementation of Executive Order 13636 Matt Barrett Program Manager matthew.barrett@nist.gov cyberframework@nist.gov 15 January 2015 Executive Order: Improving
More information