Table of Contents. Sample
|
|
- Ami Simon
- 5 years ago
- Views:
Transcription
1 TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION GOALS AND OBJECTIVES REQUIRED REVIEW APPLICABILITY ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS... 6 CHAPTER 2 ACCOUNTABILITY AND MONITORING INTERNAL CONTROLS REPORTING REQUIREMENTS... 8 CHAPTER 3 STAFF AND TRAINING ONGOING TRAINING NEW HIRE TRAINING CHAPTER 4 BUSINESS CONTINUITY PLANNING PROCESSES RISK ASSESSMENT PROCESS BUSINESS IMPACT ANALYSIS PROCESS RECOVERY STRATEGY DEVELOPMENT PROCESS BUSINESS CONTINUITY PLAN DEVELOPMENT TESTING PROCESS CHAPTER 5 BUSINESS CONTINUITY PLAN OVERVIEW SCOPE BUSINESS CONTINUITY PLANNING AND TECHNOLOGY RECOVERY DEFINITIONS BUSINESS CONTINUITY PLAN OBJECTIVE CHAPTER 6 BUSINESS DESCRIPTION OFFICE LOCATIONS DATA CENTER LOCATIONS CHAPTER 7 EVENT TYPES BUSINESS INTERRUPTIONS TECHNOLOGY DISASTERS CHAPTER 8 PLAN LOGISTICS and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 1
2 8.1 APPROVALS, MAINTENANCE, REVISIONS, AND EXECUTION AUTHORITY PLAN LOCATION, DISTRIBUTION AND ACCESS CHAPTER 9 RISK ASSESSMENT RISK SCENARIOS GAP ANALYSIS CHAPTER 10 BUSINESS IMPACT ANALYSIS DETERMINE LEVELS OF IMPORTANCE BY BUSINESS FUNCTION ESTIMATE DOWNTIME TOLERANCES BY BUSINESS FUNCTION Recovery Time Objectives Recovery Point Objectives IDENTIFY RESOURCE REQUIREMENTS ESTABLISH THE CRITICAL PATH FOR RECOVERY CHAPTER 11 BUSINESS CONTINUITY ORGANIZATION ORGANIZATIONAL RESPONSIBILITIES EMPLOYEE RESPONSIBILITIES DUTIES CHAPTER 12 EVENT PHASES OBJECTIVES RESPONSE PHASE OBJECTIVES BUSINESS RESUMPTION PHASE OBJECTIVES RELOCATION PHASE OBJECTIVES RETURN TO BUSINESS AS USUAL PHASE OBJECTIVES CHAPTER 13 TEST PLANS AND EXECUTION TEST PLAN COMPLEXITY PHASE 1: TABLE TOP TESTING PHASE 2: TECHNOLOGY FAILOVER PHASE 3: TECHNOLOGY FAILOVER AND OFF SITE BUSINESS OPERATIONS CONTINUING REFINEMENTS CHAPTER 14 GENERAL EVENT PREPAREDNESS EMERGENCY MANAGEMENT/CRISIS RESPONSE TEAM CALL TREE CRITICAL PATH TO RECOVERY LIST OF EMPLOYEES AND CONTACT INFORMATION LIST OF VENDORS AND SERVICE PROVIDERS AND CONTACT INFORMATION LIST OF CUSTOMERS AND CONTACT INFORMATION and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 2
3 14.6 LIST OF EQUIPMENT SUPPLIERS AND DATA STORAGE LOCATIONS LIST OF COMMUNICATIONS CARRIERS, ISPS, INTERNET HOSTING EVENT CHECKLIST TECHNOLOGY AND INFRASTRUCTURE RECOVERY CHECKLIST CHAPTER 15 FFIEC TOOLS AND RESOURCES BCP BOOKLET CYBERSECURITY ASSESSMENT TOOL LESSONS LEARNED FROM HURRICANE KATRINA BROCHURE CHAPTER 16 AGENCY AND REGULATORY BCP REQUIREMENTS FANNIE MAE BCP REQUIREMENTS FREDDIE MAC BCP REQUIREMENTS OCC REQUIREMENTS and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 3
4 Introduction Chapter 1 Introduction is committed to the highest standards of federal consumer compliance and requires all management, employees, and third party vendors follow these policies and adhere to these standards. In today s environment, businesses leaders are increasingly aware of potential threats to their businesses that may appear in many forms; terrorism, catastrophic natural disasters, pandemics, and cyberattacks. Regulators likewise have taken a more careful view of the financial services industry s overall ability to respond to and recover from disruptive events that could impact the entire financial system and undermine the public s trust. recognizes the value of having a plan in place to protect its assets, to minimize its financial losses, to maintain its business operations and to recover its technology in the case of unplanned disruptive events. It is essential to to maintain continuity of its operations in support of its customers, business associates, stakeholders, regulatory obligations, and [ Client] s own financial status and reputation. This policy is intended to serve as the framework for developing s unique Business Continuity Plan (the Plan). It is the policy of to develop and maintain a Plan that considers strategies and procedures to recover, resume, and maintain its critical business functions, processes, and responsibilities. This policy is intended to provide the framework for developing and maintaining a Plan that is specific to the business needs, strategic goals and risk appetite of, and that is relative to its size and complexity. Senior management and the board of directors are committed to establishing and maintaining emergency procedures, backup facilities, and a comprehensive plan that allows for the timely recovery and resumption of operations and the fulfillment of the responsibilities and obligations of [ Client]. Management fully supports and participates in the development, monitoring, testing, and regular maintenance of the Plan. The Plan will initially be developed in house; however, may determine that an outsourced vendor provides the best solution and implementation for the company. In developing the Plan, management remains cognizant of and guided by specific information provided by the Federal Financial Institutions Examination Council (FFIEC). As defined on the FFIEC website, the Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 4
5 Processes Risk Assessment Process Chapter 4 Processes While the restoration of technology components is commonly seen as the focus of disaster recovery efforts, the recovery of systems and data is not always enough to restore business operations. [ Client] recognizes that the Plan must include the recovery, resumption, and maintenance of all aspects of the business. The Plan considers critical processes as well as all business units and departments, and how the enterprise as a whole will be able to respond to unplanned events. As part of the Plan, management will prioritize the business objectives and critical operations that are essential to the recovery and restoration efforts. Since it may not be possible to restore all business operations simultaneously, it is critical to identify and plan for the restoration of technologies and business units that are most urgent to the survival of the enterprise, the critical path. The planning process should include participation from s management, from business unit managers and supervisors, and from subject matter experts. Depending on the size and complexity of the organization a knowledgeable BCP Coordinator or a BCP Team is assigned to coordinate the overall effort, from development through testing and ongoing maintenance of the Plan. The planning process includes the following general areas: Risk Assessment Business Impact Analysis Recovery Strategy Development Business Continuity and Technology Recovery Plan Development Testing and Maintaining the Plan The process, however, is a continuous one that is reviewed and modified over time and in response to changing operations, results of testing, recommendations from independent reviews of the Plan, and the possibility of new types of threats. These areas are described generally below, and are explained in more depth in later sections. 4.1 Risk Assessment Process Risk assessment is the identification of probable threats that could impact the facilities and staff of. Threats may be of various types, severity, and likelihood. Risk assessment will consider threats by analyzing impact, severity, and likelihood. The risk assessment should consider non specific threats as well as specific threats. Non specific threats are those where the impact to the business is similar, regardless of the specific nature of the and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 11
6 Event Types Business Interruptions Chapter 7 Event Types The Plan anticipates interruptions to business operations, facilities, and technical infrastructures. Physical damage, depending on severity, will affect business operations to a greater or lesser degree. 7.1 Business Interruptions Business interruptions would affect s ability to communicate and conduct business, during events such as a power or communications outage, or an event requiring evacuation or denied access to the building housing personnel and internal networks. Business interruptions affect the ability of to conduct business as usual and to provide service to its customers. Some examples of business interruptions include: Utility service provider outage, localized Power grid fails due to overload or storms Communications/internet service failures Information security breaches and cyber attacks Access to building is denied due to criminal activity in the area Nearby toxic spill impacts access to facility Pandemic warnings indicate quarantine of building 7.2 Technology Disasters Technology Disasters are disruptions affecting the operation of the office facility, main data center, workstations, communications infrastructure, or other physical assets, and that require rebuilding and restoring communications and technology infrastructure in addition to restoring business operations. Some examples include the following: Fire in the facility Physical damage to a building resulting from environmental or natural disaster, or criminal activity Loss of power to the data center and ancillary generator power, if used as a mitigation strategy Prolonged loss of network connectivity to the primary data center and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 18
7 General Event Preparedness Continuing Refinements Chapter 14 General Event Preparedness The following activities, lists, and procedures should be made a part of the Plan for quick reference. The BPC coordinator holds responsibility for maintaining these types of supporting lists and checklists with current information. These lists are provided as starting points. For larger organizations, these lists will be maintained and supplied by key personnel in various departments. For example, technology service providers and equipment providers will be maintained by IT and employee contact information will be maintained by Human Resources. Emergency Management / Crisis Response Team Critical Path to recovery Lists of: o employees and contact information o customers and contact information o vendors and contact information o equipment suppliers and data storage locations o communications carriers, ISPs, internet hosting contact information, if available Business Continuity Checklist Technology Recovery Checklist and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 34
Appendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationCOMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards
November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance
More informationIntroduction to Business Continuity Management
Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationHeadline Verdana Bold
Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationIT CONTINUITY, BACKUP AND RECOVERY POLICY
IT CONTINUITY, BACKUP AND RECOVERY POLICY IT CONTINUITY, BACKUP AND RECOVERY POLICY Effective Date May 20, 2016 Cross- Reference 1. Emergency Response and Policy Holder Director, Information Business Resumption
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More information3.4 DISASTER RECOVERY (L , M.3.9, comp_req_id 806)
3.4 DISASTER RECOVERY (L.34.2.3.4, M.3.9, comp_req_id 806) Three key objectives that GSA has as part of the award of the Networx contract are to ensure service continuity, high-quality service, and operations
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationBusiness Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationFlorida State University
Florida State University Disaster Recovery & Business Continuity Planning Overview October 24, 2017 1 Key Readiness Questions Has your department identified the business functions and infrastructure that
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationBuild a viable plan for disaster recovery and crisis management.
Disaster recovery and crisis management solutions To support your IT objectives Build a viable plan for disaster recovery and crisis management. Highlights Build a plan to help respond to and recover from
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationEmergence of Business Continuity to Ensure Business and IT Operations. Solutions to successfully meet the requirements of business continuity.
Emergence of Business Continuity to Ensure Business and IT Operations Solutions to successfully meet the requirements of business continuity. 2 3 4 5 Introduction Use of Virtualization Technology as a
More informationEQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING
EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING BUSINESS CONTINUITY EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES The key to every successful Business Continuity Solution
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationBusiness Continuity Management
Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationCybersecurity Assessment Tool
FederalDepasitlnsuranceCarparation ~~d 1~~i 5yreet ~lw,uuashinyoon, D.C.2d42~-990 Financial Institution Letter FIL-28-2015 JUIy 2, 2015 Cybersecurity Assessment Tool Summary: The FDIC, in coordination
More informationPrepare your Emergency respons, continuity plan, recovery plan
Prepare your Emergency respons, continuity plan, recovery plan Panel Discussion with PortAventura,Europa Park, Disneyland Paris,Liseberg,the Safety Committee members with Q & A from attendees Septembre
More informationBusiness Services Resilience and Restoration. Financial Services Sector Preparation for an Extreme Event
Business Services Resilience and Restoration Financial Services Sector Preparation for an Extreme Event Draft as Draft of March as of March 13, 2019 13, 2019 Overview As the financial lives, interests,
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationCybersecurity and Examinations
Tim Segerson, Deputy Director NCUA E&I Cybersecurity and Examinations October 6, 2016 Chicago, IL Connected Devices Declining costs + increased bandwidth + powerful algorithms will spur a new information
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA
Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Security Policy and Procedures Identify Risk Assessment ID.RA Table of Contents Identify
More informationSymantec Business Continuity Solutions for Operational Risk Management
Symantec Business Continuity Solutions for Operational Risk Management Manage key elements of operational risk across your enterprise to keep critical processes running and your business moving forward.
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationEPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS
EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards
More informationNational Level Exercise 2018 After-Action Findings
National Level Exercise 2018 After-Action Findings National Level Exercise (NLE) 2018 examined the ability of all levels of government, private industry, and nongovernmental organizations to protect against,
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationPT-BSC. PT-BSC version 0.3. Primechain Technologies Blockchain Security Controls. Version 0.4 dated 21 st October, 2017
PT-BSC Primechain Technologies Blockchain Security Controls Version 0.4 dated 21 st October, 2017 PT-BSC version 0.3 PT-BSC (version 0.4 dated 21 st October, 2017) 1 Blockchain technology has earned the
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationTUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY
JUNE 2017 TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the Tufts Health Plan Corporate
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationSymantec Data Center Migration Service
Avoid unplanned downtime to critical business applications while controlling your costs and schedule The Symantec Data Center Migration Service helps you manage the risks and complexity of a migration
More informationOur key considerations include:
October 2017 We recognize that our ability to continue to function as an organization is critical to our clients, who rely heavily on our firm and our people to keep their own real estate functioning properly.
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationHow to Conduct a Business Impact Analysis and Risk Assessment
How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda
More informationTemplate. IT Disaster Recovery Planning: A Template
Template IT Disaster Recovery Planning: A Template When disaster strikes, business suffers. A goal of business planning is to mitigate disruption of product and services delivery to the greatest degree
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More informationIntegration of Business Continuity, Emergency Preparedness, and Emergency Response
Integration of Business Continuity, Emergency Preparedness, and Emergency Response Continuity Insights Conference 2014 Julia Halsne Manager of Business Continuity East Bay Municipal Utility District Contents
More informationEmergencies: Protecting Staff & Assets. Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited
Emergencies: Protecting Staff & Assets Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited Agenda Why is Planning Important? Lessons Learned From Recent Events The
More informationEmergency Management Response and Recovery. Mark Merritt, President September 2011
Emergency Management Response and Recovery Mark Merritt, President September 2011 Evolution of Response and Recovery Emergency Management Pendulum Hurricane Andrew August 24, 1992 9/11 Terrorist Attacks
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationBUSINESS CONTINUITY MANAGEMENT
BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017 PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory
More informationA Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.
A Practical Guide to Avoiding Disasters in Mission-Critical Facilities Todd Bermont What is a Disaster? An event that can unexpectedly impact the continuity of your business Anything that injures or has
More informationNHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationEmergency Operations Plan 2018 Annex IV - Business Continuity Plan
Emergency Operations Plan 2018 Annex IV - Business Continuity Plan Version XII Record of Changes Description of Change Entered By Date Entered Include Appendix G. Critical Functions David Cronk January
More informationDISASTER RECOVERY PRIMER
DISASTER RECOVERY PRIMER 1 Site Faliure Occurs Power Faliure / Virus Outbreak / ISP / Ransomware / Multiple Servers Sample Disaster Recovery Process Site Faliure Data Centre 1: Primary Data Centre Data
More informationBusiness Continuity Plan
Business Continuity Plan 0 BCP INTRODUCTION INFORMATION (REQUIRED)... LOCATION AND KEY CONTACT INFORMATION... PRIORITY BUSINESS PROCESSES... 0 BCP TEAM(S) (REQUIRED)... TEAM -... TEAM CONTACT INFORMATION...
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationStandard CIP Cyber Security Critical Cyber Asset Identification
Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationOverview Bank IT examination perspective Background information Elements of a sound plan Customer notifications
Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information
More informationAdvanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018
Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland
More informationInformation Technology Disaster Recovery Planning Audit Redacted Public Report
1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor Information Technology Disaster Recovery Planning Audit Redacted Public Report June 12, 2018 City of Edmonton
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationContinuity of Operations During Disasters: Electronic Systems and Medical Records
Idaho Health Care Association Continuity of Operations During Disasters: Electronic Systems and Medical Records Philip Niemer, MBA, MS, HEM Director Operational Continuity & Emergency Management Children
More informationRailroad Infrastructure Security
TRB Annual Meeting January 14, 2002 Session 107 - Railroad Security William C. Thompson william.thompson@jacobs.com 402-697-5011 Thanks to: Bob Ulrich Dr. William Harris Byron Ratcliff Frank Thigpen John
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationNational Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015
National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015 The Post Katrina Emergency Management Reform Act (2006) Required the
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationGUIDANCE NOTE ON CYBERSECURITY
GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationChapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS
Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power
More informationEmergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:
ESF Coordinator: Homeland Security/National Protection and Programs/Cybersecurity and Communications Primary Agencies: Homeland Security/National Protection and Programs/Cybersecurity and Communications
More information