Table of Contents. Sample

Size: px
Start display at page:

Download "Table of Contents. Sample"

Transcription

1 TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION GOALS AND OBJECTIVES REQUIRED REVIEW APPLICABILITY ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS... 6 CHAPTER 2 ACCOUNTABILITY AND MONITORING INTERNAL CONTROLS REPORTING REQUIREMENTS... 8 CHAPTER 3 STAFF AND TRAINING ONGOING TRAINING NEW HIRE TRAINING CHAPTER 4 BUSINESS CONTINUITY PLANNING PROCESSES RISK ASSESSMENT PROCESS BUSINESS IMPACT ANALYSIS PROCESS RECOVERY STRATEGY DEVELOPMENT PROCESS BUSINESS CONTINUITY PLAN DEVELOPMENT TESTING PROCESS CHAPTER 5 BUSINESS CONTINUITY PLAN OVERVIEW SCOPE BUSINESS CONTINUITY PLANNING AND TECHNOLOGY RECOVERY DEFINITIONS BUSINESS CONTINUITY PLAN OBJECTIVE CHAPTER 6 BUSINESS DESCRIPTION OFFICE LOCATIONS DATA CENTER LOCATIONS CHAPTER 7 EVENT TYPES BUSINESS INTERRUPTIONS TECHNOLOGY DISASTERS CHAPTER 8 PLAN LOGISTICS and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 1

2 8.1 APPROVALS, MAINTENANCE, REVISIONS, AND EXECUTION AUTHORITY PLAN LOCATION, DISTRIBUTION AND ACCESS CHAPTER 9 RISK ASSESSMENT RISK SCENARIOS GAP ANALYSIS CHAPTER 10 BUSINESS IMPACT ANALYSIS DETERMINE LEVELS OF IMPORTANCE BY BUSINESS FUNCTION ESTIMATE DOWNTIME TOLERANCES BY BUSINESS FUNCTION Recovery Time Objectives Recovery Point Objectives IDENTIFY RESOURCE REQUIREMENTS ESTABLISH THE CRITICAL PATH FOR RECOVERY CHAPTER 11 BUSINESS CONTINUITY ORGANIZATION ORGANIZATIONAL RESPONSIBILITIES EMPLOYEE RESPONSIBILITIES DUTIES CHAPTER 12 EVENT PHASES OBJECTIVES RESPONSE PHASE OBJECTIVES BUSINESS RESUMPTION PHASE OBJECTIVES RELOCATION PHASE OBJECTIVES RETURN TO BUSINESS AS USUAL PHASE OBJECTIVES CHAPTER 13 TEST PLANS AND EXECUTION TEST PLAN COMPLEXITY PHASE 1: TABLE TOP TESTING PHASE 2: TECHNOLOGY FAILOVER PHASE 3: TECHNOLOGY FAILOVER AND OFF SITE BUSINESS OPERATIONS CONTINUING REFINEMENTS CHAPTER 14 GENERAL EVENT PREPAREDNESS EMERGENCY MANAGEMENT/CRISIS RESPONSE TEAM CALL TREE CRITICAL PATH TO RECOVERY LIST OF EMPLOYEES AND CONTACT INFORMATION LIST OF VENDORS AND SERVICE PROVIDERS AND CONTACT INFORMATION LIST OF CUSTOMERS AND CONTACT INFORMATION and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 2

3 14.6 LIST OF EQUIPMENT SUPPLIERS AND DATA STORAGE LOCATIONS LIST OF COMMUNICATIONS CARRIERS, ISPS, INTERNET HOSTING EVENT CHECKLIST TECHNOLOGY AND INFRASTRUCTURE RECOVERY CHECKLIST CHAPTER 15 FFIEC TOOLS AND RESOURCES BCP BOOKLET CYBERSECURITY ASSESSMENT TOOL LESSONS LEARNED FROM HURRICANE KATRINA BROCHURE CHAPTER 16 AGENCY AND REGULATORY BCP REQUIREMENTS FANNIE MAE BCP REQUIREMENTS FREDDIE MAC BCP REQUIREMENTS OCC REQUIREMENTS and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 3

4 Introduction Chapter 1 Introduction is committed to the highest standards of federal consumer compliance and requires all management, employees, and third party vendors follow these policies and adhere to these standards. In today s environment, businesses leaders are increasingly aware of potential threats to their businesses that may appear in many forms; terrorism, catastrophic natural disasters, pandemics, and cyberattacks. Regulators likewise have taken a more careful view of the financial services industry s overall ability to respond to and recover from disruptive events that could impact the entire financial system and undermine the public s trust. recognizes the value of having a plan in place to protect its assets, to minimize its financial losses, to maintain its business operations and to recover its technology in the case of unplanned disruptive events. It is essential to to maintain continuity of its operations in support of its customers, business associates, stakeholders, regulatory obligations, and [ Client] s own financial status and reputation. This policy is intended to serve as the framework for developing s unique Business Continuity Plan (the Plan). It is the policy of to develop and maintain a Plan that considers strategies and procedures to recover, resume, and maintain its critical business functions, processes, and responsibilities. This policy is intended to provide the framework for developing and maintaining a Plan that is specific to the business needs, strategic goals and risk appetite of, and that is relative to its size and complexity. Senior management and the board of directors are committed to establishing and maintaining emergency procedures, backup facilities, and a comprehensive plan that allows for the timely recovery and resumption of operations and the fulfillment of the responsibilities and obligations of [ Client]. Management fully supports and participates in the development, monitoring, testing, and regular maintenance of the Plan. The Plan will initially be developed in house; however, may determine that an outsourced vendor provides the best solution and implementation for the company. In developing the Plan, management remains cognizant of and guided by specific information provided by the Federal Financial Institutions Examination Council (FFIEC). As defined on the FFIEC website, the Council is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 4

5 Processes Risk Assessment Process Chapter 4 Processes While the restoration of technology components is commonly seen as the focus of disaster recovery efforts, the recovery of systems and data is not always enough to restore business operations. [ Client] recognizes that the Plan must include the recovery, resumption, and maintenance of all aspects of the business. The Plan considers critical processes as well as all business units and departments, and how the enterprise as a whole will be able to respond to unplanned events. As part of the Plan, management will prioritize the business objectives and critical operations that are essential to the recovery and restoration efforts. Since it may not be possible to restore all business operations simultaneously, it is critical to identify and plan for the restoration of technologies and business units that are most urgent to the survival of the enterprise, the critical path. The planning process should include participation from s management, from business unit managers and supervisors, and from subject matter experts. Depending on the size and complexity of the organization a knowledgeable BCP Coordinator or a BCP Team is assigned to coordinate the overall effort, from development through testing and ongoing maintenance of the Plan. The planning process includes the following general areas: Risk Assessment Business Impact Analysis Recovery Strategy Development Business Continuity and Technology Recovery Plan Development Testing and Maintaining the Plan The process, however, is a continuous one that is reviewed and modified over time and in response to changing operations, results of testing, recommendations from independent reviews of the Plan, and the possibility of new types of threats. These areas are described generally below, and are explained in more depth in later sections. 4.1 Risk Assessment Process Risk assessment is the identification of probable threats that could impact the facilities and staff of. Threats may be of various types, severity, and likelihood. Risk assessment will consider threats by analyzing impact, severity, and likelihood. The risk assessment should consider non specific threats as well as specific threats. Non specific threats are those where the impact to the business is similar, regardless of the specific nature of the and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 11

6 Event Types Business Interruptions Chapter 7 Event Types The Plan anticipates interruptions to business operations, facilities, and technical infrastructures. Physical damage, depending on severity, will affect business operations to a greater or lesser degree. 7.1 Business Interruptions Business interruptions would affect s ability to communicate and conduct business, during events such as a power or communications outage, or an event requiring evacuation or denied access to the building housing personnel and internal networks. Business interruptions affect the ability of to conduct business as usual and to provide service to its customers. Some examples of business interruptions include: Utility service provider outage, localized Power grid fails due to overload or storms Communications/internet service failures Information security breaches and cyber attacks Access to building is denied due to criminal activity in the area Nearby toxic spill impacts access to facility Pandemic warnings indicate quarantine of building 7.2 Technology Disasters Technology Disasters are disruptions affecting the operation of the office facility, main data center, workstations, communications infrastructure, or other physical assets, and that require rebuilding and restoring communications and technology infrastructure in addition to restoring business operations. Some examples include the following: Fire in the facility Physical damage to a building resulting from environmental or natural disaster, or criminal activity Loss of power to the data center and ancillary generator power, if used as a mitigation strategy Prolonged loss of network connectivity to the primary data center and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 18

7 General Event Preparedness Continuing Refinements Chapter 14 General Event Preparedness The following activities, lists, and procedures should be made a part of the Plan for quick reference. The BPC coordinator holds responsibility for maintaining these types of supporting lists and checklists with current information. These lists are provided as starting points. For larger organizations, these lists will be maintained and supplied by key personnel in various departments. For example, technology service providers and equipment providers will be maintained by IT and employee contact information will be maintained by Human Resources. Emergency Management / Crisis Response Team Critical Path to recovery Lists of: o employees and contact information o customers and contact information o vendors and contact information o equipment suppliers and data storage locations o communications carriers, ISPs, internet hosting contact information, if available Business Continuity Checklist Technology Recovery Checklist and its licensor. ALL RIGHTS RESERVED. Without the prior written permission of and its outside of. 34

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision

More information

Introduction to Business continuity Planning

Introduction to Business continuity Planning Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources

More information

Global Statement of Business Continuity

Global Statement of Business Continuity Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program

More information

Business Continuity Management Standards A Side-by-Side Comparison

Business Continuity Management Standards A Side-by-Side Comparison Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan

More information

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability

More information

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards November 2016 COMMENTARY Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards The Board of Governors of the Federal Reserve System ( Federal Reserve Board ), the Federal Deposit Insurance

More information

Introduction to Business Continuity Management

Introduction to Business Continuity Management Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services

More information

FDIC InTREx What Documentation Are You Expected to Have?

FDIC InTREx What Documentation Are You Expected to Have? FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the

More information

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity

More information

Headline Verdana Bold

Headline Verdana Bold Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

IT CONTINUITY, BACKUP AND RECOVERY POLICY

IT CONTINUITY, BACKUP AND RECOVERY POLICY IT CONTINUITY, BACKUP AND RECOVERY POLICY IT CONTINUITY, BACKUP AND RECOVERY POLICY Effective Date May 20, 2016 Cross- Reference 1. Emergency Response and Policy Holder Director, Information Business Resumption

More information

Business continuity management and cyber resiliency

Business continuity management and cyber resiliency Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,

More information

Business Continuity Management Program Overview

Business Continuity Management Program Overview Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

Business Continuity: How to Keep City Departments in Business after a Disaster

Business Continuity: How to Keep City Departments in Business after a Disaster Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and

More information

3.4 DISASTER RECOVERY (L , M.3.9, comp_req_id 806)

3.4 DISASTER RECOVERY (L , M.3.9, comp_req_id 806) 3.4 DISASTER RECOVERY (L.34.2.3.4, M.3.9, comp_req_id 806) Three key objectives that GSA has as part of the award of the Networx contract are to ensure service continuity, high-quality service, and operations

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and

More information

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

Florida State University

Florida State University Florida State University Disaster Recovery & Business Continuity Planning Overview October 24, 2017 1 Key Readiness Questions Has your department identified the business functions and infrastructure that

More information

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC

More information

Build a viable plan for disaster recovery and crisis management.

Build a viable plan for disaster recovery and crisis management. Disaster recovery and crisis management solutions To support your IT objectives Build a viable plan for disaster recovery and crisis management. Highlights Build a plan to help respond to and recover from

More information

MassMutual Business Continuity Disclosure Statement

MassMutual Business Continuity Disclosure Statement MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments

More information

NEN The Education Network

NEN The Education Network NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected

More information

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The

More information

Continuity of Business

Continuity of Business White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be

More information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City 1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the

More information

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being

More information

Disaster Recovery and Business Continuity Planning (Mile2)

Disaster Recovery and Business Continuity Planning (Mile2) Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

Keys to a more secure data environment

Keys to a more secure data environment Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting

More information

NYDFS Cybersecurity Regulations

NYDFS Cybersecurity Regulations SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Emergence of Business Continuity to Ensure Business and IT Operations. Solutions to successfully meet the requirements of business continuity.

Emergence of Business Continuity to Ensure Business and IT Operations. Solutions to successfully meet the requirements of business continuity. Emergence of Business Continuity to Ensure Business and IT Operations Solutions to successfully meet the requirements of business continuity. 2 3 4 5 Introduction Use of Virtualization Technology as a

More information

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING

EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING BUSINESS CONTINUITY EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES The key to every successful Business Continuity Solution

More information

Heavy Vehicle Cyber Security Bulletin

Heavy Vehicle Cyber Security Bulletin Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Lakeshore Technical College Official Policy

Lakeshore Technical College Official Policy Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director

More information

Cybersecurity Assessment Tool

Cybersecurity Assessment Tool FederalDepasitlnsuranceCarparation ~~d 1~~i 5yreet ~lw,uuashinyoon, D.C.2d42~-990 Financial Institution Letter FIL-28-2015 JUIy 2, 2015 Cybersecurity Assessment Tool Summary: The FDIC, in coordination

More information

Prepare your Emergency respons, continuity plan, recovery plan

Prepare your Emergency respons, continuity plan, recovery plan Prepare your Emergency respons, continuity plan, recovery plan Panel Discussion with PortAventura,Europa Park, Disneyland Paris,Liseberg,the Safety Committee members with Q & A from attendees Septembre

More information

Business Services Resilience and Restoration. Financial Services Sector Preparation for an Extreme Event

Business Services Resilience and Restoration. Financial Services Sector Preparation for an Extreme Event Business Services Resilience and Restoration Financial Services Sector Preparation for an Extreme Event Draft as Draft of March as of March 13, 2019 13, 2019 Overview As the financial lives, interests,

More information

Information Technology General Control Review

Information Technology General Control Review Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Cybersecurity and Examinations

Cybersecurity and Examinations Tim Segerson, Deputy Director NCUA E&I Cybersecurity and Examinations October 6, 2016 Chicago, IL Connected Devices Declining costs + increased bandwidth + powerful algorithms will spur a new information

More information

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Security Policy and Procedures Identify Risk Assessment ID.RA Table of Contents Identify

More information

Symantec Business Continuity Solutions for Operational Risk Management

Symantec Business Continuity Solutions for Operational Risk Management Symantec Business Continuity Solutions for Operational Risk Management Manage key elements of operational risk across your enterprise to keep critical processes running and your business moving forward.

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS The Role of Systems Engineering in Addressing Black Sky Hazards

More information

National Level Exercise 2018 After-Action Findings

National Level Exercise 2018 After-Action Findings National Level Exercise 2018 After-Action Findings National Level Exercise (NLE) 2018 examined the ability of all levels of government, private industry, and nongovernmental organizations to protect against,

More information

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

PT-BSC. PT-BSC version 0.3. Primechain Technologies Blockchain Security Controls. Version 0.4 dated 21 st October, 2017

PT-BSC. PT-BSC version 0.3. Primechain Technologies Blockchain Security Controls. Version 0.4 dated 21 st October, 2017 PT-BSC Primechain Technologies Blockchain Security Controls Version 0.4 dated 21 st October, 2017 PT-BSC version 0.3 PT-BSC (version 0.4 dated 21 st October, 2017) 1 Blockchain technology has earned the

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY JUNE 2017 TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the Tufts Health Plan Corporate

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

Symantec Data Center Migration Service

Symantec Data Center Migration Service Avoid unplanned downtime to critical business applications while controlling your costs and schedule The Symantec Data Center Migration Service helps you manage the risks and complexity of a migration

More information

Our key considerations include:

Our key considerations include: October 2017 We recognize that our ability to continue to function as an organization is critical to our clients, who rely heavily on our firm and our people to keep their own real estate functioning properly.

More information

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED

More information

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO

More information

How to Conduct a Business Impact Analysis and Risk Assessment

How to Conduct a Business Impact Analysis and Risk Assessment How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda

More information

Template. IT Disaster Recovery Planning: A Template

Template. IT Disaster Recovery Planning: A Template Template IT Disaster Recovery Planning: A Template When disaster strikes, business suffers. A goal of business planning is to mitigate disruption of product and services delivery to the greatest degree

More information

Canada Life Cyber Security Statement 2018

Canada Life Cyber Security Statement 2018 Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting

Addressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in

More information

Integration of Business Continuity, Emergency Preparedness, and Emergency Response

Integration of Business Continuity, Emergency Preparedness, and Emergency Response Integration of Business Continuity, Emergency Preparedness, and Emergency Response Continuity Insights Conference 2014 Julia Halsne Manager of Business Continuity East Bay Municipal Utility District Contents

More information

Emergencies: Protecting Staff & Assets. Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited

Emergencies: Protecting Staff & Assets. Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited Emergencies: Protecting Staff & Assets Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited Agenda Why is Planning Important? Lessons Learned From Recent Events The

More information

Emergency Management Response and Recovery. Mark Merritt, President September 2011

Emergency Management Response and Recovery. Mark Merritt, President September 2011 Emergency Management Response and Recovery Mark Merritt, President September 2011 Evolution of Response and Recovery Emergency Management Pendulum Hurricane Andrew August 24, 1992 9/11 Terrorist Attacks

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017 PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory

More information

A Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues.

A Practical Guide to Avoiding Disasters in Mission-Critical Facilities. What is a Disaster? Associated Business Issues. A Practical Guide to Avoiding Disasters in Mission-Critical Facilities Todd Bermont What is a Disaster? An event that can unexpectedly impact the continuity of your business Anything that injures or has

More information

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification

More information

Emergency Operations Plan 2018 Annex IV - Business Continuity Plan

Emergency Operations Plan 2018 Annex IV - Business Continuity Plan Emergency Operations Plan 2018 Annex IV - Business Continuity Plan Version XII Record of Changes Description of Change Entered By Date Entered Include Appendix G. Critical Functions David Cronk January

More information

DISASTER RECOVERY PRIMER

DISASTER RECOVERY PRIMER DISASTER RECOVERY PRIMER 1 Site Faliure Occurs Power Faliure / Virus Outbreak / ISP / Ransomware / Multiple Servers Sample Disaster Recovery Process Site Faliure Data Centre 1: Primary Data Centre Data

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan 0 BCP INTRODUCTION INFORMATION (REQUIRED)... LOCATION AND KEY CONTACT INFORMATION... PRIORITY BUSINESS PROCESSES... 0 BCP TEAM(S) (REQUIRED)... TEAM -... TEAM CONTACT INFORMATION...

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

Standard CIP Cyber Security Critical Cyber Asset Identification

Standard CIP Cyber Security Critical Cyber Asset Identification Standard CIP 002 1 Cyber Security Critical Cyber Asset Identification Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed

More information

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

More information

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018

Business Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One

More information

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information

More information

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018 The Homeland Security Systems Engineering and Development Institute (HSSEDI ) is a trademark of the U.S. Department of Homeland

More information

Information Technology Disaster Recovery Planning Audit Redacted Public Report

Information Technology Disaster Recovery Planning Audit Redacted Public Report 1200, Scotia Place, Tower 1 10060 Jasper Avenue Edmonton, Alberta T5J 3R8 edmonton.ca/auditor Information Technology Disaster Recovery Planning Audit Redacted Public Report June 12, 2018 City of Edmonton

More information

Public Safety Canada. Audit of the Business Continuity Planning Program

Public Safety Canada. Audit of the Business Continuity Planning Program Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely

More information

Continuity of Operations During Disasters: Electronic Systems and Medical Records

Continuity of Operations During Disasters: Electronic Systems and Medical Records Idaho Health Care Association Continuity of Operations During Disasters: Electronic Systems and Medical Records Philip Niemer, MBA, MS, HEM Director Operational Continuity & Emergency Management Children

More information

Railroad Infrastructure Security

Railroad Infrastructure Security TRB Annual Meeting January 14, 2002 Session 107 - Railroad Security William C. Thompson william.thompson@jacobs.com 402-697-5011 Thanks to: Bob Ulrich Dr. William Harris Byron Ratcliff Frank Thigpen John

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting

More information

Information for entity management. April 2018

Information for entity management. April 2018 Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed

More information

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015 National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015 The Post Katrina Emergency Management Reform Act (2006) Required the

More information

INTELLIGENCE DRIVEN GRC FOR SECURITY

INTELLIGENCE DRIVEN GRC FOR SECURITY INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to

More information

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding

More information

GUIDANCE NOTE ON CYBERSECURITY

GUIDANCE NOTE ON CYBERSECURITY GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS The Saskatchewan Power Corporation (SaskPower) is the principal supplier of power in Saskatchewan with its mission to deliver power

More information

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies: ESF Coordinator: Homeland Security/National Protection and Programs/Cybersecurity and Communications Primary Agencies: Homeland Security/National Protection and Programs/Cybersecurity and Communications

More information