Deciphering Overlapping Standards and Requirements, Using the BCP Genome
|
|
- Ethel Booth
- 6 years ago
- Views:
Transcription
1 Deciphering Overlapping Standards and Requirements, Using the BCP Genome Disaster Recovery Journal Webinar Series February 13, Strategic BCP, Inc. All rights reserved. strategicbcp.com 1
2 Today s Presenter Frank Perlmutter, CBCP, MBCI Fperlmutter@strategicbcp.com President & Co-Founder of Strategic BCP, creators of ResilienceONE BCM Software 17+ years of experience in Business Continuity (BC) and Risk Management (RM) Former consultant with the Big 4 + Manager of DR/COOP (BCP) and Risk Manager for the U.S. Department of the Treasury Directed BCP and strategic projects for 75+ clients at the C-level; 20+ for federal government 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 2
3 Background Strategic BCP established in 2004 Purpose: Elevate the productivity and relevance of business continuity professionals ResilienceONE introduced as a milestone in using technology to streamline the process of creating and maintaining programs for: Business continuity Disaster recovery Business impact analysis/risk assessment Crisis management 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 3
4 Webinar Focus Areas The Impact of Regulations, Standards & Best Practices Process Behind the BCP Genome Developed by Strategic BCP Lessons Learned to Set up Your Own Framework Comparing and Selecting Appropriate Regulations, Standards & Best Practices Getting to a Gold Standard: Q&A & Wrap-up 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 4
5 Disaster Recovery Journal Webinar Series The Impact of Regulations, Standards & Best Practices 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 5
6 Definitions Regulations Mandatory authoritative rules dealing with details or procedures having the force of law, that are issued by an authority or government Standards and Best Practices Voluntary criteria, voluntary guidelines, and best practices used to enhance the quality, performance, reliability, and consistency of products, services and/or processes 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 6
7 Why Care? You are OBLIGATED Regulations mandate/require compliance There are penalties if you chose not to comply You NEED guidance Standards, regulations, and best practices can provide guidance for your Business Continuity Program as follows: Initiating it Providing a process for developing and delivering it Managing it Monitoring it Evaluating/auditing it 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 7
8 Webinar Goals Apply lessons from how we mapped the BCP Genome in developing your own Gold Standard Framework Assess strengths and weaknesses of the specific standards, regulations, and best practices to determine which ones to include in your Framework Evaluate current/potential tools and methodologies to implement or fine-tune your Business Continuity Management (BCM) program 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 8
9 Disaster Recovery Journal Webinar Series Process Behind the BCP Genome Developed by Strategic BCP 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 9
10 The Inception of the BCP Genome Mission The BCP Genome project started in 2006 Goal: Develop a Gold Standard framework based on the business continuity industry s collective thought leadership Starting Seek out the best standards, regulations, and best practices in terms of ability to implement the content contained within each of them practically regardless of industry popularity Rule #1 Do NOT interpret the standards, regulations, and best practices; SYNTHESIZE them 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 10
11 Mapping the BCP Genome Selected (9) standards, regulations, and best practices to establish the original framework Diligently went point-by-point through each of them; mapping the original framework After (4) standards, the core framework was developed The (5) remaining standards were 95% redundant to the points mapped 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 11
12 The Result 101 points of a resilient Business Continuity Program mapped across (8) major categories: 1. Program Organization, Management, and Training 2. Business Impact Analysis (BIA) 3. Emergency Response and Crisis Management 4. Emergency Facilities 5. Business and IT Disaster Recovery 6. Testing 7. Maintenance 8. Auditing and General Policy 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 12
13 The BCP Genome Today Initial $300k investment over 10 months converging BC/DR insights The original framework has withstood the test of time as the additional (6) standards mapped since then along with (25) others that have been examined have conformed to the original framework with only minor alterations to the original points Proven to be a stable basis for expansion over the years It still guides the continuous refinement of our ResilienceONE BCM software, audit methodology, and consulting practice 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 13
14 Disaster Recovery Journal Webinar Series Lessons Learned to Set up Your Own Framework 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 14
15 The Path to Developing a Framework Step 1: Start with regulations that you HAVE TO follow internally or because of clients Step 2: Determine the Business Continuity Management (BCM) program AREAS that you want to address Step 3: Determine if you WANT TO enhance your Business Continuity Program Framework Step 4: Select the BEST standards, regulations, and best practices Step 5: Map them to a CONSISTENT framework 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 15
16 Lesson #1: Look for Practical Guidance Many of the standards focus on program policies and procedures not program content (e.g. How to set up a planning structure vs. how to do a plan) Framework Bread Framework Meat Program Organization, Management, and Training Maintenance Auditing and General Policy Business Impact Analysis (BIA) Emergency Response and Crisis Management Emergency Facilities Business and IT Disaster Recovery Testing 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 16
17 Swimming in a Sea of Standards, Regulations, and Best Practices International Organization for Standardization (ISO) 22301:2012 Federal Financial Institutions Examination Council (FFIEC) BCP Workprogram Disaster Recovery Institute International (DRI) Professional Practices Business Continuity Institute (BCI) Good Practice Guidelines National Fire Protection Association (NFPA) 1600 Standard on Disaster/Emergency Management and Business Continuity Programs The Healthcare Insurance Portability and Accountability Act (HIPAA) Security Rule The Institute of Internal Auditors (IIA) Global Technology Audit Guide (GTAG) for Business Continuity Management National Institute of Standards & Technology (NIST) Special Publication (SP) Contingency Planning Guide for Information Technology Systems Federal Emergency Management Agency (FEMA-64) Guidelines for Dam Safety Federal Energy Regulatory Commission (FERC) Guidelines for Recovery Plan Format Control Objectives for Information and Related Technology (COBIT) Committee of Sponsoring Organizations of the Treadway Commission (COSO) American Society for Industrial Security (ASIS) SPC Organizational Resilience Standard Plus many, many, many, many, more Basel II and III 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 17
18 Lesson #2: Beware of Jumping on the HOT Standard NFPA NFPA NFPA BS NFPA PS Prep 1600 NFPA ISO The HOT standard changes every year or two Creates a moving target (i.e. if you try to conform to a standard one year, it might not be valid the next) Corollary: Don t single thread your framework by only using ONE standard 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 18
19 Lesson #3: Don t Get Overwhelmed Many of the regulations, standards, and best practices are redundant in content You don t need all of them Select regulations with which you must comply Put its points into your framework Fill in the holes with other ones Coming Up: Which regulations, standards, and best practices fit best 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 19
20 Disaster Recovery Journal Webinar Series Comparing and Selecting Appropriate Regulations, Standards & Best Practices 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 20
21 FFIEC NFPA 1600 NIST FERC GTAG ISO HIPAA TOTAL PROGRAM ORGANIZATION, MANAGEMENT & TRAINING BUSINESS IMPACT ANALYSIS (BIA) EMERGENCY RESPONSE & CRISIS MANAGEMENT EMERGENCY FACILITIES BUSINESS & SUPPORT COMPONENT RECOVERY TESTING MAINTENANCE AUDIT & GENERAL POLICY TOTAL Strategic BCP, Inc. All rights reserved. strategicbcp.com 21
22 Seek Outside Assistance DRJ has an excellent list of regulations, standards, and best practices on their website Some BCM software has it built into their methodology; ensure it s not just a marketing claim Have them show you how the software meets the different parts of regulations, standards, and best practices 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 22
23 Questions? 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 23
24 Wrap-Up For more insights and opportunities: Request a Live Demo of the BCP Genome in ResilienceONE BCM Software at Contact Frank Perlmutter, CBCP, MBCI Frank@strategicbcp.com Attend Frank s presentation on Enhancing BC Outcomes Through Risk Management Objectivity Mar. DRJ Spring World Conference, Orlando 2013 Strategic BCP, Inc. All rights reserved. strategicbcp.com 24
Introduction to Business Continuity Management
Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services
More informationLaws Influence Business Continuity and Disaster Recovery Planning Among Industries
Research Publication Date: 11 July 2005 ID Number: G00128123 Laws Influence Business Continuity and Disaster Recovery Planning Among Industries Kristen Noakes-Fry, Christopher H. Baum, Barry Runyon A multitude
More informationHENRY EE, FBCI, CBCP
10 Things You Should Know When Reimagine Your ERM With BCM Program 27 July 2016 Presented by : Henry Ee, FBCI, CBCP, ISO22301 LA, Fellow of Business Continuity Institute (FBCI) Certified Business Continuity
More informationMHA Consulting BCM Metrics Resiliency Through Measurement
0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationBCM s Role in Effective Risk Management: A Risk Manager s Point of View
BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationAre Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments
Are Traditional Disaster Recovery Plans Still Relevant? Bobby Williams, MBCP, MBCI Director, IT Resiliency Planning Fidelity Investments Who am I? Bobby Williams is the Director of IT Resiliency Planning
More informationPreparedness & BCP Resources: Strategies for Spreading BCP
Preparedness & BCP Resources: Strategies for Spreading BCP Asia Pacific Economic Cooperation (APEC) Emergency Preparedness Working Group (EPWG) Workshop on Private Sector Emergency Preparedness Sendai,
More informationBC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology?
BC vs. DR vs. HA vs. EM vs. RM vs. CM: is the difference only terminology? Executive Director Business Continuity Services April 1, 2008 2008 Development Company, L.P. The information contained herein
More informationBuilding a BC/DR Control Library and Regulatory Response Program
Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance
More informationUsing International Standards to Implement a Business Continuity Management System (BCMS)
Using International Standards to Implement a Business Continuity Management System (BCMS) Dr. Abdulrahman AlEnezi Dr. Fawaz AlEnezi Eng. Maryam AlRadhwan Dr. Sultan AlEnezi Agenda Introduction Business
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationPromoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ
Promoting the Art and Science of Business Continuity Management Worldwide Official Certification and Education Partner of the DRJ Doug Weldon President, BCI-USA Chapter douglas.weldon@thomsonreuters.com
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationThe BCI Certification and Solutions
The BCI Certification and Solutions Presented by: Brian Zawada (FBCI) US Chapter Board President 1 What is the BCI? Founded in 1994, a Member Owned, Not for Profit Professional Association of Business
More informationWhat Why Value Methods
Compliance What = Compliance for purposes of this discussion is the overarching guidance established as Federal & State Statutes; Federal Regulations, Directives, Instructions, Guidelines, Policies, &
More informationsecurivy INFORMATION SYSTEMS MANAGEMENT ILLINOIS INSTITUTE OF TECHNOLOGY A New Model for Business Contingency Operations Ray Trygstad
information technology & management INFORMATION SYSTEMS securivy t MANAGEMENT ILLINOIS INSTITUTE OF TECHNOLOGY A New Model for Business Contingency Operations Ray Trygstad 2008 Ray Trygstad Director of
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationThe Value of Certification with DRI International Presented by Chloe Demrovsky Director of Global Operations, DRI International
The Value of Certification with DRI International Presented by Chloe Demrovsky Director of Global Operations, DRI International Mumbai, India January 17, 2011 DRI International DRI has Certified INDIVIDUALS
More informationISO/IEC overview
ISO/IEC 20000 overview Overview 1. What is ISO/IEC 20000? 2. ISO/IEC 20000 and ITIL 2 BS 15000 BS15000 started in UK and first launched on July 1, 2003. Which was replaced by ISO/IEC 20000 after formal
More informationRisk Management. Continuity Management
Risk Management vs Continuity Management Marie Hélène Primeau, CA, MBCI President Premier Continuum DRJ Fall World September 12, 2011 Marie-Hélène Primeau, CA, MBCI Chartered Accountant and Member of the
More informationBusiness Continuity - An Inside Perspective
Business Continuity - An Inside Perspective Tom McIlvaine Business Continuity Manager May 24, 2011 Agenda Where It All Begins Private Sector & Government Applicability Business Continuity Planning A Corporate
More informationExploring Emerging Cyber Attest Requirements
Exploring Emerging Cyber Attest Requirements With a focus on SOC for Cybersecurity ( Cyber Attest ) Introductions and Overview Audrey Katcher Partner, RubinBrown LLP AICPA volunteer: AICPA SOC2 Guide Working
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationBCM The Road Ahead Chris Alvord, COOP Systems, MBCI, CBCP. April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona
BCM The Road Ahead Chris Alvord, COOP Systems, MBCI, CBCP April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona BCM The Road Ahead BCM Superman COOP Systems DRJ Webinar 10 May 2011 2 Risk, BCM and
More informationMaster the implementation and management of a Cybersecurity Program based on ISO/IEC 27032
ISO/IEC 27032 Lead Manager 23rd - 27th October 2017 Hilton Hotel, Sandton, Johannesburg Master the implementation and management of a Program based on ISO/IEC 27032 Why should you attend? Manager training
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More informationISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic
ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed
More informationBusiness Continuity Planning
Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationDisaster Recovery and Business Continuity Planning (Mile2)
Disaster Recovery and Business Continuity Planning (Mile2) Course Number: DRBCP Length: 4 Day(s) Certification Exam This course will help you prepare for the following exams: ABCP: Associate Business Continuity
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations Agenda Introduction Economic
More informationPolicy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures
More informationBusiness Continuity Management
Business Continuity Management Cyber Security importance by Ashraf Hasanov Business Continuity Expert BCMS BS25999 Lead Auditor Regional Disaster Response Team Member of IFRC What could stop your business?
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationUsing the NIST Framework for Metrics 5/14/2015
Using the NIST Framework for Metrics 5/14/2015 ITD - Public Safety Safety improvements reduced total crashes by 29% and injury crashes by 41% in corridors after GARVEE projects were completed Ads / Commercials
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationProtecting vital data with NIST Framework
Protecting vital data with NIST Framework About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS About Cohesive Networks 2,000+ customers protect cloudbased applications User-controlled security
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationInformation Security Risk Strategies. By
Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationQUIACLE TECHNOLOGY SOLUTIONS, INC. CLOUD SERVICES MANAGED SECURITY SERVICES
QUIACLE TECHNOLOGY SOLUTIONS, INC. CLOUD SERVICES MANAGED SECURITY SERVICES WHO WE ARE Founded in 2014 Headquartered in Frederick County, MD Registered in the System for Award Management (SAM) Women's
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationHow Organizations Are Effectively Leveraging BCM Benchmarking Data. October 7, 2014
How Organizations Are Effectively Leveraging BCM Benchmarking Data October 7, 2014 Study Methodology Respondents for the study were obtained from the Continuity Insights subscriber base by way of its publications,
More informationMassMutual Business Continuity Disclosure Statement
MassMutual Business Continuity Disclosure Statement Overview Resiliency is a high priority at Massachusetts Mutual Life Insurance Company ( MassMutual or the Company ). To that end, significant investments
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationCLOUD COMPUTING. The Old Ways Are New Again. Jeff Rowland, Vice President, USAA IT/Security Audit Services. Public Information
CLOUD COMPUTING The Old Ways Are New Again Jeff Rowland, Vice President, USAA IT/Security Audit Services Public Information Who We Are Our Mission The mission of the association is to facilitate the financial
More informationOF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011
INTERNATIONAL FEDERATION OF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011 HISTORY OF THE IIA 1941 Founded in New York City 1944 First chapter outside the US chartered in Toronto 1948 First chapters outside
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationDRI Professional Practices: What Has Changed and What It Means For You THE WEBINAR WILL BEGIN IN SHORTLY. PLEASE STAND BY.
DRI Professional Practices: What Has Changed and What It Means For You THE WEBINAR WILL BEGIN IN SHORTLY. PLEASE STAND BY. Welcome to today s webinar Today s Presenters Chloe Demrovsky, Executive Director,
More informationRejuvenating BCM - Infrastructure. Business Continuity Awareness Week March 2009
Rejuvenating BCM - Infrastructure Business Continuity Awareness Week 23 27 March 2009 Brigitte Theuma MBCI, CBCMMA, CBCMP, CBCITP, MIAEM 23 March 2009 Total of 5 pages Table of Contents I. ICT Service
More informationPREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice
PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here
More informationPROFESSIONAL SERVICES (Solution Brief)
(Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard
More informationBCM Program Development
BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationFDIC InTREx What Documentation Are You Expected to Have?
FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the
More informationUAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory
UAE National Space Policy Agenda Item 11; LSC 2017 06 April 2017 By: Space Policy and Regulations Directory 1 Federal Decree Law No.1 of 2014 establishes the UAE Space Agency UAE Space Agency Objectives
More informationBusiness Continuity Planning. PDI January 14 th, 2018
Business Continuity Planning PDI January 14 th, 2018 Presenters Sally Alexander, Director & CRO Office of Risk Management & Insurance Tel: 970 491 7726 Email sally.alexander@colostate.edu Angela Gray,
More informationEMERGENCY MANAGEMENT
CSU The California State University Office of Audit and Advisory Services EMERGENCY MANAGEMENT California State University, Dominguez Hills Audit Report 16-43 August 30, 2016 EXECUTIVE SUMMARY OBJECTIVE
More informationPECB Certified ISO Lead Auditor. Master the Audit of Occupational Health and Safety Management System (OHSMS) based on ISO 45001
Certified Lead Auditor Master the Audit of Occupational Health and Safety Management System (OHSMS) based on Why should you attend? is the first global Occupational Health and Safety Management System
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationDirective on Security of Network and Information Systems
European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security
More informationISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic
ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed
More informationEmergency Management BC Update
Emergency Management BC Update Provincial Emergency Program Emergency Management BC Update on Initiatives Union of BC Municipalities 2016 Conference September 29, 2016 Agenda Emergency Management BC Overview
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationThe U.S. Government s Role in Standards and Conformity Assessment
The U.S. Government s Role in Standards and Conformity Assessment ASTM International-Russian Federation on Technical Regulating and Metrology Coordinated Program Mary Saunders Chief, Standards Services
More informationUL and Business Continuity
UL and Business Continuity David Stowe, CBCP Business Continuity Manager APEC EPWG Workshop: Private Sector Emergency Preparedness Hotel Monterey Sendai 3 rd August 2011 2011 Underwriters Laboratories
More informationFrameworks and Standards
Frameworks and Standards Chris Davis and Mike Schiller. IT Auditing: Using Controls to Protect Information Assets (second edition) Autumn, 2011 Prepared by Nataliia Semenenko Content Why do we need frameworks
More informationWhat Does the Future Look Like for Business Continuity Professionals?
What Does the Future Look Like for Business Continuity Professionals? October 26, 2016 Brian Zawada, FBCI President, US Chapter of the Business Continuity Institute Agenda and Objectives Change Standards
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationParkroyalon Kitchener Road 5th December 2007
Parkroyalon Kitchener Road 5th December 2007 Appointments President Business Continuity Management Institute moh_heng@bcm-institute.org Managing Director GMH Continuity Architects moh_heng@gmhasia.com
More informationPolicies and Procedures Date: February 28, 2012
No. 5200 Rev.: 1 Policies and Procedures Date: February 28, 2012 Subject: Information Technology Security Program 1. Purpose... 1 2. Policy... 1 2.1. Program Elements... 1 2.2. Applicability and Scope...
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationAT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant
Our Contact Details IT-SCAN GMBH c/o: DOCK3 Hafenstrasse 25-27 68159 Mannheim E: info@it-scan.de W: www.it-scan.de Nationalität Berufserfahrung C U R R I C U L U M V I T A E Diplom-Betriebswirt (FH) Peter
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationContinuity of Operations During Disasters: Electronic Systems and Medical Records
Idaho Health Care Association Continuity of Operations During Disasters: Electronic Systems and Medical Records Philip Niemer, MBA, MS, HEM Director Operational Continuity & Emergency Management Children
More informationAssessment and Compliance with Sarbanes-Oxley (SOX) Requirements DataGuardZ Whitepaper
Assessment and Compliance with Sarbanes-Oxley (SOX) Requirements DataGuardZ Whitepaper What is the history behind Sarbanes-Oxley Act (SOX)? In 2002, the U.S. Senate added the Sarbanes-Oxley Act (SOX) to
More information2017 RIMS CYBER SURVEY
2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the
More informationAchieving Enterprise Resiliency And Corporate Certification
Achieving Enterprise Resiliency And Corporate Certification By Combining Recovery Operations through a Common Recovery Language and Recovery Tools, While adhering to Domestic and International Compliance
More informationUAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and
UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS 2017 07-16 June 2017 By: Space Policy and Regulations Directory 1 The UAE will build the first city on
More informationExplore Resilience and Risk Management Around the World
Organizational Resilience: Security, Preparedness and Continuity Management Systems - Requirements with Guidance for Use Explore Resilience and Risk Management Around the World ANSI/ASIS SPC.1-2009 Dr.
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationHow to Derive Value from Business Continuity Planning
How to Derive Value from Continuity Planning Presented by Randall J. Till, Principal Till Continuity Group Spring World 2011 Disaster Recovery Journal March 28, 2011 1 BCM Challenges BCM funding is limited
More informationTools & Techniques I: New Internal Auditor
About This Course Tools & Techniques I: New Internal Auditor Course Description Learn the basics of auditing at the new internal auditor level. This course provides an overview of the life cycle of an
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More information