BUSINESS CONTINUITY MANAGEMENT

Similar documents
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Accelerate Your Enterprise Private Cloud Initiative

Gladiator Hosted Network Solutions Raising the Bar on Risk and Compliance: Hosted Network Services and your Cloud Service Provider.

Risk Advisory Academy Training Brochure

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cybersecurity for Health Care Providers

Incident Response Services

Table of Contents. Sample

Interpreting the FFIEC Cybersecurity Assessment Tool

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

The Common Controls Framework BY ADOBE

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Building Trust in the Era of Cloud Computing

Business continuity management and cyber resiliency

Cybersecurity. Securely enabling transformation and change

Risk Management in Electronic Banking: Concepts and Best Practices

RUAG Cyber Security Understand Cyber. Protect Values.

CYBER SECURITY AIR TRANSPORT IT SUMMIT

IT People has been offering end-to-end IT outsourcing & staffing solutions to companies since two decades.

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

General Framework for Secure IoT Systems

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Sage Data Security Services Directory

21ST CENTURY CYBER SECURITY FOR MEDIA AND BROADCASTING

Cyber Security and Cyber Fraud

Certified Information Systems Auditor (CISA)

SOC 2 examinations and SOC for Cybersecurity examinations: Understanding the key distinctions

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Emerging Issues: Cybersecurity. Directors College 2015

How Secure is Blockchain? June 6 th, 2017

ASD CERTIFICATION REPORT

CONE 2019 Project Proposal on Cybersecurity

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Cybersecurity in the Financial Sector. Aquiles A. Almansi Lead Financial Sector Specialist

Business Continuity Management Standards A Side-by-Side Comparison

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Cybersecurity, safety and resilience - Airline perspective

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

Bradford J. Willke. 19 September 2007

The NIS Directive and Cybersecurity in

GUIDANCE NOTE ON CYBERSECURITY

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

TSC Business Continuity & Disaster Recovery Session

Promoting Global Cybersecurity

Information Security Controls Policy

Cybersecurity and Data Protection Developments

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Twilio cloud communications SECURITY

HCL GRC IT AUDIT & ASSURANCE SERVICES

SC27 WG4 Mission. Security controls and services

Why you should adopt the NIST Cybersecurity Framework

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

The University of Queensland

Securing the Cloud Today: How do we get there?

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

2017 Annual Meeting of Members and Board of Directors Meeting

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

TAN Jenny Partner PwC Singapore

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

How ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016

Build confidence in the cloud Best practice frameworks for cloud security

June 5, 2018 Independence, Ohio

Caribbean Cyber Security: Not Only Government s Responsibility

Gujarat Forensic Sciences University

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

John Snare Chair Standards Australia Committee IT/12/4

Altius IT Policy Collection Compliance and Standards Matrix

Privacy hacking & Data Theft

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Transport and ICT Global Practice Smart Connections for All Sandra Sargent, Senior Operations Officer, Transport & ICT GP, The World Bank

THE POWER OF TECH-SAVVY BOARDS:

Granted: The Cloud comes with security and continuity...

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Innovation policy for Industry 4.0

Appendix 3 Disaster Recovery Plan

The NIST Cybersecurity Framework

Angela McKay Director, Government Security Policy and Strategy Microsoft

Cloud First Policy General Directorate of Governance and Operations Version April 2017

National Policy and Guiding Principles

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Disaster Recovery Is A Business Strategy

ISAO SO Product Outline

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Cybersecurity Roadmap: Global Healthcare Security Architecture

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

STRATEGIC PLAN. USF Emergency Management

Transcription:

BUSINESS CONTINUITY MANAGEMENT 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017

PRESENTATION OUTLINE 2015 Disasters in Numbers 2016 & 2017 Top Business Risks What is BCM? Supervisory Objectives BCM Process Other Salient Features BCM The Time is Now

2015 NATURAL DISASTERS IN NUMBERS

2016 TOP BUSINESS RISKS

2017 TOP BUSINESS RISKS

BUSINESS CONTINUITY MANAGEMENT Encompasses policies, standards, facilities, personnel and practices Covers all sorts of disruptions Prioritizes critical operations and subsequent efforts to return them to normal Tailored to the nature, scale, and complexity of a BSFI s business

SUPERVISORY OBJECTIVES Ensure Safety and Soundness/ Resilience Sustain Delivery of Financial Services Preserve Public Trust and Confidence Mitigate Systemic Risk

BCM PROCESS

BCM - THE TIME IS NOW

IT RISK MANAGEMENT, CYBERSECURITY & CLOUD COMPUTING 64 th RBAP National Convention & General Membership Meeting 29 30 May 2017

EMERGING THREATS AND RISKS Malware Ransomware Advanced Persistent Threats DDoS Attacks ATM Malware/ATM Host Spoofing CNP Fraud Phishing Spearphishing

IT RISK MANAGEMENT FRAMEWORK IT RISK MANAGEMENT SYSTEM IT GOVERNANCE IT RISK IDENTIFICATION AND ASSESSMENT IT CONTROLS IMPLEMENTATION Information Security Project Management/ Development, Acquisition and Change Management IT Operations IT Outsourcing/ Vendor Management Electronic Products and Services IT RISK MEASUREMENT & MONITORING

INFORMATION SECURITY RISK MANAGEMENT

OBJECTIVES OF ISRM Address technological developments and innovation and dynamic risk profiles Respond to growing concerns on cyber-attacks and cyber-threats Introduce a renewed focus on information security both recovery and resumption Present a holistic framework on ISRM Heighten expectations of the role of the Board and Senior Management on ISRM Add provisions on information sharing, collaboration and situational awareness

PROPORTIONATE ADOPTION OF ISRM Simple Moderately Complex Highly Complex IT Infrastructure and Operations Digital/Electronic Financial Products and Services IT Projects and Initiatives Outsourced Services Systemic Importance Threats

REQUIREMENTS FOR RURAL BANKS IS Governance Including Security Culture Security Policies and Procedures Identity and Access Management Safe Computing Practices Hiring Practices Security Training and Awareness Programs Physical and Environmental Controls

CLOUD COMPUTING A model for enabling ubiquitous, convenient, ondemand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.

ESSENTIAL ATTRIBUTES OF CLOUD COMPUTING Resource- Pooling Rapid Elasticity Accessible On-Demand Multitenancy Utilizationtracking

BSP POLICY ACTION ON CLOUD COMPUTING CORE SERVICES? Private Community Hybrid Public NON-CORE SERVICES Private Community Hybrid Public

BSP POLICY ACTION ON OFFSHORE OUTSOURCING Subsection X162.7 Offshore Outsourcing. Offshore outsourcing exists when the service provider is located outside the country. x x x x. In addition, offshore outsourcing of bank s domestic operations is permitted only when the service provider operates in countries which uphold confidentiality. x x x x.

SUPERVISORY CONCERNS ON CLOUD COMPUTING Legal and Regulatory Compliance Governance and Risk Management Due Diligence/Vendor Management Security and Privacy Data Ownership and Data Location and Retrieval Business Continuity Planning

RATIONALE FOR ALLOWING CLOUD COMPUTING Leapfrog financial products & services Make innovation more affordable and accessible Level playing field Focus on core business Ensure business continuity and speed-up disaster recovery

BSP POLICY ACTION ON CLOUD COMPUTING When in doubt, Banks should consult BSP before making any significant commitment on cloud computing!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback