CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE
|
|
- Hannah Flowers
- 8 years ago
- Views:
Transcription
1 1 CRITICAL INFRASTRUCTURE PROTECTION BUILDING ORGANIZATIONAL RESILIENCE Gavin McLintock P.Eng. CISSP PCIP
2 2 METCALFE POWER STATION 16 April 2013 Sophisticated physical attack 27 Days outage $15.4 million
3 3 MAROOCHY WATER DISTRICT 2000 Malicious insider hack attack 800,000 litres of raw sewage spilled > $1million
4 4 NEW ORLEANS 29 August 2005 Hurricane 1464 dead Major, continuing economic & social losses >$150 Billion est. cost
5 5 NORTHEASTERN NORTH AMERICA 14 August 2003 Power blackout cascading failure 2 days 11 deaths > 50 million people affected $6 Billion est. cost
6 6 FUKUSHIMA 11 March 2011 Earthquake & Tsunami 2 nd worst radiation release >300,000 evacuated
7 7
8 8
9 9
10 10 CRITICAL INFRASTRUCTURE PROTECTION The art & science of preparing an organization to be resilient in the face of catastrophe
11 11 Interdependencies , Critical Infrastructure Institute
12 12 Interdependencies
13 13 All Hazards
14 All Hazards THREAT SPECTRUM Tends Towards Criminal Threats Tends Towards Asymmetric Threats Hazards Tends Towards Military Threats
15 15 Resiliency
16 CIP ASSESSMENT PROGRAM Comprehensive evaluation of the current state of the organization s: Critical assets Threat/risk situation Event management and recovery capability Operational resilience
17 CIP ASSESSMENT PROGRAM OBJECTIVE Assist management with an assessment of local CIP and security activities Offer recommendations based on the likelihood of various threat/hazard scenarios
18 CIP ASSESSMENT TEAM
19 PROCESS METHODOLOGY
20 NATURAL GAS ELECTRICITY GENERATING PLANTS Putrajaya Malaysia 625 MW GTAA 112 MW
21 ENERGY FACILITY COMBINED CYCLE GAS TURBINE PLANT To Electricity Grid (Output) Transformer Natural Gas Supply (Input)
22 22 CIP ASSESSMENT METHODOLOGY No impact on normal operations No test or compromise of security systems
23 CIP RISK MANAGEMENT MODEL Measures & Controls to Safeguard Assets Mission Criticality Assessment Threat Assessment Vulnerability Assessment Risk Assessment R I S K M A N A G E M E N T Assets Personnel Materiel/ Objects Facilities & Infrastructure Information Activities I N C I D E N T Plan, Supervise and Review Conditions for Mission Success Consequence Management Incident Response Management Action Management Reaction , Critical Infrastructure Institute
24 DEFINE THE MISSION We aim to be an efficient and dynamic power generation facility that provides a quality product in the areas of safety, customer service, reliability, and shareholder value, while ensuring minimal environmental impact Via MISSION ANALYSIS PROCESS Tasks & Assets needed to accomplish the mission Page: 24
25 ASSESS CRITICALITY Why Criticality It is not possible to protect everything all of the time A CIP program needs to identify, evaluate and prioritize those assets that are most critical to mission success Criticality Assessment Identifies, evaluates and prioritizes those assets that are most critical to achieving mission success Methodologies such as CARVER, Business Impact Assessment (BIA) and Statement of Sensitivity provide a systematic way to determine and rank criticality
26 ASSESS CRITICALITY: CARVER TOOL Asset C A R V E R Total Comments Gas Turbines (x 3) Starting Generator Heat Exchangers (x 3) Steam Turbine Switch Relay Control Bldg Gas Supply Lines Central Control Bldg Used to determine criticality of assets to services/operations Assess each criteria from 1-10, with 10 having most grave consequences
27 ASSESS THREATS AND HAZARDS Threat/Hazard A real or potential condition that has the ability to compromise the availability, integrity or confidentiality of an asset Condition may be Deliberate (Malicious) Environmental (Natural) Accidental
28 Situational Awareness Assessment Full Spectrum Threat Categories Criminal Cyber Natural Accidents Espionage Terrorism Medium Medium Low Low Low Low Fraud Hacking Snow/Ice Storm Str Collapse Industrial Bombing Theft Insert Malware Lightning Strike Fire Commercial Armed Attack Vandalism Denial of Svc Wind Storm Explosion Foreign Intel Intimidation Drug Use Disruption Flood Transportation Disease Sabotage Disturbance Government Subversion Low Negligible Negligible Negligible Negligible Pandemic Food Poisoning Full Spectrum Threat Categories Disgruntled Employee Single Issue Environmental Policy Supremacist Groups Demonstration Work Slow down Economic Policy Anarchists Stress Strike Regulation Environmental Chart shows likelihood of occurrence
29 ASSESS VULNERABILITY Vulnerability The characteristics of an asset s design, location, security posture, process, or operation that render it susceptible to destruction, incapacitation, or exploitation by mechanical failures, natural hazards, or malicious acts Vulnerability Assessment Identify areas of weakness that could result in consequences of concern, taking into account intrinsic structural weaknesses, protective measures, resiliency, and redundancies
30 VULNERABILITY ASSESSMENT - FORMAT FOR OBSERVATIONS Vulnerabilities, Concerns and Positives (Best Practices) from each Functional Specialist Vulnerability An inherent weakness, situation or circumstance that, if left unchanged, may result in loss of life or damage to missionessential resources Concern Noted deviation from best CIP practices that, if not addressed or monitored, could become a vulnerability if impacted by other factors Positive Best practice worth noting Page: 30
31 VULNERABILITIES OBSERVED Situational Awareness Poor top-down communication of potential hazards and threats to employees Lack of enforcement of restrictions on photography Physical Security Failure to enforce access control policy ( tail gating ) Lack of a lock down plan Insufficient security force for higher threat levels Lack of liaison with local law enforcement agencies Engineering Congestion in vehicle inspection area at front gate Lack of a barrier plan Insecure diesel fuel tank for start up generator Inconsistent monitoring of fuel quality
32 VULNERABILITIES OBSERVED Information Technology Security No specific security policy and procedures for SCADA Outdated cyber defences for Enterprise System Inadequate Disaster Recovery Plan for Enterprise System Enterprise System and SCADA passwords and User Identification shared by all production staff OHS and HAZMAT Lack of a pandemic plan Incomplete listing of HAZMAT storage Emergency Response Failure to coordinate security, fire and Emergency Response plans
33 ASSESS RISK Risk Refers to the uncertainty that surrounds future events and outcomes - GoC Integrated Risk Management Framework Attributes of Risk Risk results from a combination of an asset, a threat/hazard, and a vulnerability All three elements must be present If any element is missing, there is no risk RISK VULNERABILITY
34 RISK IMPACT & PROBABILITY TABLE Risk is a factor of Impact and Probability. In this example, impact and probability is measured by assigning numbers. The higher the number, the higher the risk
35 Risk Assessment Consolidated Criticality, Threat, Vulnerability and Risk Table
36 RECOMMEND RISK MANAGEMENT OPTIONS Risk Management The process of selecting and implementing decisions that will minimize the adverse effects of losses due to destruction, disruption or injury, to achieve an acceptable level of risk at an acceptable cost Risk Controls or Safeguards Actions taken to mitigate risks, normally by reducing their probability or impact. They include actions to detect, deny, deter, distract, delay, prevent, protect, respond, destroy, repair, recover and restore
37 RISK MANAGEMENT CONTROLS Engineering Vulnerability: Insecure diesel fuel tank for start up generator Description: Fuel tank has no additional security features other than installation outer security fence. Should fuel tank or fuel supply be tampered with, cold start will not be possible Risk Management Options: Construct back-up fuel tank Construct concrete barrier around tank (s) Install security fence around tank (s) with access controls Install additional lighting Fit locks to filler caps Install intrusion detection system Recommendation: All of the above Page: 37
38 RISK MANAGEMENT CONTROLS Information Technology Security Vulnerability: No specific security policy and procedures for Supervisory Controls and Data Acquisition (SCADA) System in Central Control Building Description: Although there is a Security Policy for IT Enterprise network, there is no specific Security Policy and Procedures on installation SCADA System that provides process control to all systems Risk Management Options: Establish SCADA Security Policy and Procedures Establish Security Awareness and Training plan Recommendation: Develop and implement/disseminate SCADA Security Policy and Procedures Develop and implement SCADA Security awareness and training Page: 38
39 EVALUATE EMERGENCY MANAGEMENT Evaluate plans for Incident Response (Response) Efforts to contain, alleviate or terminate an apprehended incident, to identify and bring to account the threat agents, and to gather information and preserve evidence to that end - PSC Consequence Management (Recovery) Coordination and implementation of measures intended to mitigate the damage, loss, hardship and suffering caused by acts of violence or natural disasters, including measures to restore service, to protect health and safety, and to provide emergency relief - PSC
40 OUT BRIEF - AGENDA Purpose Briefing format Critical Assets Situational Awareness Key observations from Specialists on: Situational Awareness Security Engineering Information Protection Occupational Health/Safety/HAZMAT Emergency Management Sample Threat/Hazard Scenario (s) Summary
41 OUT BRIEF - CIP ASSESSMENT DASHBOARD Installation CIP Readiness CIP Vulnerability Assessment Components Ready Ready w/minor Limitations Ready w/major Limitations Not Ready A. Situational Awareness B. Security C. Engineering D. Information Technology Protection E. Occupational Health & Safety F. HAZMAT Response G. Emergency Management
42 DELIVERABLES CIP Assessment Out-brief Assessment team will offer procedural and/or resource-based solutions Draft Executive Summary and Annexes from functional specialists Final Report (30 Days after Assessment) , Critical Infrastructure Institute
43 43 SUMMARY Every organization has critical infrastructure Understanding your CI and the risks you face increases operational resilience A comprehensive CIP assessment can contribute Sometimes the findings are surprising!
44 44 FURTHER INFORMATION Gavin McLintock McLintock Consulting Peter Johnston President Lansdowne Technologies Inc
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary
More informationBusiness Continuity Planning Guide
Business Continuity Planning Guide For Small Businesses Prepared by the City of Vaughan Emergency Planning Department 1 Business Continuity Planning Business Continuity Planning (BCP) is a planning process
More informationCornell University PREVENTION AND MITIGATION PLAN
Cornell University PREVENTION AND MITIGATION PLAN Table of Contents Table of Contents Section 1 Prevention-Mitigation Introduction...2 Section 2 Risk Assessment...2 2.1 Risk Assessment Components...2 2.2
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationMAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0
MAJOR PROJECTS CONSTRUCTION SAFETY SECURITY MANAGEMENT PROGRAM STANDARD HS-09 Document Owner(s) Tom Munro Project/Organization Role Supervisor, Major Projects Safety & Security (Canada) Version Control:
More informationLessons Learned from a Basic Vulnerability Assessment and Emergency Response Plan Update Project in Greensboro
Lessons Learned from a Basic Vulnerability Assessment and Emergency Response Plan Update Project in Greensboro Steve Drew, Director, Greensboro Water Resources Department Jack Moyer, Carolinas / Tennessee
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationCyber Security & State Energy Assurance Plans
Cyber Security & State Energy Assurance Plans Michigan Cyber Summit 2011 Friday, October 7, 2011 Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials What is Energy
More informationPost-Class Quiz: Business Continuity & Disaster Recovery Planning Domain
1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business
More informationRisk Management Handbook
Risk Management Handbook 1999 Introduction Risk management is the process of selecting and implementing countermeasures to achieve an acceptable level of risk at an acceptable cost. The analytical risk
More informationSecurity Risk Assessment Tool
Security Risk Assessment Tool Version: (Draft) 24 April 2014 This tool was developed by the ACT Safety & Security Community of Practice (SSCP) for use by ACT Alliance members and partners. 1. Purpose of
More informationDisaster Ready. By: Katie Tucker, Sales Representative, Rolyn Companies, Inc
By: Katie Tucker, Sales Representative, Rolyn Companies, Inc Are you and your facility disaster ready? As reported by the Red Cross, as many as 40 percent of small businesses do not reopen after a major
More informationDisaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery
Disaster Recovery 1.1 Introduction Every day, there is the chance that some sort of business interruption, crisis, disaster, or emergency will occur. Anything that prevents access to key processes and
More informationBUSINESS CONTINUITY PLANNING GUIDELINES
BUSINESS CONTINUITY PLANNING GUIDELINES Washington University in St. Louis The purpose of this guide is to serve as a tool to all departments, divisions, and labs across the University in building a Business
More informationAssessment of natural hazards, man made hazards, technical and societal related risks and associated impact.
Aon Business Continuity Planning The Aon Business Continuity Planning practice provides consulting services that allow Aon clients to measure and manage their strategic and tactical risks through Crisis
More informationRisk Management Guide for Information Technology Systems. NIST SP800-30 Overview
Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve
More informationRisk Assessment Guide
KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment
More informationSection A: Introduction, Definitions and Principles of Infrastructure Resilience
Section A: Introduction, Definitions and Principles of Infrastructure Resilience A1. This section introduces infrastructure resilience, sets out the background and provides definitions. Introduction Purpose
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationEmergency Preparedness: Learning Objectives. Minimizing and Controlling Future Disasters. SHRM Disaster Preparedness Survey 3.
Emergency Preparedness: 1 Minimizing and Controlling Future Disasters October 7-8, 2013 Presenter: Marna Hayden, SPHR Hayden Resources Inc. www.haydenhr.com Learning Objectives How to develop emergency
More informationOil & Gas Industry Towards Global Security. A Holistic Security Risk Management Approach. www.thalesgroup.com/security-services
Oil & Gas Industry Towards Global Security A Holistic Security Risk Management Approach www.thalesgroup.com/security-services Oil & Gas Industry Towards Global Security This white paper discusses current
More informationIncreasing Energy Reliability & Resiliency NGA Policy Institute for Governors' Energy Advisors Denver Colorado, September 11, 2013
+ Increasing Energy Reliability & Resiliency NGA Policy Institute for Governors' Energy Advisors Denver Colorado, September 11, 2013 Jeffrey R. Pillon, Director, Energy Assurance Programs National Association
More informationU.S. Fire Administration. The Critical Infrastructure Protection Process Job Aid
U.S. Fire Administration The Critical Infrastructure Protection Process Job Aid Emergency Management and Response- Information Sharing and Analysis Center FA-313 2nd Edition: August 2007 Table of Contents
More informationIAEA INTERNATIONAL FACT FINDING EXPERT MISSION OF THE NUCLEAR ACCIDENT FOLLOWING THE GREAT EAST JAPAN EARTHQUAKE AND TSUNAMI
IAEA INTERNATIONAL FACT FINDING EXPERT MISSION OF THE NUCLEAR ACCIDENT FOLLOWING THE GREAT EAST JAPAN EARTHQUAKE AND TSUNAMI Tokyo, Fukushima Dai-ichi NPP, Fukushima Dai-ni NPP and Tokai NPP, Japan 24
More informationThreat and Hazard Identification and Risk Assessment
Threat and Hazard Identification and Risk Assessment Background/Overview and Process Briefing Homeland Security Preparedness Technical Assistance Program May 2012 PPD-8 Background A linking together of
More informationDASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning
Your Documents. Our Management. DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning Dr. Robert L. Bailey, CRM, MIT, ECMp L E A R N M O R E A B O U T D A S T A A T W W W. D R M.
More informationWhat is Cyber Liability
What is Cyber Liability Ubiquitous Warfare Espionage Media Operational Data Security and Privacy Tech 1 Data Security and Privacy Data Breach Response Costs Privacy Regulatory Action Civil Litigation INSURABLE
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationKick Starting your Business Continuity Program
425.670.8700 www.continuityleadership.com Kick Starting your Business Continuity Program Phil Lambert President phil@continuityleadership.com The Center for Continuity Leadership Phil 20 years in field
More informationOil and Gas Industry A Comprehensive Security Risk Management Approach. www.riskwatch.com
Oil and Gas Industry A Comprehensive Security Risk Management Approach www.riskwatch.com Introduction This white paper explores the key security challenges facing the oil and gas industry and suggests
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationPlans for CIP Compliance
Testing Procedures & Recovery Plans for CIP Compliance DECEMBER 16, 2009 Developed with: Presenters Bart Thielbar, CISA Senior Research hanalyst Sierra Energy Group, a Division of Energy Central Primer
More informationPSPSOHS606A Develop and implement crisis management processes
PSPSOHS606A Develop and implement crisis management processes Revision Number: 1 PSPSOHS606A Develop and implement crisis management processes Modification History Not applicable. Unit Descriptor Unit
More informationITMF Disaster Recovery and Business Continuity Committee Report for the UGA IT Master Plan
ITMF Disaster Recovery and Business Continuity Committee Report for the UGA IT Master Plan I. Executive Summary Planning for continued operation during unforeseen catastrophic events, and for returning
More informationDisaster Recovery Plan (DRP) / Business Continuity Plan (BCP)
Preface Computer systems are the core tool of today s business and are vital to every business from the smallest to giant organizations. Money transactions, customer service are just simple examples. Despite
More informationBUSINESS CONTINUITY PLAN OVERVIEW
BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and
More informationAUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005
AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT
More informationIdentifying Cyber Risks and How they Impact Your Business
10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationRelease: 1. BSBCON601B Develop and maintain business continuity plans
Release: 1 BSBCON601B Develop and maintain business continuity plans BSBCON601B Develop and maintain business continuity plans Modification History Release Release 1 Comments This version first released
More informationRISK ASSESSMENT GUIDELINES
RISK ASSESSMENT GUIDELINES A Risk Assessment is a business tool used to gauge risks to the business and to assist in safeguarding against that risk by developing countermeasures and mitigation strategies.
More informationAPPENDIX XII: EMERGENCY SUPPORT FUNCTION 12 - ENERGY
APPENDIX XII: EMERGENCY SUPPORT FUNCTION 12 - ENERGY PRIMARY AGENCIES: Public Service Commission and the Florida Energy and Climate Commission SUPPORT AGENCIES: Nuclear Regulatory Commission, Florida Rural
More informationBeyond Effective Security. The Art and Science of Business Continuity Planning
Beyond Effective Security The Art and Science of Business Continuity Planning Fred Young, CIPM, CRM Executive Director Risk Management RE/MAX International Holdings, Inc The Wildlife Experience Business
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport
ABA Section of Public Utility, Communications & Transportation Law Safety and Security in Transport Commercial Nuclear Power Plants Stan Blanton Nuclear Power Subcommittee The Regulatory Landscape NRC
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationCyber security: Practical Utility Programs that Work
Cyber security: Practical Utility Programs that Work Securing Strategic National Assets APPA National Conference 2009 Michael Assante Vice President & CSO, NERC June 15, 2009 The Electric Grid - Challenges
More informationDISASTER PLANNING AND RECOVERY
PLANNING IS THE KEY TO SUCCESSFUL DISASTER RECOVERY Source: US State Government Disaster Recovery Markets by Frost & Sullivan, A Global Growth Consulting Company DISASTER PLANNING AND RECOVERY In the aftermath
More informationBusiness Impact Analysis (BIA) and Risk Mitigation
Texas Emergency Management Conference 2015 Business Impact Analysis (BIA) and Risk Mitigation Alan Sowell, COOP Unit Supervisor Paul Morado, COOP Unit Planner BIA Implementation Process BIA Private Sector
More informationClinic Business Continuity Plan Guidelines
Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...
More informationBusiness Continuity for the Hospitality Industry
MANAGEMENT GUIDE MANAGEMENT for the Hospitality Industry Managing threats and building organisation resilience What is business continuity? According to the Institute, business continuity management is
More informationBUSINESS IMPACT ANALYSIS.5
Table of Contents I. GENERAL.3 Introduction.3 Scope.3 Components.3 II. BUSINESS IMPACT ANALYSIS.5 Academic Affairs...5 Finance and Administration.6 Planning and Accountability..8 Student Affairs.8 Institutional
More informationClinic Business Continuity Plan Guidelines
Clinic Business Continuity Plan Guidelines Emergency notification contacts: Primary Role Name Address Home phone Mobile/Cell phone Business Continuity Plan Coordinator QSP Business Continuity Plan Coordinator
More informationDraft 8/1/05 SYSTEM First Rev. 8/9/05 2 nd Rev. 8/30/05 EMERGENCY OPERATIONS PLAN
Draft 8/1/05 SYSTEM First Rev. 8/9/05 2 nd Rev. 8/30/05 EMERGENCY OPERATIONS PLAN I. INTRODUCTION A. PURPOSE - The University of Hawaii System Emergency Operations Plan (EOP) provides procedures for managing
More informationAn Introduction to. Business Continuity Planning
An Introduction to Business Continuity Planning Company Profile Practical Experience European Head Office Extensive Client Base Established 1998 Expert Consultants Global Network Why BCP? I am often asked
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationInteractive-Network Disaster Recovery
Interactive-Network Disaster Recovery BACKGROUND IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., terrorism,
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationAudit of the Disaster Recovery Plan
Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationSupplemental Tool: Executing A Critical Infrastructure Risk Management Approach
Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationWhite Paper. April 2006. Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks
White Paper April 2006 Security Considerations for Utilities Utilities Tap Into the Power of SecureWorks According to a recent Harris Interactive survey, the country s leading business executives consider
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationImproving Energy Infrastructure Security: Costs and Consequences
Improving Energy Infrastructure Security: Costs and Consequences Alex Farrell 1,Hisham Zerriffi 2, Lester Lave 2, Granger Morgan 2 1 Energy and Resources Group, UC Berkeley 2 Dept. of Engineering and Public
More informationNational Infrastructure Protection Center
National Infrastructure Protection Center Risk Management: An Essential Guide to Protecting Critical Assets November 2002 Summary As organizations increase security measures and attempt to identify vulnerabilities
More informationIBM s Approach to Disaster Recovery and Business Continuity
IBM Global Services IBM s Approach to Disaster Recovery and Business Continuity Lausanne, May, 2008 Gérard Vanel, IBM certified Managing Consultant IT infrastructure, BCRS Integrated Technology Services
More informationCISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2
CISSP Common Body of Knowledge: Business Continuity & Disaster Recovery Planning Domain Version: 5.9.2 CISSP Common Body of Knowledge Review by Alfred Ouyang is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike
More informationWater Infrastructure Interdependencies
Water Infrastructure Interdependencies John Whitler US EPA Office of Water Water Security Division February 12, 2006 November 2005 DRAFT For Official Use Only Do Not Cite, Circulate, or Copy 1 Overview
More informationVisit the GPA website to:
Information Disaster Recovery Plans Session 1 4.2.2 Business Continuity Plans Part 1 Visit the GPA website to: Register for GPA webinars Subscribe to our free enewsletter Download accreditation resources
More informationEFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013
EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationSCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com
SCADA Business Continuity and Disaster Recovery Presented By: William Biehl, P.E. 913-601-0104 (mobile) Bill.Biehl@we-inc.com Business Continuity Planning, a Sound Process A Business Continuity Plan: "A
More informationASX SETTLEMENT OPERATING RULES Guidance Note 10
BUSINESS CONTINUITY AND DISASTER RECOVERY The purpose of this Guidance Note The main points it covers To assist participants to understand the disaster recovery and business continuity arrangements they
More informationBUILDING DESIGN FOR HOMELAND SECURITY. Unit IV Vulnerability Assessment
Unit IV Vulnerability Assessment Vulnerability Any weakness that can be exploited by an aggressor or, in a non-terrorist threat environment, make an asset susceptible to hazard damage Unit IV-2 Unit Objectives
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationBuilding Economic Resilience to Disasters: Developing a Business Continuity Plan
Building Economic Resilience to Disasters: Developing a Business Continuity Plan Buffalo Niagara Region February 26, 2014 Gail Moraton, CBCP Business Resiliency Manager Business Resiliency one important
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationCreating a Business Continuity Plan for your Health Center
Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation
More informationThe Technology Trilogy:
The Technology Trilogy: Security, Disaster Recovery, & Business Continuity Information Technology Services for Colleges and Universities www.thinkeduserve.com The Technology Trilogy: Security, Disaster
More informationEmergency Preparedness Guidelines
DM-PH&SD-P7-TG6 رقم النموذج : I. Introduction This Guideline on supports the national platform for disaster risk reduction. It specifies requirements to enable both the public and private sector to develop
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 13 Business Continuity Objectives Define environmental controls Describe the components of redundancy planning List disaster recovery
More information85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff
85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationNGO security coordination and other sources of support WITHIN FIRST 1-2 WEEKS. Office/compound/ facility security
3 Risk assessment tool BEFORE DEPLOYMENT OR STARTING PROGRAMME Context analysis and actor mapping Risk assessment Security strategies Acceptance, protection and deterrence What is the context and who are
More informationBusiness Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014
Business Continuity Planning Donna Curran, Director Audit and Risk Management February, 2014 Agenda Business Continuity Defined The Importance of a Plan Determining the Costs Business Impact Analysis MTO,
More informationTO AN EFFECTIVE BUSINESS CONTINUITY PLAN
5 STEPS TO AN EFFECTIVE BUSINESS CONTINUITY PLAN Introduction The Snowpocalypse of 2015 brought one winter storm after another, paralyzing the eastern half of the United States. It knocked out power for
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationCommon Threats and Vulnerabilities of Critical Infrastructures
International Journal of Control and Automation 17 Common Threats and Vulnerabilities of Critical Infrastructures Rosslin John Robles 1, Min-kyu Choi 1, Eun-suk Cho 1, Seok-soo Kim 1, Gil-cheol Park 1,
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationEXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More information