Getting Your Business Back
|
|
- Jane Peters
- 8 years ago
- Views:
Transcription
1 Getting Your Business Back Pulling Together Business Continuity, Crisis Management and Disaster Recovery Many organizations have a program (or programs) in place to keep operations going (or to resume them as quickly as possible) when faced with a loss or interruption of resources. Whatever these programs are called business continuity, disaster recovery, business resiliency or anything else there seems to be a common thread: the responsibility for them tends to lie in several different (and often uncoordinated) departments. In many cases, the business continuity group reports to the CFO, the Risk Officer, the COO and the IT department. But structure and reporting does not guarantee successful business continuity. With responsibility for business continuity lying in so many places, how do you make it work? This white paper outlines an approach to business continuity that lets you take a group of people with unique and valuable skills and organize them in a collaborative way to create a successful business continuity program. This does not mean that every member of the team is equal to the next. Leadership and accountability are also important parts of a successful business continuity recipe. The approach outlined in this paper is founded on the belief that a business continuity program can only be effective if it s a part of the culture of an organization. Definitions As a starting point let s agree upon some basic concepts: Business continuity is the discipline of assuring that a business has a plan to resume operations in the event of loss of resources (people, facilities, technology, machinery, transportation, critical records or third-party suppliers) resulting in an unacceptable slowdown or loss of business operation. Disaster recovery is the discipline of recovering IT assets and services lost to the business. Crisis management is the process of executing a structured plan to manage the response to an event that affects business continuity or requires a recovery process. Risk management is the discipline of ascertaining and mitigating risks. In most cases this includes a wider definition of risk mitigation than that associated with a business disruption due to a loss of resources. Audit and compliance is the discipline of validating that specific processes are being followed and requirements met. Best Practices
2 One way of looking at the relationship of these groups within an organization is depicted in the following graphic: Business Continuity Disaster Recovery Crisis Management Risk Management Audit and Compliance As illustrated above, disaster recovery and crisis management are disciplines within business continuity management. Risk management overlaps the responsibility of continuity management, and audit and compliance has an overlapping responsibility across all risks areas within the company. An Approach The primary goal of a business continuity program is to coordinate the efforts of your business continuity group, your information technology organization, your audit and compliance and risk management functions, and the business units or departments responsible for developing or executing individual business-continuity, disaster-recovery or crisis-management plans. An architect or a designer starts a project with a vision of what the end-state will be. In business, we follow a process or framework, focusing more on the steps than on the end game. One suggestion would be to take the best of both of these approaches. Whether you re at the beginning of your program, or well into the program and looking for places to improve, following a structured process and having a specific end-state as a goal will significantly improve the outcome. Each of the different groups in your company, like the members of a team, should work together, having both individual assignments and a team goal. The audit and compliance and risk-management functions help identify gaps and direction; the business continuity team creates and coordinates the overall plan; the business units execute their individual recovery solutions; and the IT department oversees the technology. The role of the business continuity group What should a business continuity group be doing to fulfill its role in the program? It should: Establish an overall plan with both long- and short-term goals. This program plan should detail the steps that will be taken to build or expand the program. This should encompass both short-and long-term goals (see page 4). It should also include the required human resources, an estimate of the time commitment needed from those resources, and any budgetary impact. The program plan will be a key component of the justification or business case that may need to be developed to ensure executive support. page 2
3 The role of the business continuity group Establish an overall plan with both long- and short-term goals. Establish communication plans. Define recovery scenarios and severity levels to establish response protocols. Define the measurement and control points of the program. Be consultative to the business. Establish a framework for business units to use in building their own continuity plans. The business continuity group should not take on the writing of continuity or recovery plans for business units, departments or facilities. Instead, they should provide the structure and the framework for such plans, and supporting documentation. Individual plans won t be exactly the same as one another, but there should be similarities in context and framework from one plan to another. The business continuity group should set guidelines for the content and an appropriate level of response based on which resource is lost and the severity of the loss (see Define recovery scenarios and severity levels on page 4). Lastly, it s important for the group to establish that there is continuity in plan development, communication protocols, and test exercise objectives. Establish communication plans. The business continuity group will also draw up and maintain communication plans in line with the organization s crisis management plans (this may require an interface with corporate communications and legal). Some events will have an obvious prescriptive response, while others will rely on specified processes to determine the right responses and assure their timely execution. The business continuity team needs to ensure that the communication plan covers the processes for declaring a disaster, communicating what response plan has been put in motion, providing ongoing communications, and coordinating communication activities. The crisis management plan developed by the crisis management team coordinates the activities between senior and local management and other employees. It also establishes the activities for event lifecycle management (declaration, assessment, response), recovery team coordination and activity prioritization. The plan should have two specific parts: a strategic document describing the interaction between groups, and a tactical set of instructions much like a project plan. Define recovery scenarios and severity levels to establish response protocols. Business continuity planning means being able to call on an alternative resource if your primary resource becomes unavailable. Your plan should cover seven types of resource people, facilities, technology, machinery, transportation, critical records and third-party suppliers taking into consideration the severity of the loss and the expected length of the disruption. As an example, in planning for a flu outbreak you need an alternative resource plan for a people resource shortage. You have to define your critical people resources, determine how long you can operate without their specific service to your company, and develop a plan to cross-train others to do the job of those missing. In doing so you ve defined the parameters of the disruption, who and how many are out, and how long the disruption will last. In other words, you ve identified and delineated the disruption possibility and determined your recovery plan based upon the severity. Defining disruption severities allows you to set expectations of what you will and won t do when a disruption occurs. It helps determine when a disruption is really a disaster and, by nature of the definition, outlines an appropriate action. page 3
4 Define the measurement and control points of the program. Once your business continuity program is underway, it s important to articulate the progress that it s making. While common indicators include the number of mechanical outcomes (completed business impact assessments (BIAs), completed plans, etc.), other measurements could be the amount of risk mitigated, the preparedness of staff at a location, the success of the last exercise, or a self-evaluation by the senior manager in charge of the facility. While these types of measurements are less binary, and certainly more subjective, than the mechanical outcomes, they really help define the risk of not being able to recover from a disruption due to a lack of understanding or lack of preparedness by the relevant people. Be consultative to the business. Only by communicating with and helping the business-continuity user community within your organization (ie, those affected by the program), can you build their awareness and adoption of the program and evolve their maturity within the program. From the six points above we can see that the business continuity group generally has three main responsibilities when it comes to developing or refining the business continuity program: 1) Defining the framework and governance of the program. 2) Validating and measuring the results of the program. Building and maintaining a business continuity program is not a sprint, it s a journey. It requires a change in corporate culture. 3) Being the champions of the program. Four principles of successful business continuity programs As the business continuity group works to carry out these responsibilities, here are some tips for doing so successfully. Establish short- and long-term goals Building and maintaining a business continuity program is not a sprint, it s a journey. It requires a change in corporate culture. Establish your goals on both a short- and longterm scale (six-monthly or one-year increments work in most organizations). Make sure the goals are measurable, attainable, and easily communicated. If you re implementing a new program, good short-term goals include developing the charter and the framework of the program, while good long-term goals might be implementing communication and awareness programs. In an existing business continuity program, a good place to start is identifying the maturity of the program and comparing it to the risk tolerance of the organization. In general, this type of assessment pinpoints gaps that identify measurable changes to the program. Make sure it works There are many publications, instructions, processes and methodologies for implementing a business continuity program. Many of them could have you paying a lot of attention to the activities in the program, yet not producing a result that changes the continuity posture of your organization. Why? One business continuity manager from a large multinational organization spent more than a year working on the company s risk analysis. He first identified an impressive list of risks and potential threats. Next he investigated the historical occurrences of each of the threats, driving towards the root cause of several of the occurrences, and then assigning a probability of occurrence to each threat based on the likelihood of the company experiencing the same type of event again. At the end of the year, a pretty significant document was created. It was rich in facts and details; but it could not draw a specific conclusion or support any of the program recommendations. page 4
5 The problem is analysis paralysis. Gaining a better understanding of events is certainly important; indeed it s best practice. But no matter how much analysis you do, there s really no way to predict most disasters. So you need to match the analytical process with at least as much attention to the results you want to achieve and the actions you must take to achieve them. Here s a simple analogy. If you rely on your car for transportation, a flat tire is a threat to your transportation resource. Analyzing the incidence of flat tires might give you insight into the conditions most likely to cause a flat, but can never actually predict the next one. That s why the most important thing you can do is keep up with the normal maintenance schedule and regularly check to see if the spare is road-worthy. The spare tire mitigates the risk of losing your transportation resource, even though the loss event is not predictable. Methodologies, frameworks and standards all provide a set of guidelines to best practice in building your business continuity program; but a common mistake is focusing on the process and never looking at the results. So make time to take a step back and assess how integral to your company your business continuity program is. If it s not an integral part of the organization s culture and processes it s unlikely to give you the results you expect. Automate if you can Having a tool to automate a repetitive process can save time and money, providing the acquisition and implementation cost of the tool doesn t outweigh the benefit it provides. Many tools are available in the industry but not all add value. Some automate a process that is already automated; others take a methodology and automate that methodology, requiring you to adopt their way of doing things. Tools don t need to be complex in order to be useful. They just need to be able to economically assist you in getting a job done in the way that you want to do it. Tools don t need to be complex in order to be useful. They just need to be able to economically assist you in getting a job done in the way that you want to do it. The question, when selecting a tool, is: what are you expecting it to do? Evaluate what you want the tool to do and what alternative methods there are for achieving those ends, before assessing the features and functions of the tool, the level of customization you require (and how easy it is to customize), and what benefits the tool brings. Don t forget to consider the requirements of crisis management and disaster recovery planning; if a tool doesn t help with these elements of business continuity it s leaving out half the story. An important consideration for any tool set is how well it lets you identify the control and audit points in your program, and understand the level to which each location, department or person (as relevant) has executed that control. For example, say there s a requirement to review the business impact of a potential outage on a biannual basis. The departments that have completed that task are compliant, and those that have not are non-compliant. If this requirement is dictated by a standard framework that your organization is bound by, the exposure that exists because of non-compliance is a measurable risk that is important to understand. If you have many locations or departments covered by this requirement (maybe nationally or even globally), collecting this datum on compliance can be a daunting task unless it s a function of an automated control point in your business continuity management tool. The final question to ask is whether or not the tool lets you easily link to other functions of the business such as risk management, audit and compliance. Without such linkages, it s difficult to truly understand the business impact of business continuity activities over time. page 5
6 Don t confuse installation and implementation Business continuity tools can be complex, especially for larger organizations. Having a tool installed entails setting up the computing platform and configuring the software for access. It doesn t get you close to having a useful and productive tool for your program; for that you need an implementation plan. Success stems from understanding what you need to automate and what compromises you re willing to make with the tool that you select, as well as a realistic understanding of the benefits it can bring to your program. An implementation plan for a tool requires you to understand what you want automated, what you re expecting as a result, and how to work with the tool vendor to roll out these requirements after installation. The implementation process includes configuration, customization, and training for you and the end-user community on the tool s functionality and features. It may also cover requirements for integration with other tools, such as those for risk management or audit and compliance. Some organizations start by buying a tool and building their program around it. Others build their program and then buy a tool to support it. Both approaches have the same likelihood of success or failure. Success stems from understanding what you need to automate and what compromises you re willing to make with the tool that you select, as well as a realistic understanding of the benefits it can bring to your program. In your evaluation of any tool, ask to talk to the customers who are having difficulties implementing the tool, not just the reference customers. Conclusion While many organizations have a culture of separating the responsibilities for functions such as disaster recovery, crisis management, risk management, audit and compliance, and business continuity, there are working management structures, processes and tools that can help you have a coordinated approach to these related functions. In this way you can change the business continuity and recovery posture of your organization for the better. Written by John Linse, Global Competency Data Protection Service for EMC. John is a regular speaker at disaster recovery events, seminars and conferences, including recent presentations at EMC World, HIMMS, and local chapters of ACP. John has published a white paper, Decision in Disaster Recovery and is authoring another on data protection in a cloud architecture. page 6
7 About RSA RSA is the premier provider of security, risk and compliance solutions, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, data loss prevention, encryption and tokenization, fraud protection and SIEM with industry leading egrc capabilities and consulting services, RSA brings trust and visibility to millions of user identities, the transactions that they perform and the data that is generated. EMC 2, EMC, RSA and the RSA logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners EMC Corporation. All rights reserved. Published in the USA. h9013-bccmdr-wp-0811
RSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationThe RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief
The RSA Solution for Cloud Security and Compliance A GRC foundation for VMware infrastructure security and compliance Solution Brief The RSA Solution for Cloud Security and Compliance enables end-user
More informationTECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS
TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS BUSINESS BENEFITS Use of the Certified Partner seal and the Secured by RSA brand on product packaging and advertising Exposure in the Secured by RSA
More informationRSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationNEEDS BASED PLANNING FOR IT DISASTER RECOVERY
The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationCode Subsidiary Document No. 0007: Business Continuity Management. September 2015
Code Subsidiary Document No. 0007: September 2015 Change History Version Number Date of Issue Reason For Change Change Control Reference Sections Affected 20150511 11 May 2015 For industry consultation
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationRSA, The Security Division of EMC. Zamanta Anguiano Sales Manager RSA
RSA, The Security Division of EMC Zamanta Anguiano Sales Manager RSA The Age of the Hyperextended Enterprise BUSINESS ISSUES IMPACT Innovation Collaboration Exploding Information Supply Chain Customer
More informationData Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
More informationRSA SECURITY MANAGEMENT. An Integrated approach to risk, operations and incident management. Solution Brief
RSA SECURITY MANAGEMENT An Integrated approach to risk, operations and incident management Solution Brief THE PROBLEM WITH TACTICAL SECURITY MANAGEMENT What are your organization s most pressing IT security
More informationBusiness resilience: The best defense is a good offense
IBM Business Continuity and Resiliency Services January 2009 Business resilience: The best defense is a good offense Develop a best practices strategy using a tiered approach Page 2 Contents 2 Introduction
More informationIMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More informationDisaster Recovery Strategy in the Modern Market A PRACTICAL GUIDE FOR BUSINESS. Your Proven Partner in Communications Solutions
TM Disaster Recovery Strategy in the Modern Market A PRACTICAL GUIDE FOR BUSINESS Your Proven Partner in Communications Solutions Contents What is Disaster Recovery? 1 Components of Disaster a Recovery
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationRSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief
RSA Solution Brief RSA envision Platform Real-time Actionable Information, Streamlined Incident Handling, Effective Measures RSA Solution Brief The job of Operations, whether a large organization with
More informationIBM index reveals key indicators of business continuity exposure and maturity
IBM Global Technology Services Business Continuity and Resiliency Services IBM index reveals key indicators of business continuity exposure and maturity Will a more holistic approach to business continuity
More informationHow Organizations Are Improving Business Resiliency With Continuous IT Availability
A Custom Technology Adoption Profile Commissioned By EMC Corporation How Organizations Are Improving Business Resiliency With Continuous IT Availability February 2013 Introduction: Business Stakeholders
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationTop 10 Compliance Issues for Implementing Security Programs
www.dyonyx.com Top 10 Compliance Issues for Implementing Security Programs This White Paper articulates the top ten issues that we have encountered in the design and implementation of comprehensive Security
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More informationFlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk
Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk 2012 The Flynt Group, Inc., All Rights Reserved FlyntGroup.com Enterprise Risk Management and Business
More informationWhite Paper. Incident Management: A CA IT Service Management Process Map
White Paper Incident Management: A CA IT Service Management Process Map Peter Doherty Senior Consultant, Technical Service, CA, Inc. Peter Waterhouse Director, Product Marketing, Business Service Optimization,
More informationGETTING STARTED WITH DISASTER RECOVERY PLANNING
GETTING STARTED WITH DISASTER RECOVERY PLANNING Ten misperceptions, Five best practices EMC PERSPECTIVE Natural and man-made events plus the technology innovations of the 21st century have heightened awareness
More informationThe seven essential practices for effective business continuity management
IBM Global Technology Services Thought Leadership White Paper April 2014 The seven essential practices for effective business continuity management Building a business-centric program to help reduce risk
More informationDisaster Recovery and Business Continuity What Every Executive Needs to Know
Disaster Recovery and Business Continuity What Every Executive Needs to Know Bruce Campbell & Sandra Evans Contents Why you need DR and BC What constitutes a Disaster? The difference between disaster recovery
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationEnterprise Data Supply Chain Management
Enterprise Data Supply Chain Management What You Need to Know July 2015 www.stonebranch.com Abstract Of all the assets a company owns, perhaps the most valuable is its data. This data has its highest meaning
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationChapter I: Fundamentals of Business Continuity Management
Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify
More informationHow To Improve Your It Performance
SOLUTION BRIEF IMPROVING CAPACITY PLANNING USING APPLICATION PERFORMANCE MANAGEMENT How can I ensure an exceptional end-user experience for business-critical applications and help reduce risk without over
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More information50x 2020 40 Zettabytes*
IBM Global Technology Services How to integrate cloud-based disaster recovery into your existing business continuity plans Richard Cocchiara: IBM Distinguished Engineer; CTO IBM Business Continuity & Resiliency
More informationSoftware License Asset Management (SLAM) Part 1
LANDesk White Paper Software License Asset Management (SLAM) Part 1 Five Steps to Reduce Software License Costs and Ensure Audit Preparedness Contents A Software Audit Looms in Your Future.... 3 Overbuying
More informationManaging business risk
Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success
More informationSUSTAINING COMPETITIVE DIFFERENTIATION
SUSTAINING COMPETITIVE DIFFERENTIATION Maintaining a competitive edge in customer experience requires proactive vigilance and the ability to take quick, effective, and unified action E M C P e r s pec
More informationBusiness Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationDisaster Recovery and Business Continuity Plan
Disaster Recovery and Business Continuity Plan Table of Contents 1. Introduction... 3 2. Objectives... 3 3. Risks... 3 4. Steps of Disaster Recovery Plan formulation... 3 5. Audit Procedure.... 5 Appendix
More informationAdvanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series
Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery Table of Contents Introduction...3 This white paper was written
More informationPRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT
PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT RESOURCES PROVIDED THROUGH APRIL 2001 Slides Narration In the last presentation, you learned about some of the general responsibilities
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationRisk & Audit Committee California Public Employees Retirement System
California Public Employees Retirement System Consent Agenda Item 5d ITEM NAME: Enterprise Risk Management Division Status Report PROGRAM: Risk Management ITEM TYPE: Information Consent EXECUTIVE SUMMARY
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance
The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal
More informationElements of a Sound Business Continuity Plan and the Role of the Cloud. An NTT Communications White Paper
Elements of a Sound Business Continuity Plan and the Role of the Cloud An NTT Communications White Paper Table of Contents Introduction... 2 Elements of a Business Continuity Plan... 2 Identify Critical
More informationPCI DSS READINESS AND RESPONSE
PCI DSS READINESS AND RESPONSE EMC Consulting Services offers a lifecycle approach to holistic, proactive PCI program management ESSENTIALS Partner with EMC Consulting for your PCI program management and
More informationAppendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015
Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationDISASTER RECOVERY PLANNING GUIDE
DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide
More informationBusiness Service Management Links IT Services to Business Goals
WHITE PAPER: BUSINESS SERVICE MANAGEMENT Business Service Management Links IT Services to Business Goals JANUARY 2008 Sarah Meyer CA SOLUTIONS MARKETING Table of Contents Executive Summary SECTION 1 2
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBirmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
More informationSECURING IDENTITIES IN CONSUMER PORTALS
SECURING IDENTITIES IN CONSUMER PORTALS Solution Brief THE CHALLENGE IN SECURING CONSUMER PORTALS TODAY The Bilateral Pull between Security and User Experience As the world becomes increasingly digital,
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationThe case for cloud-based data backup
IBM Global Technology Services IBM SmartCloud IBM Managed Backupi The case for cloud-based data backup IBM SmartCloud Managed Backup offers significant improvement over traditional data backup methods
More informationThe Emergence of Security Business Intelligence: Risk
The Emergence of Security Business Intelligence: Risk Management through Deep Analytics & Automation Mike Curtis Vice President of Technology Strategy December, 2011 Introduction As an industry we are
More informationRSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education
RSA Archer Training Governance, Risk and Compliance Managing enterprise-wide governance, risk and compliance through training and education www.emc.com/rsa-training 1 RSA Archer Training Table of Contents
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationBest Practices for PCI DSS V3.0 Network Security Compliance
Best Practices for PCI DSS V3.0 Network Security Compliance January 2015 www.tufin.com Table of Contents Preparing for PCI DSS V3.0 Audit... 3 Protecting Cardholder Data with PCI DSS... 3 Complying with
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationTop 10 Managed Hosting And Hosted Cloud Best Practices
A Forrester Consulting June 2014 Thought Leadership Paper Commissioned By AT&T Top 10 Managed Hosting And Hosted Cloud Best Practices Table Of Contents Executive Summary... 1 Minimize Pitfalls In Transitioning
More informationBusiness Continuity in Healthcare
Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,
More informationOVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.
Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the
More informationAudit of the Disaster Recovery Plan
Audit of the Disaster Recovery Plan Report # 11-05 Prepared by Office of Inspector General J. Timothy Beirnes, CPA, Inspector General Kit Robbins, CISA, CISM, CRISC, Lead Information Systems Auditor TABLE
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationThe Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationTHE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE
THE BUSINESS CASE FOR BUSINESS CONTINUITY MANAGEMENT SOFTWARE When it comes to building a business continuity management (BCM) program that s complete, current, and compliant, there is no substitute for
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationAchieving ITSM Excellence Through Availability Management
Achieving ITSM Excellence Through Availability Management Technology Concepts and Business Considerations Abstract This white paper outlines the motivation behind Availability Management, and describes
More informationBusiness continuity plan
Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table
More informationSIEM 2.0: AN IANS INTERACTIVE PHONE CONFERENCE INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS SUMMARY OF FINDINGS
SIEM 2.0: INTEGRATING FIVE KEY REQUIREMENTS MISSING IN 1ST GEN SOLUTIONS AN IANS INTERACTIVE PHONE CONFERENCE SUMMARY OF FINDINGS OCTOBER 2009 Chris Peterson, LogRhythm CTO, Founder Chris brings a unique
More informationWhite paper. Creating an Effective Security Operations Function
White paper Creating an Effective Security Operations Function Awareness of security issues is fundamental to an effective policy. When we think of a security operations center (SOC), we often have an
More informationRisk mitigation for business resilience White paper. A comprehensive, best-practices approach to business resilience and risk mitigation.
Risk mitigation for business resilience White paper A comprehensive, best-practices approach to business resilience and risk mitigation. September 2007 2 Contents 2 Overview: Why traditional risk mitigation
More informationQ uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper
This quick reference guide provides an introductory overview of the key principles and issues involved in IT related disaster recovery planning, including needs evaluation, goals, objectives and related
More informationFeet On The Ground: A Practical Approach To The Cloud Nine Things To Consider When Assessing Cloud Storage
Feet On The Ground: A Practical Approach To The Cloud Nine Things To Consider When Assessing Cloud Storage by seth anderson consultant audiovisual preservation solutions 2014 AVPreserve Media Archiving
More informationChapter 1: An Overview of Emergency Preparedness and Business Continuity
Chapter 1: An Overview of Emergency Preparedness and Business Continuity After completing this chapter, students will be able to: Describe organization and facility stakeholder needs during and after emergencies.
More informationCRR Supplemental Resource Guide. Volume 6. Service Continuity Management. Version 1.1
CRR Supplemental Resource Guide Volume 6 Service Continuity Management Version 1.1 Copyright 2016 Carnegie Mellon University This material is based upon work funded and supported by Department of Homeland
More informationSoftware License Asset Management (SLAM) Part III
LANDesk White Paper Software License Asset Management (SLAM) Part III Structuring SLAM to Solve Business Challenges Contents The Third Step in SLAM: Optimizing Your Operations.... 3 Benefiting from Step
More informationDatacenter Management and Virtualization. Microsoft Corporation
Datacenter Management and Virtualization Microsoft Corporation June 2010 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the
More informationAppendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement - 2016
Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement - 2016 Policy Statement - 2016 This Policy sets the direction for Business Continuity Management at Leicester
More informationeguide: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success
: Designing a Continuous Response Architecture 5 Steps For Windows Server 2003 End of Life Success FAST FACTS Over 10 Million Windows Server 2003 Devices Still In Use Less Than 250 Days To Windows Server
More informationCrossing the DevOps Chasm
SOLUTION BRIEF Application Delivery Solutions from CA Technologies Crossing the DevOps Chasm Can improved collaboration and automation between Development and IT Operations deliver business value more
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationThe Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER
The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More information