HYDSPIN-ProMinds CERT-RMM Presentation (25Aug2011)


Published on

HYDSPIN-ProMinds "CERT-RMM , A Curtain Raiser" Presentation at Hyderabad, India

Published in: Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

HYDSPIN-ProMinds CERT-RMM Presentation (25Aug2011)

  1. 1. Overview to ProMinds®Engineering Business Transformations www.promindsglobal.com
  2. 2. CERT®-RMM : A Curtain Raiser For HYDSPIN, Hyderabad, India 25th August 2011 By P M Shareef Certified Lead Appraiser & Lead Auditor www.promindsglobal.com
  3. 3. Notice and Disclaimer NO WARRANTY THIS MATERIAL OF PROMINDS CONSULTING IS FURNISHED ON AN ―AS-IS" BASIS FROM THE REFERENCE MATERIALS AS STATED IN THE LAST WITHOUT ANY ALTERATIONS. PROMINDS CONSULTING MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. PROMINDS CONSULTING DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder. DISCLAIMER This message and any attachments are solely intended for the addressee(s). It may also be ProMinds’ confidential, privileged and / or subject to copyright. Access to this presentation by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited that may be unlawful. If you have received this in error, please notify the sender immediately by return and delete it from your computer. While all care has been taken, ProMinds management disclaims all liabilities for loss or damages to person(s) or properties arising from misuse of any information provided or the message being infected by computer virus or other contamination. 3 www.promindsglobal.com
  4. 4. Take Away’s • What is Resilience Management? • Why Resilience Management? • Preamble to CERT® Resilience Management Model • Features and Benefits of the CERT® - RMM • CERT-RMM Appraisals • Roles You Could Play • Summary 4 www.promindsglobal.com
  5. 5. What is Resilience? Resilience is a function of an organisation’s: situation awareness, management of keystone vulnerabilities and adaptive capacity in a complex, dynamic and interconnected environment. Mostly it refers to the operational part of the business wherein challenges are many as against many of the current standards and practices, which focuses on the strategic part of business. 5 www.promindsglobal.com
  6. 6. Defining “RESILIENCE” • A Resilient Organisation is one that is: – able to achieve its business objectives and – realise opportunities, even in the face of adversity. • Resilience Management is the ability of an Organisation to survive an unscheduled disruption or major crisis from its ability to adapt using proven and integrated Risk Management, Crisis Management and Business Continuity Management processes using a single line of sight. 6 www.promindsglobal.com
  7. 7. Resilience Management Framework Increasing situational awareness will provide greater understanding of vulnerabilities that can critically undermine performance. Emergency Management Testing of plans and Planning Testing Business Continuity Management people response is Risk Management essential to ensure Adaptive Capability realism Decision makers learn about underlying values systems and key individuals - relying on the culture 7 www.promindsglobal.com
  8. 8. Resilience Indicators Situation Awareness Manage Key Threats Adaptive Capacity Roles & Planning Strategies Silo Mentality Responsibilities Understanding Hazards Participation in Communications and & Consequences Exercises Relationships Connectivity Capability & capacity Strategic Vision and Awareness Of Internal Resources Outcome Expectancy Insurance Capability & capacity Information & Awareness Of External Resources Knowledge Organizational Leadership, Management Recovery Priorities Connectivity & Governance Structures Aware of total Those components of an The culture of the operating system, organization that have organization allowing it including threats, the potential to cause the to make decisions in a opportunities, greatest negative impact timely and appropriate connectivity and manner in a crisis. internal and external stakeholders 8 www.promindsglobal.com
  9. 9. Why Resilience Management (RM)? • It brings together all the planning that an organisation may have done under one umbrella; • Increases its situation awareness; • Have a greater understanding of the vulnerabilities that can critically undermine its performance; • Improve its adaptive capacity as decision makers; • Make you learn more about the underlying value systems of the organisation and of key individuals in the organisation; • Highlights the expectations that decision makers have of their enterprise and key stakeholders; • Offers a way to test existing plans and create new ones. Risk Management, Business Continuity and Emergency Management are commonly viewed as closely related, but a practical means of linking them is often not achieved. 9 www.promindsglobal.com
  11. 11. What is CERT® RMM? 11 www.promindsglobal.com
  12. 12. CERT® RMM Background 12 www.promindsglobal.com
  13. 13. CERT® RMM – Imperatives 13 www.promindsglobal.com
  14. 14. CERT® - RMM in the Life Cycle Operational resilience management focuses on the deploy, operate, and decommission phases, but reaches back to development phase of lifecycle to ensure consideration of security and continuity issues prior to placing assets in production 14 www.promindsglobal.com
  15. 15. For Comparison: CERT® - RMM & CMMI 15 www.promindsglobal.com
  16. 16. Features of CERT® - RMM CERT-RMM brings several innovative and advantageous concepts to the management of operational resilience. • The convergence advantage: Merging the disciplines of security, BC/DR, and IT operations into a single model • The process advantage: Elevating these disciplines to a process view, useful as an integration and measurement framework • The maturity advantage: Provides a foundation for practical institutionalization of practices— critical for retaining these practices under times of stress 16 www.promindsglobal.com
  17. 17. CERT® - RMM at a glance 17 www.promindsglobal.com
  18. 18. CERT® - RMM by numbers 18 www.promindsglobal.com
  19. 19. Process Area Structure 19 www.promindsglobal.com
  20. 20. Benefits of CERT® - RMM CERT-RMM can be used as a • Starting point for leveraging convergence across security, business continuity, and IT operations activities • Reference model for understanding the scope of managing operational resiliency • Taxonomy to enable internal and external communication • Organizing construct for codes of practice, standards, and regulations and a framework for compliance • Process improvement model to catalyze improvement efforts • Baseline for appraising an organization’s capability • Guide for improvement in areas where an organization’s capability does not equal its desired state 20 www.promindsglobal.com
  21. 21. As an Organizing Principle 21 www.promindsglobal.com
  22. 22. The Promise of Process Institutionalization 22 www.promindsglobal.com
  23. 23. Process Institutionalization 23 www.promindsglobal.com
  24. 24. Process Institutionalization in CERT® - RMM 24 www.promindsglobal.com
  25. 25. Example: Asset Definition and Management 25 www.promindsglobal.com
  26. 26. Institutionalizing Asset Definition and Management 26 www.promindsglobal.com
  27. 27. Practice Example: ADM.SG1.SP1 – Inventory Assets 27 www.promindsglobal.com
  28. 28. The Resilient Organization 28 www.promindsglobal.com
  29. 29. Classes of Formal CERT® - RMM Appraisal Methods 29 www.promindsglobal.com
  30. 30. CERT-RMM Check Points • Capability Survey • CERT-RMM Compass 30 www.promindsglobal.com
  31. 31. CERT-RMM Professional Roles • CERT-RMM Appraiser • CERT-RMM Navigator • CERT-RMM Coach • CERT-RMM Appraisal Team Member 31 www.promindsglobal.com
  32. 32. Summary • Times have significantly changed and we are facing increasing risks, uncertainty and unprecedented disasters in peoples’ lives and businesses • Now more about survival requiring simpler, practical, faster and tested solutions towards the focus on resilience • New challenges driving new ways of thinking • An embedded top down / bottom up Resilience Management Program and culture is about “doing business better” in managing opportunities, mitigating risks and becoming more resilient in a rapidly changing operating environment Statistically 1 in 5 organisations will suffer a major incident every 5 years 32 www.promindsglobal.com
  33. 33. References 1. Presentation on CERT® Resilience Management Model – A Maturity Model Approach to Managing Operational Resilience by Rich Caralli of CERT® RMM Team 2. Presentation on CERT® Resilience Management Model – Improving and Sustaining Processes for Managing Operational Resiliency by Rich Caralli of CERT® RMM Team 3. CERT® Resilience Management Model – A Maturity Model for Managing Operational Resilience (CERT® RMM Ver 1.1) by Rich Caralli, Julia H. Allen and David W. White of Addison Wesley Publications 4. Presentation on “Towards Resilience Management” by David Martin ProMinds® do hereby acknowledge the copyright and trademarks of the above referenced materials and assure that, no modifications / alterations are made on their 33 www.promindsglobal.com
  34. 34. CERT-RMM-Book & Contacts 34 www.promindsglobal.com
  35. 35. Click to editOverview ProMinds Master title style Who We Are What Are We • Founded in June 2005 • Empanelled with CERT-In, • HQ in Hyderabad, India Ministry of ICT, as an Info. Security Auditing Org. • Served 250+ Clients • Worldwide partner SEI-CMU, • Across 15+ Industries for CMMI® & People CMM • In Over 10 Countries • An ISO 27001:2005 certified • 250+ Man-years of Experience • An ISO 9001:2008 certified • 25+ Professionals • A member of NASSCOM • A member of DSCI 35 www.promindsglobal.com
  36. 36. What Do We Do IT Governance Technology, Capability & Industrial Risk and Performance & Maturity Advisory Compliance Transformation 36 www.promindsglobal.com
  37. 37. Whom We Serve Industries and Sectors Software & IT Services Business Process Outsourcing Banking & Financial Services Healthcare & Insurance Telecom Manufacturing Governments & Public Sector Mining & Metals Defense Oil & Gas Pharmaceuticals Energy For more details, visit us at www.promindsglobal.com or 37 www.promindsglobal.com
  38. 38. 38www.promindsglobal.com
  39. 39. Contact Us We would be happy to provide any further information that you may require to assist in your corporate transformation initiatives Please contact us: Corporate Office: Regional Offices: ProMinds® Consulting Pvt. Ltd. Bangalore | Chennai | Mumbai | New Delhi 402, ABK Olbee Plaza, Road No. 1, Banjara Hills, Hyderabad - 500034 India Tel: +91-40-40207383, 23113996 Mob: +91-9866673663 info@promindsglobal.com US Office ProMinds Global Inc 614 Broadmoor Dr., APT C, Saint Louis, Missouri 63017 USA Phone: +1-314-4713604, +1-314-8495264 E-Mail: info@promindsglobal.com 39 www.promindsglobal.com