SlideShare a Scribd company logo

Wong Tew Kiat - The Uncertainities

H
Hoi Lan Leong

BCM Conference 2013

BusinessEconomy & Finance
1 of 15
Download to read offline
31/10/2013 Prepared Always, Resilient Always Business Continuity Management The Uncertainties 25 October 2013 Wong Tew Kiat CBCP, MBCI, CITBCM(S), CITPM(S), COMIT(S), Fellow SCS Founder & Managing Director 2 31 October 2013 What is Business Continuity Management? 3 31 October 2013 1
31/10/2013 Business Continuity Management (BCM) Is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating ISO22301 4 31 October 2013 Business Continuity Management (BCM) Have we planned holistically? 5 31 October 2013 6 31 October 2013 Business As Usual 2
31/10/2013 Key Components & Activities Staff Sales, Marketing, Engineers, Technicians, Procurement, Finance, Delivery, Transportation IT Technologies Computer Systems, Emails, Internet, Sales Order Systems, Invoicing System, Procurement System, Data Centre and Network Communications Key Products Raw Materials Local suppliers, Overseas suppliers, mode of delivery, timeline delivery, Ability to delivery, Single Point of Failure Plants Machineries, electrical power, generators Warehouse Inventories, Stocks Transportation and Delivery Customers 7 31 October 2013 Key Components & Activities Staff Sales, Marketing, Engineers, Technicians, Procurement, Disrupted! Finance, Delivery, Transportation IT Technologies Computer Systems, Emails, Internet, Sales Order Systems, Invoicing System, Procurement System, Data Centre and Disrupted! Network Communications Raw Materials Local suppliers, Overseas suppliers, mode of delivery, timeline delivery, Ability to delivery Key Products Delivery ? Customer Satisfaction Disrupted! Plants Machineries, electrical power, generators ? Warehouse Inventories, Stocks Disrupted! Transportation and Delivery Customers 8 31 October 2013 Business Continuity Management (BCM) Have we analysed the risks and impacts thoroughly? 9 31 October 2013 3
31/10/2013 Disruptive Events? 8 Sep 2013 – Another 3 die of MERS virus in Saudi Arabia 15 Aug 2013 – H7N9 bird flu may be spread through human faeces 10 31 October 2013 Disruptive Events? H5N1 H1N1 SARS 11 31 October 2013 Disruptive Events? 18 Sep 2013 – Ceilings Collapsed 17 Aug 2013 – Fire twice in Shopping Mall 12 31 October 2013 4
31/10/2013 Disruptive Events? 16 & 18 July 2013 – Fire twice at Poly 13 31 October 2013 Disruptive Events? 9 Oct 2013 – Fire. 60,000 customers affected 16 Oct 2013 – banking services disrupted by "system connectivity issue” 16 Oct 2013 - disruption to its 3G services was related to a scheduled network upgrade. 14 31 October 2013 Disruptive Events? Technologies Risks? Old and End-of-Life Servers? Old Programming Languages? 15 Old and End-of-Life Network Cards and Equipment 31 October 2013 5
31/10/2013 Disruptive Events? Disruptions – Suppliers and Delivery (Supply Chains) Iceland’s disruptive volcano (2010) The volcanic ash had forced the cancellation of many flights and disrupted air traffic across northern Europe, stranding thousands of passengers. 311 Japan Earthquake (2011) Factories, buildings, etc destroyed. 16 31 October 2013 3 Components in an Organisation’s Business Continuity? ? Data Critical Centre / Infrastructures Businesses Full BCM IT Systems 17 31 October 2013 3 Key “Push Factors” for BCM 1. Monetary Authority of Singapore (MAS) – June 2003 | MAS BCM Guidelines – Oct 2004 | MAS Outsourcing Guidelines – June 2013 | Technology Risk Management Guide 18 31 October 2013 6
31/10/2013 3 Key “Push Factors” for BCM 2. ICT Resiliency | End 2012 ICT Equipment Resiliency IT Systems ICT Systems Resiliency Data Data Centre Resiliency Centre / Infrastructures 19 31 October 2013 3 Key “Push Factors” for BCM 3. Singapore Business Federation (SBF) – SS540 - 2008 | Business Continuity Management Standards – SS ISO22301 – Dec 2012 | BCM Systems Requirements SS540 was launched by then Deputy Prime Minister and Coordinating Minister for National Security – Prof Jayakumar on 7 Nov 2008 To enhance corporate resilience in Singapore, selected Government or public agencies will consider tenderers’ level of BCM-readiness as part of the procurement process. In longer term, we will look at moving towards preferring suppliers of essential services which are BCM ready during our procurements More than 100 Companies being BCM Certified in 2013 20 31 October 2013 Critical Businesses / Services 7 BCM Principles ? Critical Businesses 21 31 October 2013 7
31/10/2013 MAS BCM Guidelines | 2003 – 7 Principles Principle 1 – Board of Directors and Senior Management should be responsible for their Institution’s Business Continuity Management Principle 2 – Institutions should embed Business Continuity Management into their Business-as-usual operations, incorporating sound practices Principle 3 – Institutions should test their Business Continuity Plan regularly, and meaningfully Principle 4 – Institutions should develop Recovery Strategies and set recovery time objectives for critical business functions Principle 5 – Institutions should understand and appropriately mitigate interdependency risk of critical business functions Critical Businesses Principle 6 – Institutions should plan for wide-area disruption Principle 7 – Institutions should practise a separation policy to mitigate concentration risk of critical business functions 22 31 October 2013 MAS Outsourcing Guidelines | 2004 Clause 4 – Legal and Regulatory Obligations An institution has to take steps to ensure that the service provider employs a high standard of care in performing the service as if the activity were not outsourced and conducted within the institution Clause 5 – Material outsourcing An institution should undertake periodic reviews of its outsourcing arrangements to identify new material outsourcing risks as they arise Clause 6 – Risk Management Practices Role of the Board and Senior Management Evaluation of Risks Capability of Service Providers Outsourcing Agreement Confidentiality and Security Business Continuity Management Monitoring and Control of Outsourced Activities Audit and Inspection Outsourcing outside Singapore/within a Group Outsourcing of Internal Audit to External Auditors 23 Critical Businesses 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 3 – Oversight of Technology Risks by Board of Directors and Senior Management Clause 4 – Technology Risk Management Framework Clause 5 – Management of IT Outsourcing Risks Clause 6 – Acquisition and Development of Information Systems Clause 7 – IT Service Management IT Systems Clause 8 – Systems Reliability, Availability and Recoverability Clause 9 – Operational Infrastructure Security Management Clause 10 – Data Centres Protection and Controls Data Centre / Infrastructures Clause 11 – Access Control Clause 12 – Online Financial Services Clause 13 – Payment Card Security (ATM, Credit and Debit Cards Clause 14 – IT Audit 24 31 October 2013 8
31/10/2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 4 – Technology Risk Management Framework Risk Assessment Risk Identification Risk Treatment IT Systems Risk Monitoring & Reporting Data Centre / Infrastructures Risk identification entails the determination of the threats and vulnerabilities to the FI’s IT environment which comprises the internal and external networks, hardware, 25 software, applications, systems interfaces, operations and human elements. 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 8 – Systems Reliability, Availability and Recoverability Disaster Recovery Plan Systems Availability System availability are: • Adequate capacity • Reliable performance • Fast response time • Scalability • Swift Recovery Capability DR Plan: • Various contingency scenario • Major system outages • Total incapacitation of primary DC • Recovery Priorities, RTO, RPO Disaster Recovery Testing DR Testing: • No impromptu and untested procedure • Test and validate annually • Test total shutdown or incapacitation of primary DC Data Backup Management Data Backup Strategy: • Direct-Attached Storage (DAS) • NAS • SAN • Testing & Validation • Encrypt backup media IT Systems 26 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 9 – Operational Infrastructure Security Management Data Loss Protection • • • • Internal Sabotage Clandestine espionage Furtive attacks by trusted staff, contractors and vendors Data Loss prevention strategy Networks & Security Config Mgt Technology Refresh Mgt • • Up-to-date inventory of software and hardware End-of-support • Consistent security settings Regular enforcement checks Anti-virus to servers Network security devices • • • Vulnerability Assessment & Penetration Testing • • Identify, assess and discover security vulnerabilities Conduct in-depth evaluation of the security posture of system IT Systems 27 31 October 2013 9
31/10/2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 10 – Data Centre Protection and Controls Threat Vulnerability Risk Assessment • • • • Security threats Operational weaknesses in DC DC’s perimeter and surrounding environment Access Controls Data Centre Resiliency Physical Security • • • • Control of access Secure and monitor Security Systems Surveillance tools • • • Redundancy Fault Tolerance – electrical power, air conditioning, fire suppression and data communications Backup power Data Centre / Infrastructures 28 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 10.0.1 - As FIs’ critical systems, applications, network devices and data are concentrated and maintained in the data centre (DC), it is important that the data centre is resilient (?) and physically secured (?) from internal (?)and external threats (?). o o o o Resilient – Tier Classification? Which Tier? Physically secured – TVRA? Internal Threats – Human process, overload, etc? External Threats – Power outage, dip, lightning, flood, etc? Data Note: Information from MAS Technology Risk Management Guidelines Centre / Infrastructures 29 31 October 2013 Data Centres Protection and Controls (UPS Battery Monitoring System) Providing a window to the battery with continuous, accurate monitoring and alarm notification Ensuring Resiliency Note: Information from Eaton Battery Monitoring System 30 31 October 2013 10
31/10/2013 Fundamentals of Power Infrastructures Uninterrupted Power Supply (UPS), batteries and capacitors o Batteries are always either in a state of charge or recharge o Once battery begins to discharge its electricity, the voltage drops and the battery will need to be charged o Battery autonomy – normally 15-30 minutes o Batteries may have 5-year life span, depending on its manufacturing specification o Capacitors – life span can be 1, 5 or 10 years depending on design What is the impact if they are not replaced? Data Centre / Infrastructures 31 31 October 2013 Fundamentals of Power Infrastructures Sample Line Diagram on power infrastructure Primary Power Panel Transformer Automatic Transfer Switch NonCritical Loads Diesel Generator Critical Loads bypass Data Centre / Infrastructures UPS System PDU IT Servers 32 31 October 2013 Fundamentals of Power Infrastructures LT Data MSB1 MBS2 MBS3 UPS Main Circuit Breaker MCCB ELR MCB Load ELCB RCCB Earth Leakage Relay Centre / Infrastructures MBS4 Moulded Case Circuit Breaker Leakage Miniature Circuit Breaker Server 33 Earth Leakage Circuit Breaker 31 October 2013 11
31/10/2013 Data Centre Risks – Risk Monitoring and Reporting Changes in IT environment and delivery channels, risk parameters may change Risk Monitoring & Reporting Periodic assessment of utilization on power usage, temperature & humidity reading, End-of-Life equipment, etc. At least a monthly or quarterly review Data Centre / Infrastructures 34 31 October 2013 Flu Pandemic Business Continuity Guides - 2006 Disease Outbreak Response System Condition (DORSCON) Alert Green Level 0 Public health threat to Singapore is low, no novel influenza virus outbreaks anywhere in the world Alert Green Level 1 Global concern with isolated animal-to-human transmission Alert Yellow Inefficient human-to-human transmission outside Singapore. The risk of important into Singapore is elevated. Where there are isolated imported cases, such cases have not resulted in sustained transmission locally Alert Orange Globally and / or locally, larger cluster(s) but human-to-human spread is still localized suggesting that virus is becoming increasingly better adapted to humans but may not yet be fully transmissible Alert Red Situation where there is a pronounced risk of acquiring the disease from the community. There is an increasing trend of mortality and morbidity rates among affect cases. The healthcare system is likely to be overwhelmed Alert black Morbidity and mortality rates are exceeding high, and emergency measures are needed to bring situation under control. Healthcare and other social support systems are overwhelmed by the pandemic. Critical Businesses 35 31 October 2013 Business Continuity Management - Framework Business Continuity Management Business Impact Analysis Business Impact Analysis Programme Management Continuity Strategy Business Continuity Procedures Business Continuity Test & Exercise Data Critical Businesses + IT Systems + 36 Centre / Infrastructures = Full BCM 31 October 2013 12
31/10/2013 Empowering Your Organization with. . . .. 37 31 October 2013 Empowering Your Organization with. . . .. BCM Guidelines Data Centre Standards Risk Assessments MAS BCM Guidelines MAS Outsourcing Guidelines MAS Technology Risk Management Walk-around Awareness & Trainings Identify ISO22301 BCMS Requirements IS22313 BCMS Guidelines Business Continuity Mgt Assess ICT Resiliency Mitigate Data Centre Control and Monitor TIA-942 Uptime Institute IT Technologies Internal Auditor 38 31 October 2013 Uncertainties “Seeing is Believing”…. See to Assess, Not Ask to Assess 1. Walk-around 2. Identify (See) 3. Assess 4. Mitigate Risks in….. Data Centre Risks: Power Overloading Hot Spots High Temperatures End-of-Life UPS Batteries / Capacitors Turn your nightmares into sweet dreams instead. (Even before it happens!) Technology Risks: End-of-Life – Servers, Software and Network Equipment Source Code Escrow Critical Services Process Risk Environment Risk Operating Risk “Certainties” 39 31 October 2013 13
31/10/2013 Peace of Mind Resilience Turn your nightmares into sweet dreams instead. (Even before it happens!) 40 31 October 2013 3 Components in an Organisation’s Business Continuity Data Critical Centre / Infrastructures Businesses Full BCM IT Systems 41 31 October 2013 Expect the Unexpected • Murphy’s Law – “Anything that can go wrong will go wrong” • John Wooden – 1910 – “Failure to prepare is preparing to fail.” • Chinese Proverb – 不怕 一 万 , 只怕 万 一 42 31 October 2013 14
31/10/2013 Coming….. 11 – 14 Nov 2013 43 31 October 2013 Coming….. 19 – 20 Nov 2013 44 31 October 2013 Thank You Wong Tew Kiat CBCP, MBCI, CITBCM(S), CITPM(S), COMIT(S), Fellow SCS Founder & Managing Director Organisation Resilience Management Pte Ltd M +65 98585127 E + wongtk@ormgt.com.sg W + www.ormgt.com.sg 45 31 October 2013 15

Recommended

How to switch from reactive maintenance to preventive maintenance complete ...
How to switch from reactive maintenance to preventive maintenance complete ...How to switch from reactive maintenance to preventive maintenance complete ...
How to switch from reactive maintenance to preventive maintenance complete ...BryanLimble
 
Information Security Governance #2A
Information Security Governance #2A Information Security Governance #2A
Information Security Governance #2A Marius FAILLOT DEVARRE
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Aladdin Dandis
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewAhmed Riad .
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance TemplateFlevy.com Best Practices
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Apoorva Ajmani
 

Recommended

How to switch from reactive maintenance to preventive maintenance complete ...
How to switch from reactive maintenance to preventive maintenance complete ...How to switch from reactive maintenance to preventive maintenance complete ...
How to switch from reactive maintenance to preventive maintenance complete ...BryanLimble
 
Information Security Governance #2A
Information Security Governance #2A Information Security Governance #2A
Information Security Governance #2A Marius FAILLOT DEVARRE
 
Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Module 4 disaster recovery student slides ver 1.0
Module 4 disaster recovery student slides ver 1.0Aladdin Dandis
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewAhmed Riad .
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance TemplateFlevy.com Best Practices
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Enterprise Information Security Architecture_Paper_1206
Enterprise Information Security Architecture_Paper_1206Apoorva Ajmani
 
Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project ManagementWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System SecurityCSSRL PUNE
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
BSI 100-30
BSI 100-30BSI 100-30
BSI 100-30Sergey Erohin
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
 
Beyond Predictive and Preventive Maintenance
Beyond Predictive and Preventive MaintenanceBeyond Predictive and Preventive Maintenance
Beyond Predictive and Preventive MaintenanceHarshad Shah
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014Aladdin Dandis
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
M0364073079
M0364073079M0364073079
M0364073079theijes
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...IJERA Editor
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Trends in Cloud Computing
Trends in Cloud ComputingTrends in Cloud Computing
Trends in Cloud Computingawais mushtaq
 
SCADA and Control Systems Security Summit
SCADA and Control Systems Security SummitSCADA and Control Systems Security Summit
SCADA and Control Systems Security SummitNicole Waddell
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
Body images
Body imagesBody images
Body imagesjdeamicis14
 
Map
MapMap
MapHare Krishan Sharma
 

More Related Content

What's hot

IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System SecurityCSSRL PUNE
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
 
Beyond Predictive and Preventive Maintenance
Beyond Predictive and Preventive MaintenanceBeyond Predictive and Preventive Maintenance
Beyond Predictive and Preventive MaintenanceHarshad Shah
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Aladdin Dandis
 
M0364073079
M0364073079M0364073079
M0364073079theijes
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...IJERA Editor
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Trends in Cloud Computing
Trends in Cloud ComputingTrends in Cloud Computing
Trends in Cloud Computingawais mushtaq
 
SCADA and Control Systems Security Summit
SCADA and Control Systems Security SummitSCADA and Control Systems Security Summit
SCADA and Control Systems Security SummitNicole Waddell
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 

What's hot (20)

Information Security - I.T Project Management
Information Security - I.T Project ManagementInformation Security - I.T Project Management
Information Security - I.T Project Management
 
IT governance and Information System Security
IT governance and Information System SecurityIT governance and Information System Security
IT governance and Information System Security
 
Security policy
Security policySecurity policy
Security policy
 
BSI 100-30
BSI 100-30BSI 100-30
BSI 100-30
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
 
Beyond Predictive and Preventive Maintenance
Beyond Predictive and Preventive MaintenanceBeyond Predictive and Preventive Maintenance
Beyond Predictive and Preventive Maintenance
 
Ch4 cism 2014
Ch4 cism 2014Ch4 cism 2014
Ch4 cism 2014
 
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014Fraudulent Methods for Attacking Bank Networks and Prevention 2014
Fraudulent Methods for Attacking Bank Networks and Prevention 2014
 
M0364073079
M0364073079M0364073079
M0364073079
 
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
Analysis of Payment Card Industry Data Security Standard [PCI DSS] Compliance...
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Trends in Cloud Computing
Trends in Cloud ComputingTrends in Cloud Computing
Trends in Cloud Computing
 
SCADA and Control Systems Security Summit
SCADA and Control Systems Security SummitSCADA and Control Systems Security Summit
SCADA and Control Systems Security Summit
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 

Viewers also liked

Adam Chee - The Role of Big Data, BCM & Cloud in Healthcare
Adam Chee - The Role of Big Data, BCM & Cloud in HealthcareAdam Chee - The Role of Big Data, BCM & Cloud in Healthcare
Adam Chee - The Role of Big Data, BCM & Cloud in HealthcareHoi Lan Leong
 
Preparacion sustrato
Preparacion sustratoPreparacion sustrato
Preparacion sustratovalera2021
 
Matthew Johnston - Big Data Futures Outlook BCM
Matthew Johnston - Big Data Futures Outlook BCMMatthew Johnston - Big Data Futures Outlook BCM
Matthew Johnston - Big Data Futures Outlook BCMHoi Lan Leong
 
Attention deficit hyperactivity disorder
Attention deficit hyperactivity disorderAttention deficit hyperactivity disorder
Attention deficit hyperactivity disorderjdeamicis14
 
Presente continuo
Presente continuoPresente continuo
Presente continuoChikiMafe
 
Lee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its Services
Lee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its ServicesLee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its Services
Lee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its ServicesHoi Lan Leong
 
Brightway Catalogue Russian
Brightway Catalogue RussianBrightway Catalogue Russian
Brightway Catalogue RussianAlice Xu
 
SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...
SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...
SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...Isabel Lizardi Vilá
 
Simon Thomas - Big Data: New Opportunity, New Risk
Simon Thomas - Big Data: New Opportunity, New RiskSimon Thomas - Big Data: New Opportunity, New Risk
Simon Thomas - Big Data: New Opportunity, New RiskHoi Lan Leong
 
Kwong Yuk Wah - NTUC Cloud Transformation Journey
Kwong Yuk Wah - NTUC Cloud Transformation JourneyKwong Yuk Wah - NTUC Cloud Transformation Journey
Kwong Yuk Wah - NTUC Cloud Transformation JourneyHoi Lan Leong
 

Viewers also liked (13)

Body images
Body imagesBody images
Body images
 
Map
MapMap
Map
 
Adam Chee - The Role of Big Data, BCM & Cloud in Healthcare
Adam Chee - The Role of Big Data, BCM & Cloud in HealthcareAdam Chee - The Role of Big Data, BCM & Cloud in Healthcare
Adam Chee - The Role of Big Data, BCM & Cloud in Healthcare
 
Preparacion sustrato
Preparacion sustratoPreparacion sustrato
Preparacion sustrato
 
Matthew Johnston - Big Data Futures Outlook BCM
Matthew Johnston - Big Data Futures Outlook BCMMatthew Johnston - Big Data Futures Outlook BCM
Matthew Johnston - Big Data Futures Outlook BCM
 
Attention deficit hyperactivity disorder
Attention deficit hyperactivity disorderAttention deficit hyperactivity disorder
Attention deficit hyperactivity disorder
 
Presente continuo
Presente continuoPresente continuo
Presente continuo
 
como utilizar goanimate
como utilizar goanimatecomo utilizar goanimate
como utilizar goanimate
 
Lee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its Services
Lee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its ServicesLee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its Services
Lee Kee Siang - How NLB Leverages on BCM, Cloud and Big Data for its Services
 
Brightway Catalogue Russian
Brightway Catalogue RussianBrightway Catalogue Russian
Brightway Catalogue Russian
 
SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...
SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...
SXSW Interactive Workshop PanelPicker "Paint, Plug & Play: Making a Touch Int...
 
Simon Thomas - Big Data: New Opportunity, New Risk
Simon Thomas - Big Data: New Opportunity, New RiskSimon Thomas - Big Data: New Opportunity, New Risk
Simon Thomas - Big Data: New Opportunity, New Risk
 
Kwong Yuk Wah - NTUC Cloud Transformation Journey
Kwong Yuk Wah - NTUC Cloud Transformation JourneyKwong Yuk Wah - NTUC Cloud Transformation Journey
Kwong Yuk Wah - NTUC Cloud Transformation Journey
 

Similar to Wong Tew Kiat - The Uncertainities

Most Significant Trends Impacting Global Supply Chain and Manufacturing Teams
Most Significant Trends Impacting Global Supply Chain and Manufacturing TeamsMost Significant Trends Impacting Global Supply Chain and Manufacturing Teams
Most Significant Trends Impacting Global Supply Chain and Manufacturing Teamsbobferrari823
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachProtected Harbor
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
Ubiwhere Research and Innovation Profile
Ubiwhere Research and Innovation ProfileUbiwhere Research and Innovation Profile
Ubiwhere Research and Innovation ProfileUbiwhere
 
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...360 BSI
 
Assessing Obsolescence
Assessing ObsolescenceAssessing Obsolescence
Assessing ObsolescenceCognizant
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
Guidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingGuidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingDavid Sweigert
 
Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxMuhammadAbdullah311866
 
Bml 303 past papers pack
Bml 303 past papers packBml 303 past papers pack
Bml 303 past papers packSan King
 
SOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessmentSOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessmentModu9
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement William McBorrough
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Priyanka Aash
 
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group Indigo Advisory Group
 
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...360 BSI
 
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...360 BSI
 
Asset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset ManagementAsset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset ManagementL&T Technology Services
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityEryk Budi Pratama
 

Similar to Wong Tew Kiat - The Uncertainities (20)

Most Significant Trends Impacting Global Supply Chain and Manufacturing Teams
Most Significant Trends Impacting Global Supply Chain and Manufacturing TeamsMost Significant Trends Impacting Global Supply Chain and Manufacturing Teams
Most Significant Trends Impacting Global Supply Chain and Manufacturing Teams
 
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive ApproachThe 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
The 7 Steps to Prevent IT-Caused Outages- A Comprehensive Approach
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Ubiwhere Research and Innovation Profile
Ubiwhere Research and Innovation ProfileUbiwhere Research and Innovation Profile
Ubiwhere Research and Innovation Profile
 
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala...
 
Assessing Obsolescence
Assessing ObsolescenceAssessing Obsolescence
Assessing Obsolescence
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
Guidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud ComputingGuidelines on Security and Privacy in Public Cloud Computing
Guidelines on Security and Privacy in Public Cloud Computing
 
Supply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptxSupply-Chain-Management-and-Cloud-Security.pptx
Supply-Chain-Management-and-Cloud-Security.pptx
 
Bml 303 past papers pack
Bml 303 past papers packBml 303 past papers pack
Bml 303 past papers pack
 
SOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessmentSOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessment
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
 
Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution Top learnings from evaluating and implementing a DLP Solution
Top learnings from evaluating and implementing a DLP Solution
 
Forecast odcau3 100_posttech
Forecast odcau3 100_posttechForecast odcau3 100_posttech
Forecast odcau3 100_posttech
 
Visió holística de la gestio de riscos de les TIC
Visió holística de la gestio de riscos de les TICVisió holística de la gestio de riscos de les TIC
Visió holística de la gestio de riscos de les TIC
 
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
UtiliGRIDMOD - Utility Grid Modernization - Indigo Advisory Group
 
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
Business Continuity & Disaster Recovery Planning, 30 November - 02 December 2...
 
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
Business Continuity & Disaster Recovery Planning 02 - 04 December 2013 Kuala ...
 
Asset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset ManagementAsset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset Management
 
Cybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber SecurityCybersecurity 101 - Auditing Cyber Security
Cybersecurity 101 - Auditing Cyber Security
 

Recently uploaded

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Sheetaleventcompany
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...lizamodels9
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Anamikakaur10
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceDamini Dixit
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 

Recently uploaded (20)

Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 

Wong Tew Kiat - The Uncertainities

  • 1. 31/10/2013 Prepared Always, Resilient Always Business Continuity Management The Uncertainties 25 October 2013 Wong Tew Kiat CBCP, MBCI, CITBCM(S), CITPM(S), COMIT(S), Fellow SCS Founder & Managing Director 2 31 October 2013 What is Business Continuity Management? 3 31 October 2013 1
  • 2. 31/10/2013 Business Continuity Management (BCM) Is a holistic management process that identifies potential threats to an organization and the impacts to business operations those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating ISO22301 4 31 October 2013 Business Continuity Management (BCM) Have we planned holistically? 5 31 October 2013 6 31 October 2013 Business As Usual 2
  • 3. 31/10/2013 Key Components & Activities Staff Sales, Marketing, Engineers, Technicians, Procurement, Finance, Delivery, Transportation IT Technologies Computer Systems, Emails, Internet, Sales Order Systems, Invoicing System, Procurement System, Data Centre and Network Communications Key Products Raw Materials Local suppliers, Overseas suppliers, mode of delivery, timeline delivery, Ability to delivery, Single Point of Failure Plants Machineries, electrical power, generators Warehouse Inventories, Stocks Transportation and Delivery Customers 7 31 October 2013 Key Components & Activities Staff Sales, Marketing, Engineers, Technicians, Procurement, Disrupted! Finance, Delivery, Transportation IT Technologies Computer Systems, Emails, Internet, Sales Order Systems, Invoicing System, Procurement System, Data Centre and Disrupted! Network Communications Raw Materials Local suppliers, Overseas suppliers, mode of delivery, timeline delivery, Ability to delivery Key Products Delivery ? Customer Satisfaction Disrupted! Plants Machineries, electrical power, generators ? Warehouse Inventories, Stocks Disrupted! Transportation and Delivery Customers 8 31 October 2013 Business Continuity Management (BCM) Have we analysed the risks and impacts thoroughly? 9 31 October 2013 3
  • 4. 31/10/2013 Disruptive Events? 8 Sep 2013 – Another 3 die of MERS virus in Saudi Arabia 15 Aug 2013 – H7N9 bird flu may be spread through human faeces 10 31 October 2013 Disruptive Events? H5N1 H1N1 SARS 11 31 October 2013 Disruptive Events? 18 Sep 2013 – Ceilings Collapsed 17 Aug 2013 – Fire twice in Shopping Mall 12 31 October 2013 4
  • 5. 31/10/2013 Disruptive Events? 16 & 18 July 2013 – Fire twice at Poly 13 31 October 2013 Disruptive Events? 9 Oct 2013 – Fire. 60,000 customers affected 16 Oct 2013 – banking services disrupted by "system connectivity issue” 16 Oct 2013 - disruption to its 3G services was related to a scheduled network upgrade. 14 31 October 2013 Disruptive Events? Technologies Risks? Old and End-of-Life Servers? Old Programming Languages? 15 Old and End-of-Life Network Cards and Equipment 31 October 2013 5
  • 6. 31/10/2013 Disruptive Events? Disruptions – Suppliers and Delivery (Supply Chains) Iceland’s disruptive volcano (2010) The volcanic ash had forced the cancellation of many flights and disrupted air traffic across northern Europe, stranding thousands of passengers. 311 Japan Earthquake (2011) Factories, buildings, etc destroyed. 16 31 October 2013 3 Components in an Organisation’s Business Continuity? ? Data Critical Centre / Infrastructures Businesses Full BCM IT Systems 17 31 October 2013 3 Key “Push Factors” for BCM 1. Monetary Authority of Singapore (MAS) – June 2003 | MAS BCM Guidelines – Oct 2004 | MAS Outsourcing Guidelines – June 2013 | Technology Risk Management Guide 18 31 October 2013 6
  • 7. 31/10/2013 3 Key “Push Factors” for BCM 2. ICT Resiliency | End 2012 ICT Equipment Resiliency IT Systems ICT Systems Resiliency Data Data Centre Resiliency Centre / Infrastructures 19 31 October 2013 3 Key “Push Factors” for BCM 3. Singapore Business Federation (SBF) – SS540 - 2008 | Business Continuity Management Standards – SS ISO22301 – Dec 2012 | BCM Systems Requirements SS540 was launched by then Deputy Prime Minister and Coordinating Minister for National Security – Prof Jayakumar on 7 Nov 2008 To enhance corporate resilience in Singapore, selected Government or public agencies will consider tenderers’ level of BCM-readiness as part of the procurement process. In longer term, we will look at moving towards preferring suppliers of essential services which are BCM ready during our procurements More than 100 Companies being BCM Certified in 2013 20 31 October 2013 Critical Businesses / Services 7 BCM Principles ? Critical Businesses 21 31 October 2013 7
  • 8. 31/10/2013 MAS BCM Guidelines | 2003 – 7 Principles Principle 1 – Board of Directors and Senior Management should be responsible for their Institution’s Business Continuity Management Principle 2 – Institutions should embed Business Continuity Management into their Business-as-usual operations, incorporating sound practices Principle 3 – Institutions should test their Business Continuity Plan regularly, and meaningfully Principle 4 – Institutions should develop Recovery Strategies and set recovery time objectives for critical business functions Principle 5 – Institutions should understand and appropriately mitigate interdependency risk of critical business functions Critical Businesses Principle 6 – Institutions should plan for wide-area disruption Principle 7 – Institutions should practise a separation policy to mitigate concentration risk of critical business functions 22 31 October 2013 MAS Outsourcing Guidelines | 2004 Clause 4 – Legal and Regulatory Obligations An institution has to take steps to ensure that the service provider employs a high standard of care in performing the service as if the activity were not outsourced and conducted within the institution Clause 5 – Material outsourcing An institution should undertake periodic reviews of its outsourcing arrangements to identify new material outsourcing risks as they arise Clause 6 – Risk Management Practices Role of the Board and Senior Management Evaluation of Risks Capability of Service Providers Outsourcing Agreement Confidentiality and Security Business Continuity Management Monitoring and Control of Outsourced Activities Audit and Inspection Outsourcing outside Singapore/within a Group Outsourcing of Internal Audit to External Auditors 23 Critical Businesses 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 3 – Oversight of Technology Risks by Board of Directors and Senior Management Clause 4 – Technology Risk Management Framework Clause 5 – Management of IT Outsourcing Risks Clause 6 – Acquisition and Development of Information Systems Clause 7 – IT Service Management IT Systems Clause 8 – Systems Reliability, Availability and Recoverability Clause 9 – Operational Infrastructure Security Management Clause 10 – Data Centres Protection and Controls Data Centre / Infrastructures Clause 11 – Access Control Clause 12 – Online Financial Services Clause 13 – Payment Card Security (ATM, Credit and Debit Cards Clause 14 – IT Audit 24 31 October 2013 8
  • 9. 31/10/2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 4 – Technology Risk Management Framework Risk Assessment Risk Identification Risk Treatment IT Systems Risk Monitoring & Reporting Data Centre / Infrastructures Risk identification entails the determination of the threats and vulnerabilities to the FI’s IT environment which comprises the internal and external networks, hardware, 25 software, applications, systems interfaces, operations and human elements. 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 8 – Systems Reliability, Availability and Recoverability Disaster Recovery Plan Systems Availability System availability are: • Adequate capacity • Reliable performance • Fast response time • Scalability • Swift Recovery Capability DR Plan: • Various contingency scenario • Major system outages • Total incapacitation of primary DC • Recovery Priorities, RTO, RPO Disaster Recovery Testing DR Testing: • No impromptu and untested procedure • Test and validate annually • Test total shutdown or incapacitation of primary DC Data Backup Management Data Backup Strategy: • Direct-Attached Storage (DAS) • NAS • SAN • Testing & Validation • Encrypt backup media IT Systems 26 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 9 – Operational Infrastructure Security Management Data Loss Protection • • • • Internal Sabotage Clandestine espionage Furtive attacks by trusted staff, contractors and vendors Data Loss prevention strategy Networks & Security Config Mgt Technology Refresh Mgt • • Up-to-date inventory of software and hardware End-of-support • Consistent security settings Regular enforcement checks Anti-virus to servers Network security devices • • • Vulnerability Assessment & Penetration Testing • • Identify, assess and discover security vulnerabilities Conduct in-depth evaluation of the security posture of system IT Systems 27 31 October 2013 9
  • 10. 31/10/2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 10 – Data Centre Protection and Controls Threat Vulnerability Risk Assessment • • • • Security threats Operational weaknesses in DC DC’s perimeter and surrounding environment Access Controls Data Centre Resiliency Physical Security • • • • Control of access Secure and monitor Security Systems Surveillance tools • • • Redundancy Fault Tolerance – electrical power, air conditioning, fire suppression and data communications Backup power Data Centre / Infrastructures 28 31 October 2013 MAS TRM Guidelines| 2013 (Technology Risk Management) Clause 10.0.1 - As FIs’ critical systems, applications, network devices and data are concentrated and maintained in the data centre (DC), it is important that the data centre is resilient (?) and physically secured (?) from internal (?)and external threats (?). o o o o Resilient – Tier Classification? Which Tier? Physically secured – TVRA? Internal Threats – Human process, overload, etc? External Threats – Power outage, dip, lightning, flood, etc? Data Note: Information from MAS Technology Risk Management Guidelines Centre / Infrastructures 29 31 October 2013 Data Centres Protection and Controls (UPS Battery Monitoring System) Providing a window to the battery with continuous, accurate monitoring and alarm notification Ensuring Resiliency Note: Information from Eaton Battery Monitoring System 30 31 October 2013 10
  • 11. 31/10/2013 Fundamentals of Power Infrastructures Uninterrupted Power Supply (UPS), batteries and capacitors o Batteries are always either in a state of charge or recharge o Once battery begins to discharge its electricity, the voltage drops and the battery will need to be charged o Battery autonomy – normally 15-30 minutes o Batteries may have 5-year life span, depending on its manufacturing specification o Capacitors – life span can be 1, 5 or 10 years depending on design What is the impact if they are not replaced? Data Centre / Infrastructures 31 31 October 2013 Fundamentals of Power Infrastructures Sample Line Diagram on power infrastructure Primary Power Panel Transformer Automatic Transfer Switch NonCritical Loads Diesel Generator Critical Loads bypass Data Centre / Infrastructures UPS System PDU IT Servers 32 31 October 2013 Fundamentals of Power Infrastructures LT Data MSB1 MBS2 MBS3 UPS Main Circuit Breaker MCCB ELR MCB Load ELCB RCCB Earth Leakage Relay Centre / Infrastructures MBS4 Moulded Case Circuit Breaker Leakage Miniature Circuit Breaker Server 33 Earth Leakage Circuit Breaker 31 October 2013 11
  • 12. 31/10/2013 Data Centre Risks – Risk Monitoring and Reporting Changes in IT environment and delivery channels, risk parameters may change Risk Monitoring & Reporting Periodic assessment of utilization on power usage, temperature & humidity reading, End-of-Life equipment, etc. At least a monthly or quarterly review Data Centre / Infrastructures 34 31 October 2013 Flu Pandemic Business Continuity Guides - 2006 Disease Outbreak Response System Condition (DORSCON) Alert Green Level 0 Public health threat to Singapore is low, no novel influenza virus outbreaks anywhere in the world Alert Green Level 1 Global concern with isolated animal-to-human transmission Alert Yellow Inefficient human-to-human transmission outside Singapore. The risk of important into Singapore is elevated. Where there are isolated imported cases, such cases have not resulted in sustained transmission locally Alert Orange Globally and / or locally, larger cluster(s) but human-to-human spread is still localized suggesting that virus is becoming increasingly better adapted to humans but may not yet be fully transmissible Alert Red Situation where there is a pronounced risk of acquiring the disease from the community. There is an increasing trend of mortality and morbidity rates among affect cases. The healthcare system is likely to be overwhelmed Alert black Morbidity and mortality rates are exceeding high, and emergency measures are needed to bring situation under control. Healthcare and other social support systems are overwhelmed by the pandemic. Critical Businesses 35 31 October 2013 Business Continuity Management - Framework Business Continuity Management Business Impact Analysis Business Impact Analysis Programme Management Continuity Strategy Business Continuity Procedures Business Continuity Test & Exercise Data Critical Businesses + IT Systems + 36 Centre / Infrastructures = Full BCM 31 October 2013 12
  • 13. 31/10/2013 Empowering Your Organization with. . . .. 37 31 October 2013 Empowering Your Organization with. . . .. BCM Guidelines Data Centre Standards Risk Assessments MAS BCM Guidelines MAS Outsourcing Guidelines MAS Technology Risk Management Walk-around Awareness & Trainings Identify ISO22301 BCMS Requirements IS22313 BCMS Guidelines Business Continuity Mgt Assess ICT Resiliency Mitigate Data Centre Control and Monitor TIA-942 Uptime Institute IT Technologies Internal Auditor 38 31 October 2013 Uncertainties “Seeing is Believing”…. See to Assess, Not Ask to Assess 1. Walk-around 2. Identify (See) 3. Assess 4. Mitigate Risks in….. Data Centre Risks: Power Overloading Hot Spots High Temperatures End-of-Life UPS Batteries / Capacitors Turn your nightmares into sweet dreams instead. (Even before it happens!) Technology Risks: End-of-Life – Servers, Software and Network Equipment Source Code Escrow Critical Services Process Risk Environment Risk Operating Risk “Certainties” 39 31 October 2013 13
  • 14. 31/10/2013 Peace of Mind Resilience Turn your nightmares into sweet dreams instead. (Even before it happens!) 40 31 October 2013 3 Components in an Organisation’s Business Continuity Data Critical Centre / Infrastructures Businesses Full BCM IT Systems 41 31 October 2013 Expect the Unexpected • Murphy’s Law – “Anything that can go wrong will go wrong” • John Wooden – 1910 – “Failure to prepare is preparing to fail.” • Chinese Proverb – 不怕 一 万 , 只怕 万 一 42 31 October 2013 14
  • 15. 31/10/2013 Coming….. 11 – 14 Nov 2013 43 31 October 2013 Coming….. 19 – 20 Nov 2013 44 31 October 2013 Thank You Wong Tew Kiat CBCP, MBCI, CITBCM(S), CITPM(S), COMIT(S), Fellow SCS Founder & Managing Director Organisation Resilience Management Pte Ltd M +65 98585127 E + wongtk@ormgt.com.sg W + www.ormgt.com.sg 45 31 October 2013 15