SlideShare a Scribd company logo

BIFM Risk Management Event 8th September 2016

Whitbags
Whitbags

BIFM North Key Learning Event at BAE Systems, Warton on Risk Management within FM

Business
1 of 48
Download to read offline
BIFM North Region: “Risk Management in FM” Mark Whittaker Deputy Chair, BIFM North
2 | 2016 Key Learning Event – Risk Management in FM
3 | 2016 Key Learning Event – Risk Management in FM Welcome & Thanks
4 | 2016 Key Learning Event – Risk Management in FM Future Events: Workplaces: Fit for purpose?
Today’s Event
6 | 2016 Key Learning Event – Risk Management in FM Risk Management in FM?
7 | 2016 Key Learning Event – Risk Management in FM Introduction to today’s speakers
Business Resilience The Role of Facilities Management A Case Study Financial Products Trading Organisation Pre- IPO
What is Business Resilience? • A framework of capabilities, enabling resources and information resources designed to establish & support the identified priorities & strategies • An organisation and programme to ensure that resources and capabilities continue to be fit for purpose • A joined up process for risk, compliance and operational continuity that produces actionable intelligence
What we needed • Transparent & auditable • Easy to operate • Enterprise wide • Finger on the pulse
How we………. • Prioritised • Designed • Managed . < Business Resilience > Protect Incident Management / Business Continuity / Recovery Specific actions for specific threats and regulatory requirements • Fire, flood, terrorism, vandalism, utilities, IT systems failure, cyber attack Overarching contingency arrangements for loss of availability specific assets • Workplace • Access to information & systems • People
The Big Picture………. • Objectives • Strategy • Tactics . • What do we get paid to do? • If we were prevented from doing it – what kind of reputational, contractual, regulatory and financial exposure would be created? • What can we do to protect ourselves? • What if our protective measures were overwhelmed? • Set the strategy for supporting resources by understanding priorities
Focus………. • Customer “touch points” • Regulations . Workplace Information Systems Materials & Equipment Supply Chain
Overarching Strategies for Resilience • Information Systems • Workplace • Critical environments • Regulatory compliance (Fire Risk, H & S) • Workplace protection (utilities, flood, terrorism) • Workforce flexibility • Access to information systems • Workforce mobility Threat Protect Detect Respond Contingency (BCP) Assure Power Water Terrorism Flood/Escape of Water Regulatory compliance Vandalism
Workplace Resilience Framework • PPM Schedule for regulatory obligations and general workplace resilience • Special focus on critical environments – Establish capability – Verify capability • Documented strategy
PPM Schedule
Critical Environments Where IT systems meet the physical world • UPS – Server Room – Comms room(s) – Trading Desks • Environmental monitoring & sensor equipment • “out of bounds” alerting • Two stage work area recovery
Critical Environments Need TLC !! • Moves, adds & changes – People – Equipment • Factor into change management • Audit your UPS
Critical Environments Need TLC !!
Business Continuity (for the FM) • Incident Management – Evacuation Management – Emergency Services liaison (building plans) • Recovery & Restoration – Workplace impact assessment – Relocation logistics – Repair, restoration & relocation – Contractor management
Joined up Resilience Management……. Priorities for Resilience Risk, Compliance & PPM Critical Environment Strategies “out of bounds” alerts Business Continuity Arrangements
Key Messages • Workplace a key factor in business resilience resilience – even in the digital world • Change erodes relevance – audit & test regularly • Purpose built, sustainable management systems
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Mike Gillespie BIFM – Risk Management in FM event Cyber Security Risk in FM
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y agenda • Introductions • When we say ‘cyber’… • Cyber in FM • Security and Cyber • Cyber and Health & Safety • Collaboration and Governance • Threat Landscape • Corporate Risk & Risk Management • Collaboration & Governance • Culture • Questions
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Introductions Mike Gillespie • Founder and MD of Advent IM Ltd • Director of Cyber Strategy & Research for The Security Institute • Member of the CSCSS Global • Industry commentator and speaker
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y When we say ‘cyber’… • The language is welcoming and intuitive • The parameters are clearly defined • Its easy to collaborate across disciplines to get best overall outcome • We understand the interconnected nature of our lives • We take appropriate steps to ensure our resilience and security • We constantly learn about new threats • We have a risk-based approach to our organisation as an entity • IT does security
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y When we say ‘cyber’…. • Your fridge • Your TV • Your car • Your train • Your medical aid • Your aircon • Your fire and life systems • O and your corporate network
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Threat convergence Some images courtesy of mapichai at FreeDigitalPhotos.net physical cyber work home Many Cyber Attacks are only made possible because of Physical vulnerabilities. Many Physical Attacks are only made possible because of Cyber vulnerabilities. We need to cover ALL of our bases…
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y The Internet of Things WWW “With a quadrillion sensors embedded in the environment—all connected by computing systems, software and services—it will be possible to hear the heartbeat of the Earth; impacting human interaction with the globe as profoundly as the Internet has revolutionised communications” Peter Hartwell, senior researcher at HP Labs
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Cybersecurity in Facility Management • FM systems • BMS • Security management • Fire and Life • Aircon and climate control
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Security and Cyber • Physical security systems • Networked management • Collaboration between Security disciplines • Language challenges • ‘Cyber’ is not always intuitive • Maintaining securely • Anti-malware • Change management • Security updates Image courtesy of Stuart Miles at FreeDigitalPhotos.net
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Cyber and Health & Safety • German steel Mill • Polish tram system • Stuxnet • Jeep hack (x2) • S. Korean Nuclear plant
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Why this all matters - Security Landscape places informationpeople technology terror sabotage subversion Organised crime espionage chemical biological radiological nuclear cyber
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Corporate Risk and Risk Appetite • Management not avoidance • Feeding into corporate risk agendas and registers • Understanding Risk appetite to enable • Agility • Secure growth • Confident collaboration • Resilient supply chains • Holistic understanding of Threat and Risk • These things do not work in isolation
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Cyber risk management is not cyber risk avoidance • Agile business environments – global market place • Complex supply chains • Security doesn’t arbitrarily say, no. • Risk appetite • Increasing efficiency and safety of employees as well as quality of work environment Some images courtesy: Boaz Yiftach at FreeDigitalPhotos.net Can we? No, of course not.
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Risk, Risk Appetite and Risk Tolerance
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Collaboration and Governance • Understanding Threat and Risk – “What do I need to do?” Not “what have I always done?”. • Who do we need to have on-board to get this Risk properly mitigated? • Is there senior leadership in place? • Have we got a framework in place to keep ahead of the game? • Do we have a clear understanding of accountability and of devolved responsibility? • Does all of this support and enable business? picture courtesy of winnond at freedigitialphots.net
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Culture • Leadership • Governance • Best practice • Do as I say not as I do? • A fish rots from the head, down…
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y C-suite culture Business management Business practices Good quality security behaviour Risky security behaviour
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y “Culture eats strategy for breakfast!” Peter Drucker What our policy says What we actually do The culture gap
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y “Culture eats strategy for breakfast!” 80% 20% Source Ponemon 2014 ‘Exposing CyberSecurity Cracks” 80% of respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue, despite Ponemon Institute research indicating the average cost of an organizational data breach is $5.4 million. Culture comes from the top...
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y 79% Use private, non- commercial email accounts ( eg. Gmail, Yahoo et al) to send board documents 2013 and 2014 Board Governance report from Thomson Reuters found a worrying lack of security understanding in the Boardroom… 68% Never use a dedicated and exclusive email account that was specifically set up to receive board communications 47% Never encrypt this sensitive and confidential Board information …of their own sensitive and critical information in Board Reports. 2013 Never or rarely encrypt this sensitive and confidential Board information 2014 60% 2013 51% Never use a dedicated and exclusive email account that was specifically set up to receive board communications 2014 Data Source: Thomson Reuters Board Governance Report. Some images courtesy of freedigitalphotos.net
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y 55% 33% 34% 33% Yes No Dunno 56% 2013 2014 2013 40% 60% Yes No/Dunno 2014 “Are you confident Board members destroy all printed and emailed documentation inline with your document retention policy?” Print and carry sensitive Board documents Data Source: Thomson Reuters Board Governance Report. Some images courtesy of freedigitalphotos.net
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Data Source: Thomson Reuters Board Governance Report. Some images courtesy of freedigitalphotos.net One in ten had a board member who had a computing devices either stolen or lost 65% store board communications on mobile devices such as ipads and laptops 2014 Cyber Security information is the least requested information by the board...only 32% requesting… 2014
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y • Can you picture a board meeting in progress without any representation from Finance or HR? • We know there are huge cost implications of a breach but some organisations have NO cyber/information security representation in the Boardroom. • Only 5% of organisation have a Chief Risk Officer and the majority of organisations (56%) align the Information Security with their IT policy and not with their Risk Appetite (38%). More on culture….
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y In summary • Cyber space offers serious risk to FM and Security systems • Collaboration is king • Leadership is catching up but needs to get far more involved • Cultural change is hard but it’s the only way to make a real difference • We are only ever going to have more IP enabled kit, not less. Lets get on top of it right now.
©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Questions advent-im.co.uk

Recommended

Risky Business
Risky BusinessRisky Business
Risky Business
Michael Scheidell
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015
Dale Butler
 
MECSCE 2015 - Brochure
MECSCE 2015 - BrochureMECSCE 2015 - Brochure
MECSCE 2015 - Brochure
ME Cyber Security Oman
 
Mind the gap
Mind the gapMind the gap
Mind the gap
Roger Hagedorn
 
Titas Global Ltd
Titas Global LtdTitas Global Ltd
Titas Global Ltd
Andrew Newcombe
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
Roger Hagedorn
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
E 060 oil gas cyber security north america
E 060 oil gas cyber security north americaE 060 oil gas cyber security north america
E 060 oil gas cyber security north america
Alia Malick
 

Recommended

Risky Business
Risky BusinessRisky Business
Risky Business
Michael Scheidell
 
SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015SMi Group's 5th annual Oil & Gas Cyber Security 2015
SMi Group's 5th annual Oil & Gas Cyber Security 2015
Dale Butler
 
MECSCE 2015 - Brochure
MECSCE 2015 - BrochureMECSCE 2015 - Brochure
MECSCE 2015 - Brochure
ME Cyber Security Oman
 
Mind the gap
Mind the gapMind the gap
Mind the gap
Roger Hagedorn
 
Titas Global Ltd
Titas Global LtdTitas Global Ltd
Titas Global Ltd
Andrew Newcombe
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
Roger Hagedorn
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
Roger Hagedorn
 
E 060 oil gas cyber security north america
E 060 oil gas cyber security north americaE 060 oil gas cyber security north america
E 060 oil gas cyber security north america
Alia Malick
 
infosecurity-professional-magazine-mar-april-2015
infosecurity-professional-magazine-mar-april-2015infosecurity-professional-magazine-mar-april-2015
infosecurity-professional-magazine-mar-april-2015
Niamh Vianney Muldoon
 
Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovation
JoAnna Cheshire
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Jason Luttrell, CISSP, CISM
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Ulf Mattsson
 
Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0
Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0
Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0
Australian Institute of Health & Safety
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
Christophe Németh (CISSP / CISM)
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
Ethisphere
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
Sarah Clarke
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
Darren Argyle
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Ethisphere
 
Adp global security trust the platform for business innovation
Adp global security trust the platform for business innovationAdp global security trust the platform for business innovation
Adp global security trust the platform for business innovation
Nathan Gazzard
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
Evan Francen
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North America
Dale Butler
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
EY
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
Art Ocain
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
Citrin Cooperman
 
IQ4 Final Presentation (1)
IQ4 Final Presentation (1)IQ4 Final Presentation (1)
IQ4 Final Presentation (1)
Chathura Wickramage
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
Evan Francen
 

More Related Content

What's hot

infosecurity-professional-magazine-mar-april-2015
infosecurity-professional-magazine-mar-april-2015infosecurity-professional-magazine-mar-april-2015
infosecurity-professional-magazine-mar-april-2015
Niamh Vianney Muldoon
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
Jason Luttrell, CISSP, CISM
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
Darren Argyle
 
Adp global security trust the platform for business innovation
Adp global security trust the platform for business innovationAdp global security trust the platform for business innovation
Adp global security trust the platform for business innovation
Nathan Gazzard
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
Symantec
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
Citrin Cooperman
 

What's hot (19)

infosecurity-professional-magazine-mar-april-2015
infosecurity-professional-magazine-mar-april-2015infosecurity-professional-magazine-mar-april-2015
infosecurity-professional-magazine-mar-april-2015
 
Technology leadership driving business innovation
Technology leadership driving business innovationTechnology leadership driving business innovation
Technology leadership driving business innovation
 
Aaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & DefenseAaron Higbee - The Humanity of Phishing Attack & Defense
Aaron Higbee - The Humanity of Phishing Attack & Defense
 
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsLearning from Verizon 2017 Data Breach Investigations Report – The New Targets
Learning from Verizon 2017 Data Breach Investigations Report – The New Targets
 
Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0
Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0
Maureen Hassell The Future of risk - Learning from COVID 19 and Industry 4.0
 
Infosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.pptInfosec russia cnemeth_v1.2.ppt
Infosec russia cnemeth_v1.2.ppt
 
Reputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to CareReputation Risk: Why Companies Need to Care
Reputation Risk: Why Companies Need to Care
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Shift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber ResilienceShift Toward Dynamic Cyber Resilience
Shift Toward Dynamic Cyber Resilience
 
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation HarmCorporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
 
Adp global security trust the platform for business innovation
Adp global security trust the platform for business innovationAdp global security trust the platform for business innovation
Adp global security trust the platform for business innovation
 
A Manifesto for Cyber Resilience
A Manifesto for Cyber ResilienceA Manifesto for Cyber Resilience
A Manifesto for Cyber Resilience
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
SMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North AmericaSMi Group's Oil and Gas Cyber Security North America
SMi Group's Oil and Gas Cyber Security North America
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
 
IQ4 Final Presentation (1)
IQ4 Final Presentation (1)IQ4 Final Presentation (1)
IQ4 Final Presentation (1)
 

Similar to BIFM Risk Management Event 8th September 2016

IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Tudor Damian
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
Tommy Riggins
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
John Palfreyman
 
BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"
ChristiAKannapel
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
Ray Bugg
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 

Similar to BIFM Risk Management Event 8th September 2016 (20)

IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Cyber Security for the Employee - AFP Annual Conference 2016
Cyber Security for the Employee - AFP Annual Conference 2016Cyber Security for the Employee - AFP Annual Conference 2016
Cyber Security for the Employee - AFP Annual Conference 2016
 
Risk Management Insights in a World Gone Mad
Risk Management Insights in a World Gone MadRisk Management Insights in a World Gone Mad
Risk Management Insights in a World Gone Mad
 
Continuing Education Conferance
Continuing Education ConferanceContinuing Education Conferance
Continuing Education Conferance
 
Mike Gillespie - The Internet of Everything
Mike Gillespie - The Internet of Everything Mike Gillespie - The Internet of Everything
Mike Gillespie - The Internet of Everything
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Looking Ahead: Predictions for 2016 and Beyond
Looking Ahead: Predictions for 2016 and BeyondLooking Ahead: Predictions for 2016 and Beyond
Looking Ahead: Predictions for 2016 and Beyond
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"BIS "Is Your Company at Risk for a Security Breach?"
BIS "Is Your Company at Risk for a Security Breach?"
 
Scot Secure 2017
Scot Secure 2017Scot Secure 2017
Scot Secure 2017
 
Cyber Job Fair Job Seeker Handbook April 19, 2018, San Antonio
Cyber Job Fair Job Seeker Handbook April 19, 2018, San AntonioCyber Job Fair Job Seeker Handbook April 19, 2018, San Antonio
Cyber Job Fair Job Seeker Handbook April 19, 2018, San Antonio
 
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
Embracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptxEmbracing the Risk and Opportunity of AI & Cloud.pptx
Embracing the Risk and Opportunity of AI & Cloud.pptx
 
Managing Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial InstitutionsManaging Corporate Information Security Risk in Financial Institutions
Managing Corporate Information Security Risk in Financial Institutions
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Gestión de Riesgos y Control Interno en el Sector Público
Gestión de Riesgos y Control Interno en el Sector PúblicoGestión de Riesgos y Control Interno en el Sector Público
Gestión de Riesgos y Control Interno en el Sector Público
 

More from Whitbags

BIFM Merseyside Group "Sustainability Seminar"
BIFM Merseyside Group "Sustainability Seminar"BIFM Merseyside Group "Sustainability Seminar"
BIFM Merseyside Group "Sustainability Seminar"
Whitbags
 

More from Whitbags (20)

BIFM North Region: Smarter Workplaces Seminar, April 2018
BIFM North Region: Smarter Workplaces Seminar, April 2018BIFM North Region: Smarter Workplaces Seminar, April 2018
BIFM North Region: Smarter Workplaces Seminar, April 2018
 
BIFM Merseyside Event November 2017
BIFM Merseyside Event November 2017BIFM Merseyside Event November 2017
BIFM Merseyside Event November 2017
 
"Facilities Management: Past, Present & Future"
"Facilities Management: Past, Present & Future""Facilities Management: Past, Present & Future"
"Facilities Management: Past, Present & Future"
 
BIFM North Region "Asset Management" seminar, June 2017
BIFM North Region "Asset Management" seminar, June 2017BIFM North Region "Asset Management" seminar, June 2017
BIFM North Region "Asset Management" seminar, June 2017
 
"Using social media to enhance your personal brand"
"Using social media to enhance your personal brand""Using social media to enhance your personal brand"
"Using social media to enhance your personal brand"
 
BIFM Lancashire Group: The Criticality of Compliance
BIFM Lancashire Group: The Criticality of ComplianceBIFM Lancashire Group: The Criticality of Compliance
BIFM Lancashire Group: The Criticality of Compliance
 
BIFM North Region "Evolving Workplaces"
BIFM North Region "Evolving Workplaces"BIFM North Region "Evolving Workplaces"
BIFM North Region "Evolving Workplaces"
 
BIFM North Region "Afternoon Tea Event"
BIFM North Region "Afternoon Tea Event"BIFM North Region "Afternoon Tea Event"
BIFM North Region "Afternoon Tea Event"
 
BIFM North Sustainability Seminar 2016
BIFM North Sustainability Seminar 2016BIFM North Sustainability Seminar 2016
BIFM North Sustainability Seminar 2016
 
BIFM Merseyside Seminar 25 May 2016
BIFM Merseyside Seminar 25 May 2016BIFM Merseyside Seminar 25 May 2016
BIFM Merseyside Seminar 25 May 2016
 
BIFM North "Counter Terrorism" Seminar
BIFM North "Counter Terrorism" SeminarBIFM North "Counter Terrorism" Seminar
BIFM North "Counter Terrorism" Seminar
 
BIFM North Key Learning Event 18 November 2015
BIFM North Key Learning Event 18 November 2015BIFM North Key Learning Event 18 November 2015
BIFM North Key Learning Event 18 November 2015
 
BIFM North Region Key Learning Event - BIM & Soft Landings
BIFM North Region Key Learning Event - BIM & Soft LandingsBIFM North Region Key Learning Event - BIM & Soft Landings
BIFM North Region Key Learning Event - BIM & Soft Landings
 
BIFM Merseyside Group "Sustainability Seminar"
BIFM Merseyside Group "Sustainability Seminar"BIFM Merseyside Group "Sustainability Seminar"
BIFM Merseyside Group "Sustainability Seminar"
 
BIFM Event at the University of Bolton 25 June 2015
BIFM Event at the University of Bolton 25 June 2015BIFM Event at the University of Bolton 25 June 2015
BIFM Event at the University of Bolton 25 June 2015
 
My presentation to ThinkBIM Seminar in Leeds on 3 June 2015
My presentation to ThinkBIM Seminar in Leeds on 3 June 2015My presentation to ThinkBIM Seminar in Leeds on 3 June 2015
My presentation to ThinkBIM Seminar in Leeds on 3 June 2015
 
BIFM North Key Learning Event 3 14 May 2015
BIFM North Key Learning Event 3 14 May 2015BIFM North Key Learning Event 3 14 May 2015
BIFM North Key Learning Event 3 14 May 2015
 
BIFM North Region 2015 Key Learning Event 2
BIFM North Region 2015 Key Learning Event 2BIFM North Region 2015 Key Learning Event 2
BIFM North Region 2015 Key Learning Event 2
 
BIFM North Region Event January 2015
BIFM North Region Event January 2015BIFM North Region Event January 2015
BIFM North Region Event January 2015
 
BIFM North Key Learning Event - BAE Systems
BIFM North Key Learning Event - BAE SystemsBIFM North Key Learning Event - BAE Systems
BIFM North Key Learning Event - BAE Systems
 

Recently uploaded

Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 

Recently uploaded (20)

Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
Lundin Gold - Q1 2024 Conference Call Presentation (Revised)
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLWhitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
Whitefield CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 

BIFM Risk Management Event 8th September 2016

  • 1. BIFM North Region: “Risk Management in FM” Mark Whittaker Deputy Chair, BIFM North
  • 2. 2 | 2016 Key Learning Event – Risk Management in FM
  • 3. 3 | 2016 Key Learning Event – Risk Management in FM Welcome & Thanks
  • 4. 4 | 2016 Key Learning Event – Risk Management in FM Future Events: Workplaces: Fit for purpose?
  • 6. 6 | 2016 Key Learning Event – Risk Management in FM Risk Management in FM?
  • 7. 7 | 2016 Key Learning Event – Risk Management in FM Introduction to today’s speakers
  • 8. Business Resilience The Role of Facilities Management A Case Study Financial Products Trading Organisation Pre- IPO
  • 9. What is Business Resilience? • A framework of capabilities, enabling resources and information resources designed to establish & support the identified priorities & strategies • An organisation and programme to ensure that resources and capabilities continue to be fit for purpose • A joined up process for risk, compliance and operational continuity that produces actionable intelligence
  • 10. What we needed • Transparent & auditable • Easy to operate • Enterprise wide • Finger on the pulse
  • 11.
  • 12. How we………. • Prioritised • Designed • Managed . < Business Resilience > Protect Incident Management / Business Continuity / Recovery Specific actions for specific threats and regulatory requirements • Fire, flood, terrorism, vandalism, utilities, IT systems failure, cyber attack Overarching contingency arrangements for loss of availability specific assets • Workplace • Access to information & systems • People
  • 13. The Big Picture………. • Objectives • Strategy • Tactics . • What do we get paid to do? • If we were prevented from doing it – what kind of reputational, contractual, regulatory and financial exposure would be created? • What can we do to protect ourselves? • What if our protective measures were overwhelmed? • Set the strategy for supporting resources by understanding priorities
  • 14. Focus………. • Customer “touch points” • Regulations . Workplace Information Systems Materials & Equipment Supply Chain
  • 15. Overarching Strategies for Resilience • Information Systems • Workplace • Critical environments • Regulatory compliance (Fire Risk, H & S) • Workplace protection (utilities, flood, terrorism) • Workforce flexibility • Access to information systems • Workforce mobility Threat Protect Detect Respond Contingency (BCP) Assure Power Water Terrorism Flood/Escape of Water Regulatory compliance Vandalism
  • 16. Workplace Resilience Framework • PPM Schedule for regulatory obligations and general workplace resilience • Special focus on critical environments – Establish capability – Verify capability • Documented strategy
  • 18. Critical Environments Where IT systems meet the physical world • UPS – Server Room – Comms room(s) – Trading Desks • Environmental monitoring & sensor equipment • “out of bounds” alerting • Two stage work area recovery
  • 19. Critical Environments Need TLC !! • Moves, adds & changes – People – Equipment • Factor into change management • Audit your UPS
  • 21. Business Continuity (for the FM) • Incident Management – Evacuation Management – Emergency Services liaison (building plans) • Recovery & Restoration – Workplace impact assessment – Relocation logistics – Repair, restoration & relocation – Contractor management
  • 22. Joined up Resilience Management……. Priorities for Resilience Risk, Compliance & PPM Critical Environment Strategies “out of bounds” alerts Business Continuity Arrangements
  • 23. Key Messages • Workplace a key factor in business resilience resilience – even in the digital world • Change erodes relevance – audit & test regularly • Purpose built, sustainable management systems
  • 24. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Mike Gillespie BIFM – Risk Management in FM event Cyber Security Risk in FM
  • 25. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y agenda • Introductions • When we say ‘cyber’… • Cyber in FM • Security and Cyber • Cyber and Health & Safety • Collaboration and Governance • Threat Landscape • Corporate Risk & Risk Management • Collaboration & Governance • Culture • Questions
  • 26. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Introductions Mike Gillespie • Founder and MD of Advent IM Ltd • Director of Cyber Strategy & Research for The Security Institute • Member of the CSCSS Global • Industry commentator and speaker
  • 27. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y When we say ‘cyber’… • The language is welcoming and intuitive • The parameters are clearly defined • Its easy to collaborate across disciplines to get best overall outcome • We understand the interconnected nature of our lives • We take appropriate steps to ensure our resilience and security • We constantly learn about new threats • We have a risk-based approach to our organisation as an entity • IT does security
  • 28. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y When we say ‘cyber’…. • Your fridge • Your TV • Your car • Your train • Your medical aid • Your aircon • Your fire and life systems • O and your corporate network
  • 29. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Threat convergence Some images courtesy of mapichai at FreeDigitalPhotos.net physical cyber work home Many Cyber Attacks are only made possible because of Physical vulnerabilities. Many Physical Attacks are only made possible because of Cyber vulnerabilities. We need to cover ALL of our bases…
  • 30. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y The Internet of Things WWW “With a quadrillion sensors embedded in the environment—all connected by computing systems, software and services—it will be possible to hear the heartbeat of the Earth; impacting human interaction with the globe as profoundly as the Internet has revolutionised communications” Peter Hartwell, senior researcher at HP Labs
  • 31. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Cybersecurity in Facility Management • FM systems • BMS • Security management • Fire and Life • Aircon and climate control
  • 32. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Security and Cyber • Physical security systems • Networked management • Collaboration between Security disciplines • Language challenges • ‘Cyber’ is not always intuitive • Maintaining securely • Anti-malware • Change management • Security updates Image courtesy of Stuart Miles at FreeDigitalPhotos.net
  • 33. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Cyber and Health & Safety • German steel Mill • Polish tram system • Stuxnet • Jeep hack (x2) • S. Korean Nuclear plant
  • 34. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Why this all matters - Security Landscape places informationpeople technology terror sabotage subversion Organised crime espionage chemical biological radiological nuclear cyber
  • 35. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Corporate Risk and Risk Appetite • Management not avoidance • Feeding into corporate risk agendas and registers • Understanding Risk appetite to enable • Agility • Secure growth • Confident collaboration • Resilient supply chains • Holistic understanding of Threat and Risk • These things do not work in isolation
  • 36. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Cyber risk management is not cyber risk avoidance • Agile business environments – global market place • Complex supply chains • Security doesn’t arbitrarily say, no. • Risk appetite • Increasing efficiency and safety of employees as well as quality of work environment Some images courtesy: Boaz Yiftach at FreeDigitalPhotos.net Can we? No, of course not.
  • 37. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Risk, Risk Appetite and Risk Tolerance
  • 38. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Collaboration and Governance • Understanding Threat and Risk – “What do I need to do?” Not “what have I always done?”. • Who do we need to have on-board to get this Risk properly mitigated? • Is there senior leadership in place? • Have we got a framework in place to keep ahead of the game? • Do we have a clear understanding of accountability and of devolved responsibility? • Does all of this support and enable business? picture courtesy of winnond at freedigitialphots.net
  • 39. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Culture • Leadership • Governance • Best practice • Do as I say not as I do? • A fish rots from the head, down…
  • 40. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y C-suite culture Business management Business practices Good quality security behaviour Risky security behaviour
  • 41. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y “Culture eats strategy for breakfast!” Peter Drucker What our policy says What we actually do The culture gap
  • 42. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y “Culture eats strategy for breakfast!” 80% 20% Source Ponemon 2014 ‘Exposing CyberSecurity Cracks” 80% of respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue, despite Ponemon Institute research indicating the average cost of an organizational data breach is $5.4 million. Culture comes from the top...
  • 43. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y 79% Use private, non- commercial email accounts ( eg. Gmail, Yahoo et al) to send board documents 2013 and 2014 Board Governance report from Thomson Reuters found a worrying lack of security understanding in the Boardroom… 68% Never use a dedicated and exclusive email account that was specifically set up to receive board communications 47% Never encrypt this sensitive and confidential Board information …of their own sensitive and critical information in Board Reports. 2013 Never or rarely encrypt this sensitive and confidential Board information 2014 60% 2013 51% Never use a dedicated and exclusive email account that was specifically set up to receive board communications 2014 Data Source: Thomson Reuters Board Governance Report. Some images courtesy of freedigitalphotos.net
  • 44. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y 55% 33% 34% 33% Yes No Dunno 56% 2013 2014 2013 40% 60% Yes No/Dunno 2014 “Are you confident Board members destroy all printed and emailed documentation inline with your document retention policy?” Print and carry sensitive Board documents Data Source: Thomson Reuters Board Governance Report. Some images courtesy of freedigitalphotos.net
  • 45. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Data Source: Thomson Reuters Board Governance Report. Some images courtesy of freedigitalphotos.net One in ten had a board member who had a computing devices either stolen or lost 65% store board communications on mobile devices such as ipads and laptops 2014 Cyber Security information is the least requested information by the board...only 32% requesting… 2014
  • 46. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y • Can you picture a board meeting in progress without any representation from Finance or HR? • We know there are huge cost implications of a breach but some organisations have NO cyber/information security representation in the Boardroom. • Only 5% of organisation have a Chief Risk Officer and the majority of organisations (56%) align the Information Security with their IT policy and not with their Risk Appetite (38%). More on culture….
  • 47. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y In summary • Cyber space offers serious risk to FM and Security systems • Collaboration is king • Leadership is catching up but needs to get far more involved • Cultural change is hard but it’s the only way to make a real difference • We are only ever going to have more IP enabled kit, not less. Lets get on top of it right now.
  • 48. ©Advent IM Ltd 2016 p e o p l e p l a c e s i n fo r m a t i o n t e c h n o l o g y Questions advent-im.co.uk