Business Continuity & Crisis Management in the Cyberbreach Age

378 views

Published on

In this presentation, Minnesota Counties Intergovernmental Trust membership in October 2015, Bryghtpath LLC Principal Consultant & CEO Bryan Strawser provides an overview of business continuity and crisis management in the cyber breach age.

Topics discussed include emergency management, crisis management, crisis communications, project management, program management, business continuity, crisis leadership, and how to prepare your business for a disruption.

Published in: Leadership & Management
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
378
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Business Continuity & Crisis Management in the Cyberbreach Age

  1. 1. Business Continuity & Crisis Management in the Cyberbreach Age Bryan Strawser, MBCP, MBCI, CISSP, CEM Principal Consultant & CEO
  2. 2. 4
  3. 3. 5
  4. 4. Data Breaches Company Impacted People Sony Pictures 6,000 Sally Beauty 25,000 Neiman Marcus 1,100,000 Michaels Stores 3,000,000 Community Health Systems 4,500,000 PF Chang’s 7,000,000 Home Depot 56,000,000 Target 70,000,000 JP Morgan 76,000,000 Anthem 80,000,000 eBay 145,000,000 7 The Last 36 Months Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  5. 5. 9
  6. 6. 10
  7. 7. 11
  8. 8. 12
  9. 9. Today • Continuity of Operations • Crisis / Emergency Management • Crisis Communications • Where to learn more… • Q&A 13 Key Topics
  10. 10. Continuity of Operations The ability to continue performance of mission essential functions under a broad range of circumstances 14 An Overview
  11. 11. Continuity of Operations • Mission Essential Functions (MEFs) – Critical functions performed by your agency – Determined through a methodology – Plans are in place to recover from a disruption • Broad Range of Circumstances – “All-Hazards” approach – Plans (Annexes) for specific circumstances 15 What it means
  12. 12. Global Standards US Government • FEMA Federal Continuity Directives (FCD 1 / FCD 2) • FEMA Continuity Guidance Circulars (CGC 1 / CGC 2) • NIST 800-34, Contingency Planning Guide for Federal Information Systems Business Continuity • ISO 22301 (formerly BS25999) • NFPA 1600 • ASIS Business Continuity Management Standard • ASIS SPC.1: Organizational Resilience Professional Practices • Disaster Recovery Institute International BC/DR Professional Practices • Business Continuity Institute Good Practice Guide 16 Business Continuity and Emergency Management
  13. 13. • Federal guidance for non- Federal governmental entities • Contents: – Planning and implementing a COOP program – Continuity planning for mission essential functions 17 FEMA Continuity Guidance Circular 1 (CGC 1) Continuity of Operations Program for State / Local / Tribal Government Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  14. 14. • Federal guidance for non- Federal governmental entities • Contents: – Identification and prioritization of Mission Essential Functions (MEF) – Business Process Analysis – Business Impact Analysis – Risk Assessment 18 FEMA Continuity Guidance Circular 2 (CGC 2) Continuity of Operations Program for State / Local / Tribal Government Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  15. 15. Business Continuity Regulations United States • Federal Financial Institutions Examination Council (FFIEC) • Securities and Exchange Commission (SEC) • Financial Industry Regulatory Authority (FINRA) • Payment Card Industry Standard (PCI) 19 We’re from the government, we’re here to help… Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  16. 16. 20 Continuity of Operations Lifecycle FEMA Continuity Guidance Circular 1 (CGC 1) Plans and Procedures Test, Training, & Exercises Evaluations, After- Action Reports, and Lessons Learned Develop Corrective Action Plans Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  17. 17. Business Impact Analysis & Risk Assessment Identifying critical business functions & their risks Business Impact Analysis • What are the mission essential functions at my agency? • How long can they be disrupted? • How quickly can they be recovered today? • What is the impact from that disruption to my agency? • BIA Methods Risk Assessment • What are the risks to these functions? • What are our top enterprise risks? • Risk Assessment Methods Third Parties • Don’t forget about them… Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  18. 18. Specific actions to manage your risks and address your opportunities • Prepare your agency for disruption • Develop COOP Plans • Implement COOP Solutions 22 Plans and Procedures How can I recover my mission essential functions in the time period needed? Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  19. 19. Core Components of a COOP Plan • Roles & Responsibilities • Activation process • Managing the immediate consequences • Communication plan • Recover prioritized activities • Media response • Process for standing down 23 Plans and Procedures Continuity of Operations Planning Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  20. 20. • People – Who will do the work? • Technologies – What, if any, technologies will enable the work? • Facilities – Where will the work be done? • Communications – How do we share this information? 24 Core Plan Elements Recovering Operations Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  21. 21. 25 Establish & Implement BC Procedures What processes will I follow in a disruption? Specific defined processes for Business Continuity Examples: • Emergency preparedness • Governance • Activation Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  22. 22. • “Disaster Recovery” generally pertains to the recoverability of IT systems – Applications – Infrastructure • Must be closely linked to business continuity capability • Should heavily utilize the BIA findings to influence a tiered recovery strategy 26 Disaster Recovery Business Continuity for IT Systems Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  23. 23. • All plans should be exercised at least annually: – Notification – Table Top – Recovery – Fully integrated • Disaster Recovery – Testing DR plans and strategies • Government Guidance: – Homeland Security Exercise & Evaluation Program (HSEEP) 27 Tests, Training, and Exercises How will I exercise and test my plans? Based on those results, how will I improve? Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  24. 24. • Defined process for capturing lessons learned and applying to plans and strategies • Action items tracked and reported upon to key stakeholders and leaders 28 Develop Corrective Action Plans Improving plans and procedures following a test or exercise Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  25. 25. 29 Continuity of Operations Lifecycle FEMA Continuity Guidance Circular 1 (CGC 1) Plans and Procedures Test, Training, & Exercises Evaluations, After-Action Reports, and Lessons Learned Develop Corrective Action Plans Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  26. 26. 30 Continuity Plan Operational Phases What happens when things go bad? Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com Readiness & Preparedness Activation Continuity Operations Reconstitution
  27. 27. Roles and Responsibilities 3 Who does what? Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • Elected Officials – Ultimately responsible for continuity of essential functions during a disruption or emergency • Senior Leadership – Designates Continuity Manager and Planning Team – Approves plans • Continuity Manager – Responsible for coordinating all continuity activities within an agency • Continuity Planning Team – Cross functional group that coordinates all plans within an agency
  28. 28. 32 Drip, Drip… When a drip becomes a flood… Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  29. 29. • 2013 Target Corporation HQ Flood • Read PDF Case Study at bryghtpath.com 33 Case Study When a drip becomes a flood… Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  30. 30. 3 Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  31. 31. Crisis Management The active management of a disruption or escalating situation Items to consider: • Clear roles and responsibilities • Decision making rights pre-defined • Single source of truth communication • Communication products / messages • Cross-functional coordination A Component of Business Continuity Management Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  32. 32. Crisis Leadership 3 Characteristics of a strong crisis leader Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • Cross-Functional Leadership – Lead up (vertically) – Lead across (horizontally) • Be both strategic and tactical – Strategic: See the entire organization and external influences – Tactical: Be willing to work on really simple processes where needed • Understands that success never happens within a silo • Doesn’t try to get “fancy” • Can pivot in a moment • Possesses extraordinary situational awareness
  33. 33. Private Sector Crisis Management Framework 3 Situational Awareness Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com Executive Crisis Team (Elected Leaders / Senior Leader) Cross-Functional Crisis Team (Mission Essential Leaders) Crisis Management Team Strategic Decision Making Day to day operations Recommendations to Executives Horizontal Communication Subject matter experts Situational awareness upstream Full-time / volunteer
  34. 34. Planning & Preparedness 3 Routine v. Novel Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • Don’t get fancy at first – How will the team “activate” and share that they are actively managing a situation? – How will they provide updates? – What decisions will be escalated to executives? • Then get fancy – What could disrupt our business? – Prioritize these risks with executives – Plan for key risks • REMEMBER: You cannot plan for everything • Having a framework is more important than having a plan for every single possibility
  35. 35. 39 Case Study: Earthquake & Tsunami – Sendai, Japan (2011)
  36. 36. Crisis Management Framework 4 Situational Awareness Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com Routine Incident HOLY S$@! What just happened?! Protocols & Processes Incident Specific Plans Preparedness Steps Situational Awareness Collaborative cross- functional discussion Strategic view Framework for collaborative decision making & communication
  37. 37. Crisis Leadership 4 Situational Awareness Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • What’s happening? • What do we know about it? • What impact is it having on our organization? • What don’t we know what we need to know?
  38. 38. 42
  39. 39. 43
  40. 40. Practical Advice 4 The Simple Things Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • Work / Organization – Clear roles & responsibilities – Establish decision making rights – How will you communicate? – Situational Awareness • Personal – Be Informed – Make a Plan – Build a Kit – Visit ready.gov for more practical advice
  41. 41. 45
  42. 42. 46
  43. 43. Reputation Impact Hurricane Sandy - 2012 Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com International Business Times –11/3
  44. 44. Crisis Communications 4 Sending out a press release isn’t going to cut it Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • You’ll only get one chance to message things with your version of the story – don’t pass up this opportunity! • Slow, methodical PR planning will not suffice – communications must be nimble. • Speed, accuracy, clarity will be critical in a data breach • Honesty – spin is ok, but be honest. • Cultural context is critical.
  45. 45. 49
  46. 46. 50
  47. 47. How to Lead during a crisis 5 Eric McNulty, Harvard Business Review, December 2013 Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • Ensure certainty about decision making and strategic messaging • Understand Stakeholders – Map out your stakeholders – Understand each has unique needs for information and reassurance – Develop story arcs for each • Understand that the crisis will evolve over time
  48. 48. 52
  49. 49. Continuity of Operations Training 53 FEMA Emergency Management Institute Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • Free FEMA Independent Study courses online • http://training.fema.gov/EMI
  50. 50. Continuity of Operations Certifications 54 FEMA Emergency Management Institute Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com • FEMA Continuity of Operations (COOP) Certifications • Level 1: Professional Continuity Practitioner • Series of 13 independent study or in-person courses • Many in-person courses can be taken through MN Homeland Security & Emergency Management for free • Level 2: Master Continuity Practitioner • Complete Level 1 certification • Complete 5 additional independent study and in-person courses • Instruct one continuity course as an instructor • Complete and pass comprehensive written examination • Learn more at http://training.fema.gov/programs/COOP
  51. 51. Industry Professional Certifications Business Continuity • Disaster Recovery Institute International – Associate Business Continuity Professional (ABCP) – Certified Business Continuity Professional (CBCP) – Master Business Continuity Professional (MBCP) • Business Continuity Institute – Member, Business Continuity Institute (MBCI) – Fellow, Business Continuity Institute (FBCI) Emergency Management • International Association of Emergency Managers – Associate Emergency Manager (AEM) – Certified Emergency Manager (CEM) 55 Business Continuity and Emergency Management Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
  52. 52. Contact Information Contact Bryan: Bryan Strawser Principal Consultant & CEO Phone: +1-612-235-6435 E-Mail: bryan@bryghtpath.com Twitter: @bryanstrawser Learn more about Bryghtpath LLC Website: www.bryghtpath.com Twitter: @bryghtpath Facebook: /bryghtpathllc 56 Bryghtpath LLC Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com Our Consulting Services Include: Business Continuity Crisis / Emergency Management Enterprise Risk Management Exercise Design & Facilitation Global Intelligence & Security ISO Training & Certification Project & Program Management Travel Risk & Security

×