This document summarizes a presentation on risk management in facility management. It discusses how workplaces are a key factor in business resilience and how changes can erode relevance over time. Cyber security risk was also addressed, noting the convergence of physical and cyber threats and importance of collaboration across functions. The presentation emphasized that culture comes from leadership and governance must support appropriate security behaviors.
Risk Management is more than just Risk Avoidance.
Go beyond IT Audits, Security Assessments, checklists and checkboxes. Join Michael Scheidell, Certified CISO as you move beyond Risk Assessments and Risk Management into Risk Enablement.
Risk Enablement is the process of developing an Enterprise Risk Management program that facilitates and encourages a strategy of supporting TAKING Risks. The requirement of any growing company.
Find out how to build a culture of informed Enterprise Risk Management.
(related whitepaper at http://blog.securityprivateers.com/2014/03/to-achieve-good-security-you-need-to.html
Security threats are growing in volume, scale, and complexity. Not a day passes that we don’t hear about another data breach; and the average organization that’s hacked goes bankrupt within a year. From small and medium-size organizations to Fortune 500 companies, across every industry, no one is immune. It’s no longer enough to keep the bad stuff out (threat protection) or just keep the good stuff in (information protection). This session is a practical discussion on the ever evolving threat landscape, how you can keep up and protect yourself, your organization, and its reputation. It will help you build awareness about the types of resources and sensitive data that your nonprofit has, with tips on practical, accessible steps that you can take to ensure that information is safeguarded.
This is a presentation introducing the SANS Institute's 20 Security Controls and the Australian Government's Top 35 Mitigation Strategies that I gave to The Small Business Technology Consulting Group in St Paul MN on November 13, 2012
Risk Management is more than just Risk Avoidance.
Go beyond IT Audits, Security Assessments, checklists and checkboxes. Join Michael Scheidell, Certified CISO as you move beyond Risk Assessments and Risk Management into Risk Enablement.
Risk Enablement is the process of developing an Enterprise Risk Management program that facilitates and encourages a strategy of supporting TAKING Risks. The requirement of any growing company.
Find out how to build a culture of informed Enterprise Risk Management.
(related whitepaper at http://blog.securityprivateers.com/2014/03/to-achieve-good-security-you-need-to.html
Security threats are growing in volume, scale, and complexity. Not a day passes that we don’t hear about another data breach; and the average organization that’s hacked goes bankrupt within a year. From small and medium-size organizations to Fortune 500 companies, across every industry, no one is immune. It’s no longer enough to keep the bad stuff out (threat protection) or just keep the good stuff in (information protection). This session is a practical discussion on the ever evolving threat landscape, how you can keep up and protect yourself, your organization, and its reputation. It will help you build awareness about the types of resources and sensitive data that your nonprofit has, with tips on practical, accessible steps that you can take to ensure that information is safeguarded.
This is a presentation introducing the SANS Institute's 20 Security Controls and the Australian Government's Top 35 Mitigation Strategies that I gave to The Small Business Technology Consulting Group in St Paul MN on November 13, 2012
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
The Verizon 2017 Data Breach Investigations Report findings relate specifically to the occurrence (likelihood) of security breaches leading to data compromise. The information, provided in aggregate, is filtered in many ways to make it relevant to you (e.g., by industry, actor motive). It is a piece of the information security puzzle—an awesome corner piece that can get you started—but just a piece nonetheless. This session will discuss the new targets that are identified and some solutions
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
An overview of the scale of the challenge and rational ways to cut that down to manageable and governable size. Slides compliment recent supplier security governance related posts on Infospectives.co.uk and LinkedIn.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
We need to get on the same page as an industry if we stand any hope of getting this right. It starts with understanding and agreeing to fundamentals, including the terminology we use.
Under cyber attack: EY's Global information security survey 2013EY
Under cyber-attack, EY's 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally. This year’s results show that as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer of question of if, but when, a company will be the target of an attack.
For further information, visit: http://www.ey.com/GL/en/Services/Advisory/Cyber-security
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
These are the slides I used during my cyber security presentation at the Bucknell SBDC. Titled "Be More Secure than your Competition" this is geared toward small businesses.
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.
In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.
Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
Our industry has plenty of problems to solve. The language we use shouldn’t be one of them, and now it’s not. SecurityStudio, a Minnesota-based security SaaS company committed to solving information security problems for our industry has developed a common, easily-understood information security risk assessment that’s comprehensive, foundational, and completely free for all to use.
Today, more than 1,500 organizations are speaking the language. We invite you to do the same.
In 2015, phishing related breaches dominated security news headlines, and will likely remain the leading initial point-of-entry method for 2016. Not surprisingly an upswing in security awareness spending has paralleled the rise in phishing. In this presentation we dive deep into the largest data pool of human phishing susceptibility and also new research about phishing awareness. We will also look at phishing from the attacker’s point of view and look for opportunities to be better defenders.
Let’s examine the evidence and decide if awareness is the problem. Why do users who are aware of phishing continue to fall for it? What are some of the most successful phishing themes? What are some common response rates? And finally, what can conditioned informants (your co-workers) reporting suspicious emails bring to the table?
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
The Verizon 2017 Data Breach Investigations Report findings relate specifically to the occurrence (likelihood) of security breaches leading to data compromise. The information, provided in aggregate, is filtered in many ways to make it relevant to you (e.g., by industry, actor motive). It is a piece of the information security puzzle—an awesome corner piece that can get you started—but just a piece nonetheless. This session will discuss the new targets that are identified and some solutions
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
An overview of the scale of the challenge and rational ways to cut that down to manageable and governable size. Slides compliment recent supplier security governance related posts on Infospectives.co.uk and LinkedIn.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
We need to get on the same page as an industry if we stand any hope of getting this right. It starts with understanding and agreeing to fundamentals, including the terminology we use.
Under cyber attack: EY's Global information security survey 2013EY
Under cyber-attack, EY's 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally. This year’s results show that as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer of question of if, but when, a company will be the target of an attack.
For further information, visit: http://www.ey.com/GL/en/Services/Advisory/Cyber-security
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
These are the slides I used during my cyber security presentation at the Bucknell SBDC. Titled "Be More Secure than your Competition" this is geared toward small businesses.
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.
In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.
Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
WANTED - People Committed to Solving Our Information Security Language ProblemEvan Francen
Our industry has plenty of problems to solve. The language we use shouldn’t be one of them, and now it’s not. SecurityStudio, a Minnesota-based security SaaS company committed to solving information security problems for our industry has developed a common, easily-understood information security risk assessment that’s comprehensive, foundational, and completely free for all to use.
Today, more than 1,500 organizations are speaking the language. We invite you to do the same.
Risk Management Insights in a World Gone MadIvanti
Join Phil Richards, CISO for Ivanti, as we discuss key concepts and strategies for Risk Management. A few of the questions to be addressed in this session include: Is risk always a bad thing? How do you categorize risk according to your company’s objectives? Do data breaches really impact the big companies? What are the steps to recognizing, assessing and managing risk? The answers to these and many other questions will be discussed in this very important and timely session.
Join RES Software and other industry guests as we discuss the trends and obstacles that IT organizations should be prepared to face in the coming year. Get insight into what you can do today to prepared for future changes within your organization.
Cyber attacks have been hitting the headlines for years; but in spite of the risks, the reputational damage and the rising cost of fines, there is still an endless stream of businesses being exposed for security failings.
The scale of the problem is vast: Accenture’s recent 2016 Global Security Report highlighted “an astounding level of breaches” with the organisations surveyed facing more than 80 targeted attacks every year, of which a third were successful. Much has been made of the evolving threat landscape and increasing sophistication of attacks. But whilst there is evidence to support the growing complexity of the challenge, all too often the analysis of these high-profile attacks determines basic, foundational security principles were ignored.
Some commentators argue that the persistence of failings is a direct reflection of organisational priorities, and that while businesses may talk a good game, security is not yet given the attention that it requires at board level. This leaves CISOs and IT leaders fighting a losing battle to secure adequate attention and investment for an area of the business which does not generate revenue.
This conference will look at raising security standards across the business, exploring some of the most persistent problems from IT infrastructure to staff engagement. Amidst a backdrop of perpetual media hysteria, turbulent markets and looming regulatory change, it can prove difficult to establish a coherent picture of the threat, never mind what action to take. The conference will help contextualise the challenging landscape and discuss how to deliver meaningful improvements and end to end organisational resilience.
Cyber Job Fair Job Seeker Handbook April 19, 2018, San AntonioClearedJobs.Net
Cyber security professionals and students please join us at the Cyber Job Fair to meet employers, network with other cleared professionals, attend career seminars, and have your resume professionally reviewed. A security clearance is not required. The Job Seeker Handbook contains a listing of all employers and the positions they will be seeking to fill at the Cyber Job Fair. If you are a cyber security cleared professional please pre-register at: https://clearedjobs.net/job-fair/fair/76/. If you are a non-cleared cyber security professional or student please pre-register at: https://cybersecjobs.com/job-fair/fair/67/.
2-sec "A Day in the Life of a Cyber Security Professional" Interop London Jun...2-sec
Tim Holman, CEO of 2-sec, presents his average day including work on data breaches, penetration testing and security audits. He also discusses the skills gap in the information security industry and how ISSA-UK is attempting to coordinate training across the industry to improve the problem.
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
Conventional information security measures continue to fail our businesses in today’s rapidly changing world of cyber-risk. Adverse cyber-events manifest themselves as the usual suspects including data breaches, information theft, ransom- and malware, viruses, payment card fraud, DDOS attacks or physical loss – to name but a few.
Problem is, the tally of adverse events keeps mounting up. While headline adverse cyber incidents are now reported in the media with regularity, this represents the tip of the cyber-risk iceberg. Most known events are either unreported or hidden from public disclosure. Not helping, is the industry analysis suggesting that, on average, nearly half of all adverse cyber-risk events impacting organisations are self-inflicted and avoidable. No industry is untouched.
Delivered at the CIO Summit in Melbourne, Australia in November 2016, in this presentation, Rob offers valuable strategic insights into the problem and why it continues to be a problem.
He outlines some practical steps that will be helpful for CIOs and CISOs in reshaping their own organisation’s approach in building a more effective and resilient information security capability.
As companies integrate these tools into their operations, it is essential to understand the potential risks.
By embracing these risks and implementing effective risk management strategies, organizations can leverage the full potential of these technologies while maintaining a safe and secure operating environment.
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
In this on-demand webinar, we've discussed:
- Key takeaways on Shadow IT you need to know to protect your data in the cloud.
- Surprising Shadow IT statistics are disclosed and how to proactively take charge.
- Recommendations on cloud management strategies.
The panelists include renowned security experts Chenxi Wang - former Principal Analyst at Forrester Research, Rob McGillen - CIO for Grant Thornton, and Paul Simmonds - former Global CISO for AstraZeneca.
***Please Note: The link to the recorded on-demand webinar is on the last slide.
Presentation by Vincent Tophoff, Gerente Técnico Senior, IFAC, at the Seminario Un Aporte de Gobernanza Distinto: El Control Interno, in Santiago,Chile, Enero 2015.
Similar to BIFM Risk Management Event 8th September 2016 (20)
BIFM North Region: Smarter Workplaces Seminar, April 2018Whitbags
Seminar at Manchester Central on 18 April 2018, discussing smarter workplaces and the proposed changes to BIFM, with Ian Ellison, Mark Catchlove and Steve Roots
BIFM Event at the University of Bolton 25 June 2015Whitbags
BIFM Lancashire and Manchester Group event at University of Bolton looking at "Can FM deliver social and economic benefit in the communities in which we work"
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
VAT Registration Outlined In UAE: Benefits and Requirementsuae taxgpt
Vat Registration is a legal obligation for businesses meeting the threshold requirement, helping companies avoid fines and ramifications. Contact now!
https://viralsocialtrends.com/vat-registration-outlined-in-uae/
6. 6 | 2016 Key Learning Event – Risk Management in FM
Risk Management in FM?
7. 7 | 2016 Key Learning Event – Risk Management in FM
Introduction to today’s speakers
8. Business Resilience
The Role of Facilities Management
A Case Study
Financial Products Trading Organisation
Pre- IPO
9. What is Business Resilience?
• A framework of capabilities, enabling resources and information resources
designed to establish & support the identified priorities & strategies
• An organisation and programme to ensure that resources and capabilities
continue to be fit for purpose
• A joined up process for risk, compliance and operational continuity that
produces actionable intelligence
10. What we needed
• Transparent & auditable
• Easy to operate
• Enterprise wide
• Finger on the pulse
11.
12. How we……….
• Prioritised
• Designed
• Managed
.
< Business Resilience >
Protect Incident Management /
Business Continuity / Recovery
Specific actions for specific
threats and regulatory
requirements
• Fire, flood, terrorism, vandalism,
utilities, IT systems failure, cyber
attack
Overarching contingency
arrangements for loss of
availability specific assets
• Workplace
• Access to information & systems
• People
13. The Big Picture……….
• Objectives
• Strategy
• Tactics
.
• What do we get paid to do?
• If we were prevented from doing it –
what kind of reputational, contractual,
regulatory and financial exposure would
be created?
• What can we do to protect ourselves?
• What if our protective measures were
overwhelmed?
• Set the strategy for supporting
resources by understanding priorities
15. Overarching Strategies for Resilience
• Information Systems
• Workplace
• Critical environments
• Regulatory compliance (Fire Risk, H & S)
• Workplace protection (utilities, flood,
terrorism)
• Workforce flexibility
• Access to information systems
• Workforce mobility
Threat Protect Detect Respond Contingency
(BCP)
Assure
Power
Water
Terrorism
Flood/Escape
of Water
Regulatory
compliance
Vandalism
16. Workplace Resilience Framework
• PPM Schedule for
regulatory obligations
and general workplace
resilience
• Special focus on critical
environments
– Establish capability
– Verify capability
• Documented strategy
18. Critical Environments
Where IT systems meet the physical world
• UPS
– Server Room
– Comms room(s)
– Trading Desks
• Environmental monitoring & sensor
equipment
• “out of bounds” alerting
• Two stage work area recovery
19. Critical Environments
Need TLC !!
• Moves, adds & changes
– People
– Equipment
• Factor into change management
• Audit your UPS
22. Joined up Resilience Management…….
Priorities
for
Resilience
Risk, Compliance & PPM
Critical Environment Strategies
“out of bounds” alerts
Business Continuity Arrangements
23. Key Messages
• Workplace a key factor in business resilience
resilience – even in the digital world
• Change erodes relevance
– audit & test regularly
• Purpose built, sustainable management
systems