Great training tool and resource available through the Justice Institute of British Columbia. They can customize it with your own logo and emergency plan specifications. Contact Darren Blackburn through LInkedIn.
The Incident Command System (ICS) is a model for command, control, and coordination of emergency response at the site level.
ICS is “Organized Common Sense”
Paul Chernek
Deputy, TRADOC Capability Manager for Tactical Radios (TCM-TR)
Capability Development Integration Directorate, U.S. Army Cyber Center of Excellence
The Incident Command System (ICS) is a model for command, control, and coordination of emergency response at the site level.
ICS is “Organized Common Sense”
Paul Chernek
Deputy, TRADOC Capability Manager for Tactical Radios (TCM-TR)
Capability Development Integration Directorate, U.S. Army Cyber Center of Excellence
Introductory PresentationGoals of .docxbagotjesusa
Introductory Presentation
Goals of Introductory Presentation:
To share who you are
To develop effective delivery skills and make you feel at ease with presentations.
To learn and practice the following principles of speech preparation:
Creating an intro, body, and conclusion
Utilizing transitions
Guidelines: (See CIA)
Select a song or object that in some describes you or represents an important aspect of your life.
You will tell us about the song or object and then why it is important to you.
Criteria for Project:
Time Limit: 2-3 min.
Organization:
Introduction
Attention Getter
Thesis
Preview Main Points
Transition
Criteria for Project:
Body
Main Point 1: Describe Song or Object
Transition to Second Main Point
Main Point 2: Describe importance of the song or object in your life
Transition to Conclusion
Criteria for Project:
Conclusion
Review of main points
Re-state thesis
Concluding Thought (connect back to attention getter in Intro)
Delivery
Eye Contact
Vocal Delivery
Physical Delivery
Grading: 50 points
Introduction: 10 points
Body: 20 points
Conclusion: 10 points
Delivery: 10 points
Submitting your assignment
You will need to record your assignment.
You must be able to see your upper body and face in the recording.
You will submit a link to your recording to the discussion link in canvas. You simply create post the link to your video in the discussion forum.
You may use YouTube or Vimeo to post the video link. Remember you can make adjust settings so that you need the link to view videos on these types of accounts.
ISOL 533 - Information Security and Risk Management DISASTER RECOVERY PLAN
University of the Cumberlands
Information Technology Statement of Intent
This document delineates Health Network, Inc. (Health Network) policies and procedures for
technology disaster recovery, as well as our process-level plans for recovering critical technology
platforms and the telecommunications infrastructure. This document summarizes our
recommended procedures. In the event of an actual emergency situation, modifications to this
document may be made to ensure physical safety of our people, our systems, and our data.
Our mission is to ensure information system uptime, data integrity and availability, and
business continuity.
Policy Statement
Corporate management has approved the following policy statement:
The company shall develop a comprehensive IT disaster recovery plan.
A formal risk assessment shall be undertaken to determine the requirements for the disaster
recovery plan.
The disaster recovery plan should cover all essential and critical infrastructure elements,
systems and networks, in accordance with key business activities.
The disaster recovery plan should be periodically tested in a simulated environment to ensure
that it can be implemented in emergency situations and that the management and staff
understand how .
The webinar will cover why we should document the BCMS plan and how it can be done.
Main points covered:
· Why do we need to document
· What is included in the documentation
· How is the documentation used
Presenter:
Barbro Thöyrä, MBA., holds certificates in ISO 22301 Master and Lead Auditor, ICT Disaster Recovery Manager, ISO 28000 Provisional Implementer, PECB Certified Outsourcing Manager and DRI Risk Management. She is an approved PECB and DRI trainer and BCI Instructor.
She has several years of experience as an IT manager, product manager and subject matter expert in BCMS. She has worked as a senior consultant, project management, IT architect, wrote manuals and developed services within BCMS and CRM. Furthermore, she is a trainer in IT and BCMS and carried out several international BCMS and IT projects as an expert and project manager.
Link of the webinar published on YouTube: https://youtu.be/q3Jr9k-tbic
If your facility loses power what do you do? If there is a fire or flood how will you respond? These often-overlooked emergency situations are a costly threat to facilities across the US. Planning for emergencies can often seem daunting and time consuming, especially considering that OSHA requires a written plan. To make your life easier, our experts will share best practices for developing and implementing a rock-solid emergency action plan.
Do you have an incident response plan to cover disasters, cyber-attacks, and other threats to your organization? How confident are you that it will work in a real-world situation? While simply having a plan will help you check the box on the audit, it doesn't guarantee effectiveness in a real situation. Assessing your incident response plans through fire drills, desk top exercises, functional scenarios, and full scale exercises will help your organization truly validate the effectiveness of the plan.
IR assessments are meant to:
- Evaluate plans, policies, and procedures
- Find weaknesses in the plan and gaps in resources
- Improve coordination and communication internally and externally
- Define and validate roles and responsibilities
- Train personnel in their roles and responsibilities
This webinar will provide practical steps for assessing your organization's plans and demonstrate ways to improve them through a methodical and proven approach. After all, whether they're big or small, internal or external, in most any organization incidents occur. Complete plans that have been tested, backed by trained resources and thorough communication, are the proven recipe to minimize the impact of incidents when they occur.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Security Intelligence and Operations Principal, HP Enterprise Security Products
Incident Response PlanningIncident response planning includes .docxjaggernaoma
Incident Response Planning
Incident response planning includes identification of, classification of, and response to an incident.
· Attacks classified as incidents if they:
· Are directed against information assets
· Have a realistic chance of success
· Could threaten confidentiality, integrity, or availability of information resources
· Incident response (IR) is more reactive than proactive, with the exception of planning that must occur to prepare IR teams to be ready to react to an incident.
Incident Response Planning (cont’d)
· Incident response policy identifies the following key components:
· Statement of management commitment
· Purpose/objectives of policy
· Scope of policy
· Definition of InfoSec incidents and related terms
· Organizational structure
· Prioritization or severity ratings of incidents
· Performance measures
· Reporting and contact forms
Incident Response Planning (cont’d)
· Incident Planning
· Predefined responses enable the organization to react quickly and effectively to the detected incident if:
· The organization has an IR team
· The organization can detect the incident
· IR team consists of individuals needed to handle systems as incident takes place.
· Incident response plan
· Format and content
· Storage
· Testing
Incident Response Planning (cont’d)
· Incident detection
· Most common occurrence is complaint about technology support, often delivered to help desk.
· Careful training is needed to quickly identify and classify an incident.
· Once incident is properly identified, the organization can respond.
· Incident indicators vary.
Incident Response Planning (cont’d)
· Incident reaction
· Consists of actions that guide the organization to stop incident, mitigate its impact, and provide information for recovery
· Actions that must occur quickly:
· Notification of key personnel
· Documentation of the incident
· Incident containment strategies
· Containment of incident’s scope or impact as first priority; must then determine which information systems are affected
· Organization can stop incident and attempt to recover control through a number or strategies.
Incident Response Planning (cont’d)
· Incident recovery
· Once incident has been contained and control of systems regained, the next stage is recovery.
· The first task is to identify human resources needed and launch them into action.
· Full extent of the damage must be assessed.
· Organization repairs vulnerabilities, addresses any shortcomings in safeguards, and restores data and services of the systems.
Incident Response Planning (cont’d)
· Damage assessment
· Several sources of information on damage can be used, including system logs, intrusion detection logs, configuration logs and documents, documentation from incident response, and results of detailed assessment of systems and data storage.
· Computer evidence must be carefully collected, documented, and maintained to be usable in formal or informal proceedings.
· Individuals who assess damage need.
IT Disaster Recovery and Business Continuity from the Inside Out_slides.pptx
Eoc Quick Reference Card April 2010
1. LEVELS OF RESPONSE
INITIAL ACTION PLANNING/PRIORITIES
Initial Priorities/Objectives
1. Activate EOC:
o Implement Staffing Plan
o Assign Functions
o Set-up Facility & Initiate Processes
2. Establish Contact with:
o Responders/Lower Level EOC’s
o Higher Levels of Response
o Supporting/Cooperating Agencies
3. Build Situational Awareness:
o Obtain Status Reports, SitReps,
Responder Briefings…
o Collect event/community data
4. Determine Future Priorities/Action Plan:
o Conduct EOC Mgmt Team Briefing
o Communicate/Post Priorities to EOC
STANDARD RESPONSE GOALS
1. Safety & Health of Responders
2. Save Lives
3. Reduce Suffering
4. Protect Public Health
5. Protect Critical Infrastructure
6. Protect Property
7. Protect the Environment
8. Reduce Economic & Social Losses
EOC REPONSIBILITIES
• Policy & Strategic Direction
• Site-Support/Consequence Mgmt
• Info Collection, Evaluation & Display
• Coordination of Agencies & Operations
• Resource Management
• Internal & External Communications
INFORMATION ANALYSIS
Analyze all incoming information:
• What needs to be acted on?
• Who is responsible for action?
• Who is to be consulted during planning?
• Who is to be informed on outcome?
• When does it need to be completed?
• How should info/actions be recorded?
• What info needs to be displayed?
GLOSSARY
Action Plan - Objectives reflecting
event strategy and specific actions
for next operational period
Agency Representative -
Individual from assisting/
cooperating agency who has
authority to make decisions for their
agency
Assisting Agency - Agency directly
contributing tactical or service
resources to the incident
Cooperating Agency - Agency that
supports the incident or supplies
assistance other than tactical
resources
Critical Resource - Resources that
are in high demand and low in
supply.
Department Operations Centre
(DOC) - A support/coordination
facility representing a single
discipline or department
Emergency Operations/
Coordination Centre (EOC/ECC) -
A designated facility established by
an agency or jurisdiction to
coordinate their overall response
and support
Incident Commander (IC) - An
individual responsible for the
management for incident operations
at the site level
Incident - A single distinct
occurrence which requires response
action to prevent or minimize loss.
Incident Command Post (ICP) -
Location at which the primary site
command functions are executed
Incident Command System (ICS) -
A management system for
command, control and coordination
of emergency response
Mutual Aid Agreement -
Agreement between agencies/
jurisdictions in which they agree to
assist one another by providing
resources
Operational Period - A period of
time scheduled for execution of a
given set of actions as specified in
the action plan
Unified Command (UC) - A unified
team effort which allows agencies
with jurisdictional responsibility to
manage an incident by establishing
a common set of objectives
Responsible
All, Logistics
Ops, Liaison
Ops, Plans
Mgmt Team,
Plans
ACTIVATION CHECKLIST - Upon arrival:
□ Sign-in when entering EOC
□ Check-in with Personnel Unit in Logistics
□ Check-in with Liaison Officer, if outside agency
□ Participate in facility orientation & safety briefing
□ Report to assigned supervisor for specific job
responsibilities
□ Obtain function-specific briefing
□ Review position checklist & other support documents
□ Set-up/replenish your workstation & request/obtain
necessary resources
□ Establish position log documenting key activities,
significant decisions, actions & enquiries
Incident Command Post(s)
Local Authority
Emergency Operations Centre(s)
Dept/Agency Operations Centre(s)
P/T Ministry/Agency Operations Centre(s)
Provincial/Territorital
Emergency Operations Centre
Federal/National
Emergency Operations Centre
Policy/Executive Group
Policy/Executive Group
Policy/Executive Group
Federal Agency Operations Centre(s)
Local/Regional
Provincial/
Territorial
Federal/National
Site
Response
Site-Support/CoordinationLevels
Federal Regional Emergency Operations
P/T Regional Emergency Operations
2. POSITION LOG
• Used by all functions to record key activities,
significant decisions, actions, enquiries
• Remain with function
• Indicate “closed” when no further action required
• Factual entries, not opinions
• Initial entries, when more than one person in role
• Number pages and keep complete
• Review with replacement personnel
EOC PROCESSES AND DOCUMENTATION
EOC ACTION PLAN
• Completed by Planning, input from Mgmt Team
• Validation required from Mgmt Team and
approved by EOC Director
• Lists Priorities/Objectives - “What” the EOC is
doing to satisfy the “Standard Response Goals”
• List Objectives/Priorities in order of importance
• Further describes Tasks - “How” personnel will be
addressing the priorities/objectives that are listed
• Based on upcoming Operational Period
INCIDENT REPORT
Used by Operations to track incoming incident
details and updates, includes:
• Type of Incident
• Location of Incident
• Details of what happened
• Responding Agencies
• Deaths, Injured, Damage or Potential Damage
• Situation Forecast
• Public Information/Media Requirements
SITUATION REPORT
• Completed by Situation Unit in Planning
• Used to capture and share situational information
• Input from many functions required
• Provides a summary of situational information
• Usually completed every 12 or 24 hours
• Commonly shared with higher/lower level EOCs
and cooperating/assisting agencies
• Limited and authorized distribution only
STATUS REPORT
Used by functions to report on status of activities,
includes:
• Current Situation (incidents, actions taken,
resource status…)
• Outstanding Issues/Challenges/Problems
• Anticipated Priorities/Activities (for future
operational periods)
• Other Comments/Issues (e.g., media information,
public information bulletins, safety tips…)
RESOURCE REQUEST
• All site requests vetted by EOC Operations
• Ops fills requests within Operations from other
Branches when resources readily available
• Logistics acquires items not readily available
through Operations
• Requests provided to Log with necessary approval
• Priority/precedence level identified by initiator
• Requests tracked by Logistics and initiator
• Critical resources allocated by established priorities
EOC ACTION PLANNING PROCESS
MGMT TEAM BRIEFING AGENDA
Agenda Items Responsible
1. Old Business Planning
2. Status Reports/Updates Mgmt Team
3. Resource Priorities Mgmt Team
4. Probabilities & Predictions Planning
5. Public Info & Media Info Officer
6. Action Plan Priorities EOC Director
7. New Business Mgmt Team
Continual
process, which is
defined and
assessed based
on an established
Operational
Period
Understand Current
Situation – Build
Situational Awareness
Identify
Objective/Priorities
(for Next Operational
Period)
Develop EOC Action
Plan (for Next
Operational Period)
Obtain Approvals
and Distribute/Post
EOC Action Plan
Review and
Monitor
Progress
Need for
Action
Planning
Identified
OPS
ALL
ALL OPS/LOG
PLAN
PLAN
OPERATIONAL PERIODS
• Length of time to achieve a given
set of objectives
• Determined by EOC Mgmt Team
• Initially 1 - 2 hrs for critical/life
safety issues
• Ongoing length varies depending
on objectives/priorities
• Commonly 8 to 12 hrs in length
• Not to exceed 24 hours
• Sequentially numbered
• Time period identified
First
Operational
Period…
3. Operations
Section
Logistics
Section
Planning
Section
Finance/Admin
Section
LiaisonDeputy Director
Risk Management
Information
EOC
Director
Public Information
Media Relations
Internal Information
Time
Procurement
Compensation
and Claims
Cost Accounting
Information
Technology
EOC Support
Supply
Personnel
Transportation
Communications
Computer Systems
Facilities
Security
Clerical
Situation
Resources
Documentation
Advance Planning
Demobilization
Recovery
Technical Specialists
Functional
Groups
Agency/Departement
Representatives
(Assisting Agencies)
Geographical
Divisions
Special
Operations
Agency Representatives
(Cooperating Agencies)
OPERATIONS
• Communicates with
site(s), field personnel
& DOCs
• Supports site ops
• Implements plans/
strategies
• Deploys/tracks EOC-
issued site resources
• Coordination of multi-
agency/department
responses
PLANNING
• Collects, evaluates,
displays info
• Develops Action Plans
& SitReps
• Conducts long-term/
advanced planning
• Recommends
alternative actions
• Maintains overall
resource and event
status
LOGISTICS
• Provides technology/
comms support
• Arranges/manages
facilities
• Establishes transport
resources
• Arranges responder/
personnel support
• Orders/supplies
requested resources
FINANCE
• Monitors response and
recovery costs
• Monitors expenditure
process
• Coordinates
compensation & claims
• Supports contracts &
procurement
• Tracks personnel time
• Analyzes & estimates
overall costs
POLICY GROUP
• Provides overall policy
direction
• Authorizes
“declaration”/policy
directives
• Provides direction on
public information
activities
• May act as official
spokesperson
DIRECTOR
• Overall authority/
responsibility for EOC
• Provides leadership to
Mgmt Team
• Ensures/approves
EOC objectives
• Communicates with
Policy Group
• Initiates Mgmt Team
Briefings
INFORMATION
• Establishes/maintains
media contacts
• Coordinates info for
release
• Coordinates media
interviews
• Liaises with other IOs
• Prepares public info
materials
• Prepares EOC
messaging sheets
LIAISON
• Ensures required
agencies are in EOC
• Primary contact with
external agencies,
other EOCs
• Assists EOC Director
with activities (e.g.
briefings, meetings)
• Maintains regular
contact with
cooperating agencies
RISK MGMT
• Monitors EOC safety
• Maintains link with
Safety Officers as
applicable
• Identifies/analyses
liability/loss exposures
• Assesses unsafe
situations & halts
operations if necessary
• Recommends safety
modifications to ops
DEPUTY
• Assumes duties of
EOC Director in their
absence
• Ensures efficient
internal information/
communication
processes
• Facilitates resolution of
internal staffing/
personnel challenges
MANAGEMENT STAFF
GENERAL STAFF
MANAGEMENT TEAM – Roles and Responsibilities
EOC ORGANIZATIONAL STRUCTURE
Operations
Section
Fire
Police
Ambulance
Health
Emergency
Social Services
Environmental
Engineering/
Utilities
Operations
Section
NW Sector
NE Sector
SE Sector
SW Sector
Agency/Dept-based Structure
Geographical-based Structure
NOTE: Ops Section
structure should be based
on the jurisdiction’s
organizational needs & the
operational requirements
of the incident/event.
4. Event/Incident Display – Key event/incident information for display to EOC personnel PLAN
INCIDENT
#
DATE &
TIME
PRIORITY TITLE/DESCRIPTION
CURRENT
STATUS
OUTSTANDING ACTIONS/ISSUES
Resource Tracking Display – High-level resource tracking info for display to EOC personnel PLAN
RESOURCE TYPE
RESOURCE ID/
CALL SIGN
LOCATION/ASSIGNMENT
CURRENT
STATUS
COMMENTS/NOTES
Resource Request Tracking Table – Used by Log/Ops to track resource requests LOG
REQUEST #
DATE
RECEIVED
TIME
RECEIVED
PERSON
REQUESTING
CONTACT
INFO
RESOURCE
DESCRIPTION
QTY
CURRENT
STATUS
COMMENTS/
NOTES
Media Enquiry Tracking Sheet – Used by Information Officer to track media enquiries IO
TIME
MEDIA
OUTLET
REPORTERS
NAME
CALLBACK
NUMBERS
REQUEST/QUESTIONS
CALL STATUS/
ACTIONS TAKEN
Position Log – Used by all functions to record key actions, decisions, request, enquiries…. ALL
DATE TIME TO/FROM ACTION/DECISION/ENQUIRY FOLLOW-UP REQUIRED
Expenditure Tracking Report – Used by all functions to track expenditures FIN
ORDER
DATE
VENDOR/
SUPPLIER
LOCATION OF
USE
GOODS OR SERVICES RECEIVED/PURPOSE
ESTIMATED
COST
PAYMENT
METHOD
EOC DATA TABLES AND DISPLAYS
ADVANCED PLANNING
□ Identify/bring forward demobilization issues related
to your assigned function
□ Ensure incomplete/open actions in position log are
reassigned
□ Complete/forward all original documentation to
Documentation Unit in Planning
□ Advise Finance Section of outstanding financial
commitments/details
□ Return borrowed or acquired equipment/supplies
□ Clean-up/organize your work area
□ Prepare to participate in post-operational debriefs
and/or After Action Report
□ Participate in exit interview/debrief
□ Close-out position log, forward to Documentation
Unit in Planning
□ Sign-out of EOC
DEMOBILIZATION CHECKLIST
When making media statement, EXPRESS:
1. Concern – About health & well-being of
those involved
2. Action – Steps/processes being taken to
help people
3. Commitment – The goal is to support
those impacted
• Avoid blocking cameras or saying “no
comment”
• Stick to the facts – no opinions/
speculation
• If you don’t know, offer to find answer
• Don’t comment on investigations of
others
• Only disclose personal/confidential info if
authorized
• Don’t forget the local media – they will be
with you for the long haul!
• Remember, you have the right to end the
interview
Helpful Phrases
“The most important point is…”
“That is a matter for…”
“Before we wrap up, I’d like to
emphasize…”
“That depends. One thing for certain is…”
“That would be speculation. What I can tell
you is…”
“That is true; however, it’s important to
remember…”
MEDIA STATEMENTS
TIME
PERIOD
PROBABILITIES
& PREDICTIONS
ISSUES/
CONCERNS
RECOMMENDED
ACTIONS/PLANS
FUNCTION/
AGENCY
RESPONSIBLE
ANTICIPATED
RESOURCES
ConsultwithOps&EOCMgmt
Teamtodeterminesuitabletime
periods(e.g.,6,12,24,72hrs)
Basedoncollectiveexperience,
evidenceandavailableinformation,
whataretheprobabilitiesand
predictionsastheeventunfolds
duringthespecifiedtimeperiod?
Whatspecificissuesorconcernsdo
youanticipatewillariseoverthe
designatedtimeperiods?
Whatarethespecificactionsor
plansthatarenecessaryinorderto
addresstheissues&concernsthat
havebeenidentified?
Whatagency,functionordepartment
isresponsibleforimplementingthe
action/plan?Ifmorethanone,what
aretheirspecificobligations?
Whatequipment,personneland/or
supplieswillberequiredtocarryout
therecommendedactions/plans?
04/10