RiskWatch for Physical & Homeland Security™CPaschal
RiskWatch for Physical and Homeland Security™ assists the user in conducting automated risk analyses, physical security reviews, audits and vulnerability assessments of facilities and personnel. Security threats addressed include crimes against property, crimes against people, equipment of systems failure, terrorism ,natural disasters, fire and bomb threats. Question sets include entry control, perimeters, fire, facilities management, guards, including a specialized set of questions for the maritime/shipping industry. New ASP functionality allows the organization in question to put the entire questionnaire process on it\'s server, where users can easily log in by ID # and answer questions appropriative to their job. From there, all answers are instantly imported into the RiskWatch for Physical and Homeland Security™ program.
Are existing compliance requirements sufficient to prevent data breaches? This session will provide a technical assessment of the 2019 Capital One data breach, illustrating the technical modus operandi of the attack and identify related compliance requirements based on the NIST Cybersecurity Framework. Attendees will learn the unexpected impact of corporate culture on overall cyber security posture.
This talk was presented at RSA Conference 2021 (Session RMG-T15) on May 18, 2021.
Original paper available for download at SSRN: Novaes Neto, Nelson and Madnick, Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (28/04/2020). https://ssrn.com/abstract=3570138
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
The development of the Critical Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at limited cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when they’ve reached certain goals.
They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated “more than 80% reduction in ‘measured’ security risk through the rigorous automation and measurement of the Top 20 Controls.”
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
RiskWatch for Physical & Homeland Security™CPaschal
RiskWatch for Physical and Homeland Security™ assists the user in conducting automated risk analyses, physical security reviews, audits and vulnerability assessments of facilities and personnel. Security threats addressed include crimes against property, crimes against people, equipment of systems failure, terrorism ,natural disasters, fire and bomb threats. Question sets include entry control, perimeters, fire, facilities management, guards, including a specialized set of questions for the maritime/shipping industry. New ASP functionality allows the organization in question to put the entire questionnaire process on it\'s server, where users can easily log in by ID # and answer questions appropriative to their job. From there, all answers are instantly imported into the RiskWatch for Physical and Homeland Security™ program.
Are existing compliance requirements sufficient to prevent data breaches? This session will provide a technical assessment of the 2019 Capital One data breach, illustrating the technical modus operandi of the attack and identify related compliance requirements based on the NIST Cybersecurity Framework. Attendees will learn the unexpected impact of corporate culture on overall cyber security posture.
This talk was presented at RSA Conference 2021 (Session RMG-T15) on May 18, 2021.
Original paper available for download at SSRN: Novaes Neto, Nelson and Madnick, Stuart E. and Moraes G. de Paula, Anchises and Malara Borges, Natasha, A Case Study of the Capital One Data Breach (28/04/2020). https://ssrn.com/abstract=3570138
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
The development of the Critical Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at limited cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when they’ve reached certain goals.
They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated “more than 80% reduction in ‘measured’ security risk through the rigorous automation and measurement of the Top 20 Controls.”
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
The NIST Cybersecurity Framework (CSF) is recognized as the de facto guide for best practices in cybersecurity and risk-management for organizations of any size and in any sector or location. In this session, learn how to implement AWS services to align to the 108 outcome-based security activities in the NIST CSF. We discuss the AWS whitepaper and customer workbook at a high level, which maps many AWS services that customers can use to align to the NIST CSF, including IAM, AWS CloudTrail, Amazon CloudWatch, Amazon GuardDuty, Amazon Macie, Amazon EC2, Amazon Cognito, AWS SSO, and VPC Flow Logs. (Note: This is not a technical deep dive.)
PYA Principal Barry Mathis presented “The IT Analysis Paralysis,” in which attendees:
Received a compressive review of the many IT frameworks that can be used to develop effective internal audit programs.
Learned the differences between commercial, federal, and industry frameworks.
Received tips, tools, and techniques for creating an effective framework based on risk assessment and identified risks.
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016
LocusView Solutions, a Chicago-based subsidiary of the Gas Technology Institute (GTI), applied the NIST Cybersecurity Framework to pass penetration tests and compliance auditing in 2015.
LocusView provides a SaaS solutions to the natural gas industry, and wanted to go beyond standard regulatory compliance to save money and streamline the audit process.
As organizations spend more time and efforts to fight data breaches and fears of fallout from a data loss, IT teams like LocusView can begin comparing existing cybersecurity practices to the NIST Framework to quickly identify any gaps in pinpointing, assessing, and managing risks in their networks.
The NIST Framework was created for critical infrastructure — banking, aviation, defense — all organizations can easily apply the principles to their operations. While traditional audit-focused standards value policies and checklists, NIST’s risk-based approach focuses on business and customers.
As part of an in-depth audit, LocusView used the NIST Framework to ensure everything from customer data to cloud-based networks are truly secure.
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin, Inc.
RFP Template for healthcare organizations to use when looking for a qualified information security assessment firm to perform a HIPAA Security Risk Analysis as defined in the HIPAA Security Rule 45 CFR 164.308(a)(1)(A).
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
Security Blind Spots
We need to automatically detect and report on security blind spots, including Sensitive Data that was not found in our initial Discovery and failures of deployed security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture.
The Seven Deadly Sins of Incident ResponseLancope, Inc.
According to a recent study from Cisco, organizations show high levels of confidence in their security policies; but when it comes to their ability to scope and contain compromises, their confidence drops significantly.
Such statistics demonstrate that organizations continue to struggle with incident response.
Join Lancope’s security researcher, Brandon Tansey, and 451 Research’s senior analyst, Javvad Malik, to learn how to avoid The Seven Deadly Sins of Incident Response, and what you can do to improve your organization’s security posture.
Sins include:
- Lack of visibility/not understanding your environment
- Inability to separate the signal from the noise
- Modeling use cases on defenses, not attackers
SlideShare now has a player specifically designed for infographics. Upload your infographics now and see them take off! Need advice on creating infographics? This presentation includes tips for producing stand-out infographics. Read more about the new SlideShare infographics player here: http://wp.me/p24NNG-2ay
This infographic was designed by Column Five: http://columnfivemedia.com/
No need to wonder how the best on SlideShare do it. The Masters of SlideShare provides storytelling, design, customization and promotion tips from 13 experts of the form. Learn what it takes to master this type of content marketing yourself.
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
The NIST Cybersecurity Framework (CSF) is recognized as the de facto guide for best practices in cybersecurity and risk-management for organizations of any size and in any sector or location. In this session, learn how to implement AWS services to align to the 108 outcome-based security activities in the NIST CSF. We discuss the AWS whitepaper and customer workbook at a high level, which maps many AWS services that customers can use to align to the NIST CSF, including IAM, AWS CloudTrail, Amazon CloudWatch, Amazon GuardDuty, Amazon Macie, Amazon EC2, Amazon Cognito, AWS SSO, and VPC Flow Logs. (Note: This is not a technical deep dive.)
PYA Principal Barry Mathis presented “The IT Analysis Paralysis,” in which attendees:
Received a compressive review of the many IT frameworks that can be used to develop effective internal audit programs.
Learned the differences between commercial, federal, and industry frameworks.
Received tips, tools, and techniques for creating an effective framework based on risk assessment and identified risks.
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presentation 2016
LocusView Solutions, a Chicago-based subsidiary of the Gas Technology Institute (GTI), applied the NIST Cybersecurity Framework to pass penetration tests and compliance auditing in 2015.
LocusView provides a SaaS solutions to the natural gas industry, and wanted to go beyond standard regulatory compliance to save money and streamline the audit process.
As organizations spend more time and efforts to fight data breaches and fears of fallout from a data loss, IT teams like LocusView can begin comparing existing cybersecurity practices to the NIST Framework to quickly identify any gaps in pinpointing, assessing, and managing risks in their networks.
The NIST Framework was created for critical infrastructure — banking, aviation, defense — all organizations can easily apply the principles to their operations. While traditional audit-focused standards value policies and checklists, NIST’s risk-based approach focuses on business and customers.
As part of an in-depth audit, LocusView used the NIST Framework to ensure everything from customer data to cloud-based networks are truly secure.
Redspin HIPAA Security Risk Analysis RFP TemplateRedspin, Inc.
RFP Template for healthcare organizations to use when looking for a qualified information security assessment firm to perform a HIPAA Security Risk Analysis as defined in the HIPAA Security Rule 45 CFR 164.308(a)(1)(A).
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
Security Blind Spots
We need to automatically detect and report on security blind spots, including Sensitive Data that was not found in our initial Discovery and failures of deployed security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture.
The Seven Deadly Sins of Incident ResponseLancope, Inc.
According to a recent study from Cisco, organizations show high levels of confidence in their security policies; but when it comes to their ability to scope and contain compromises, their confidence drops significantly.
Such statistics demonstrate that organizations continue to struggle with incident response.
Join Lancope’s security researcher, Brandon Tansey, and 451 Research’s senior analyst, Javvad Malik, to learn how to avoid The Seven Deadly Sins of Incident Response, and what you can do to improve your organization’s security posture.
Sins include:
- Lack of visibility/not understanding your environment
- Inability to separate the signal from the noise
- Modeling use cases on defenses, not attackers
SlideShare now has a player specifically designed for infographics. Upload your infographics now and see them take off! Need advice on creating infographics? This presentation includes tips for producing stand-out infographics. Read more about the new SlideShare infographics player here: http://wp.me/p24NNG-2ay
This infographic was designed by Column Five: http://columnfivemedia.com/
No need to wonder how the best on SlideShare do it. The Masters of SlideShare provides storytelling, design, customization and promotion tips from 13 experts of the form. Learn what it takes to master this type of content marketing yourself.
10 Ways to Win at SlideShare SEO & Presentation OptimizationOneupweb
Thank you, SlideShare, for teaching us that PowerPoint presentations don't have to be a total bore. But in order to tap SlideShare's 60 million global users, you must optimize. Here are 10 quick tips to make your next presentation highly engaging, shareable and well worth the effort.
For more content marketing tips: http://www.oneupweb.com/blog/
Are you new to SlideShare? Are you looking to fine tune your channel plan? Are you using SlideShare but are looking for ways to enhance what you're doing? How can you use SlideShare for content marketing tactics such as lead generation, calls-to-action to other pieces of your content, or thought leadership? Read more from the CMI team in their latest SlideShare presentation on SlideShare.
How to Make Awesome SlideShares: Tips & TricksSlideShare
Turbocharge your online presence with SlideShare. We provide the best tips and tricks for succeeding on SlideShare. Get ideas for what to upload, tips for designing your deck and more.
RiskWatch for Financial Institutions™ creates a comprehensive compliance risk assessment (the required self-assessment) to match the FFIEC guidelines: IT, FFIEC, Information Technology (IT) Examination Handbook, RED FLAG, GLBA and more. The software includes the risk assessment compliance template, including role-based compliance questions, directly based on requirements, as well as web-based survey programs, and a complete written report, augmented by working papers that explain how each element was generated.
FINISH YOUR RED FLAG ASSESSMENT with Easy to Use, Affordable Software. It includes complete assessment versions for GLBA (Gramm Leach Bliley), the Red Flag Identity Theft Standard and Bank Secrecy Act (BSA) assessment standards. Sarbanes Oxley (SOX) is also available upon request. Web-based or server-based online questionnaires make it easy to gather role-based data, and generate management reports with working papers and complete audit trails.
The only fully standardized way to meet the new Red Flag and risk assessment requirements, RiskWatch for Financial Institutions is used by banks, insurance companies, trusts and savings banks other technical service providers such as payment processors.
1. CSIRP
Computer Security Incident Response PlanComputer Security Incident Response Plan
Process Resource Center
NIST SP 800‐61 R2 Foundation
Manage the Forest and the Trees
Bridging the Gap Between Operations and Strategy
3. Customized Web‐Based Computer Security
Incident Response Plan (CSIRP)Incident Response Plan (CSIRP)
Visually Intuitive NavigationOverview
Visually Intuitive Navigation
Centralized Access to Supporting
Resources
Computer Security Incident Response Plan
Intent and Key Definitions
NIST SP 800‐53, 83, 83r2, 84, 184, 86,
SANS, CERT, US & ICS‐CERT, ISAC, MITRE,
Specific Vendor Best Practices and more
2.0
Monitor, Detection, &
Analysis
1.0
Preparation
Each phase contains relevant intuitive
workflows, supporting reference
material where they apply within the
4.0
Post‐Incident
Activity
3.0
Containment,
Eradication, &
Recovery
process, and end‐to‐end accountability
Reference center provides additional
resources like threat playbooks and links
Reference Center
CSIRP Management Contacts
CSIRP Team Structure
Information Center
to sites that provide malware
remediation assistance
Information Center
7. CSIRP 1.0 Preparation
Preparation is about: Computer Security Incident Response Plan
Overview
Establishing and training the incident
response team
Acquiring the necessary incident 2.0
Computer Security Incident Response Plan
Intent and Key Definitions
q g y
response tools and resources
Proactively planning responses for the
likely attacks the organization may face
2.0
Monitor, Detection, &
Analysis
1.0
Preparation
3 0
y g y
Preparing the team to effectively react
within minutes of unfamiliar attacks
Testing plans and preparedness
4.0
Post‐Incident
Activity
3.0
Containment,
Eradication, &
Recovery
Testing plans and preparedness
Continuously improving the incident
response posture with lessons learned
and industry updates and
Reference Center
CSIRP Management Contacts
CSIRP Team Structure
Information Center
and industry updates and
reconnaissance
8. 1.1 Create Computer Security Incident
Response Team Charter (CSIRT)Response Team Charter (CSIRT)
11 1.1
Create CSIRT Teams, Roles,
& Stakeholders’ Charter
CSIRT
Computer Security Incident Response Team
Internal Members
CSIRT
Computer Security Incident Response Team
Internal Members
CSIRT Charter
Establishes written
management commitment to
Designated Internal
Points of Contact
CSIRT
Computer Security Incident Response Team
External Members
Designated Internal
Points of Contact
CSIRT
Computer Security Incident Response Team
External Members
SOC Shift Team
Lead
Incident Response Handlers
Assistant LeadLead
ForensicsCore Team Members
Manager Leader Bridge Line
Information
Security Officer
Alternative
Manager Leader
Chief Information Security Officer
Extended Incident Response Team
Director IT
Director Network
Director
Networks
Chief Information
Officer
Director
Technology
Strategy &
Architecture
Director
Applications &
Data Center
Control Systems
Technical
SOC Shift Team
Lead
Incident Response Handlers
Assistant LeadLead
ForensicsCore Team Members
Manager Leader Bridge Line
Information
Security Officer
Alternative
Manager Leader
Chief Information Security Officer
Extended Incident Response Team
Director IT
Director Network
Director
Networks
Chief Information
Officer
Director
Technology
Strategy &
Architecture
Director
Applications &
Data Center
Control Systems
Technical
management commitment to
the CSIRP
Defines goals, scope, levels of
authority roles and
Federal Trade
Commission
Federal Bureau
of Investigation/
Department of
Homeland
Security
Police
Department of
Energy
AT&T & Verizon
Distributed
Denial of Service
DDoS Mitigation
Service
Bureau of
Alcohol,
Tobacco,
Firearms and
Explosives
Drug
Enforcement
Administration
Department of
Homeland
Security
Electricity
Information
Sharing and
Analysis Center
North American
Electric Reliability
Corporation
FBI Infragard
National
Infrastructure
Protection Center
Forum of Incident
Response &
Security Teams
(FIRST)
UUNet Internet
Service Provider
Computer
Emergency
Response Team
(CERT)
Computer
Incident Advisory
Capability (CIAC)
Federal Trade
Commission
Federal Bureau
of Investigation/
Department of
Homeland
Security
Police
Department of
Energy
AT&T & Verizon
Distributed
Denial of Service
DDoS Mitigation
Service
Bureau of
Alcohol,
Tobacco,
Firearms and
Explosives
Drug
Enforcement
Administration
Department of
Homeland
Security
Electricity
Information
Sharing and
Analysis Center
North American
Electric Reliability
Corporation
FBI Infragard
National
Infrastructure
Protection Center
Forum of Incident
Response &
Security Teams
(FIRST)
UUNet Internet
Service Provider
Computer
Emergency
Response Team
(CERT)
Computer
Incident Advisory
Capability (CIAC)
Risk
Management
Business
Continuity /
Disaster
Recovery
Director Budget
& Governance
Corporate
Communications
Human
Resources
Government
Affairs
Director PMO
Legal
Managerial and Administrative
Regulatory
Group
Security, Risk &
Controls
Director Network
Field Services
Physical Security
Control Systems
Group
Risk
Management
Business
Continuity /
Disaster
Recovery
Director Budget
& Governance
Corporate
Communications
Human
Resources
Government
Affairs
Director PMO
Legal
Managerial and Administrative
Regulatory
Group
Security, Risk &
Controls
Director Network
Field Services
Physical Security
Control Systems
Groupauthority, roles, and
responsibilities
Forensics
Investigation
Firm
External Cyber
Law Firm &
Compliance
Breach
Notification &
Call Center
Services
Insurance/Risk
Management
Brokerage Firm
Credit
Monitoring
Identity
Protection
Services
Forensics
Investigation
Firm
External Cyber
Law Firm &
Compliance
Breach
Notification &
Call Center
Services
Insurance/Risk
Management
Brokerage Firm
Credit
Monitoring
Identity
Protection
Services
9. CSIRP 2.0 Monitor, Detection, & Analysis
Monitor, Detection, & Analysis: Computer Security Incident Response Plan
Overview
, , y
The Monitor function was added to
Detection and Analysis
Monitor Detection & Analysis is 2.0
Computer Security Incident Response Plan
Intent and Key Definitions
Monitor, Detection, & Analysis is
about recognizing, receiving,
analyzing and classifying all
cybersecurity events and
2.0
Monitor, Detection, &
Analysis
1.0
Preparation
3 0
y y
determining which are actual
incidents vs. security or maintenance
events
4.0
Post‐Incident
Activity
3.0
Containment,
Eradication, &
Recovery
Prioritizing the handling of incidents
Event escalation path alternatives
Reference Center
CSIRP Management Contacts
CSIRP Team Structure
Information Center
12. CSIRP 3.0 Containment, Eradication, &
RecoveryRecovery
Containment, Eradication, & Computer Security Incident Response Plan
Overview
, ,
Recovery is about:
Isolating the attacked system(s)
Quickly and effectively determining the 2.0
Computer Security Incident Response Plan
Intent and Key Definitions
Quickly and effectively determining the
appropriate containment method
Stopping the damage to the infected
host(s)
2.0
Monitor, Detection, &
Analysis
1.0
Preparation
3 0host(s)
Tracking down other system infections
and remedying them
4.0
Post‐Incident
Activity
3.0
Containment,
Eradication, &
Recovery
Ensuring the attack is fully remedied
Bringing functionality back to normal
Monitoring to ensure there are no
Reference Center
CSIRP Management Contacts
CSIRP Team Structure
Information Center
g
lingering components of the attack
14. CSIRP 4.0 Post‐Incident Activity
Computer Security Incident Response Plan
Overview
Post‐Incident Activity is about
2.0
Computer Security Incident Response Plan
Intent and Key Definitions
y
Conducting robust assessments of
lessons learned
Ensuring the appropriate actions are 2.0
Monitor, Detection, &
Analysis
1.0
Preparation
3 0
Ensuring the appropriate actions are
taken to prevent recurrence of the
vulnerability exploit
Conducting forensics to aid 4.0
Post‐Incident
Activity
3.0
Containment,
Eradication, &
Recovery
Conducting forensics to aid
understanding and remedy the
vulnerability, the exploit, and to support
possible legal actions
Reference Center
CSIRP Management Contacts
CSIRP Team Structure
Information Center
p g
22. CSIRP Process Resource Center
NIST SP 800 61 R2 Fo ndationNIST SP 800‐61 R2 Foundation
Customized web framework that places CSIRP workflows and
resources at the fingertips of incident handlers responseresources at the fingertips of incident handlers, response
team members, and stakeholders where it makes sense
Visually illustrates the incident response plan in a fashion
that enables all stakeholders to quickly get on the same page
Includes dynamic links and navigation to:
Segmented visually intuitive workflows and response protocolsSegmented visually intuitive workflows and response protocols
Clearly defined roles and responsibilities, contacts, glossaries, forms,
websites, videos and other resources as needed
Links to applications and required information sourcespp q
Centralized, accessible via computers, laptops, tablets, and
smart phones
HTML version can run entirely from a jump‐kit laptop if
network is unavailable
23. Process Delivery Systems
Process Center Development Manage the Forest and the Trees
• Domain Content Development
Policies, Guidelines, and Standards
Domain Best Practices from Referenceable,
Authoritative Sources
• Definitions and Visualization of Total
Accountability; SIPOC/RACI
• Key Performance Measure Development
• End to End Process Maps Segmented by
Contact:
Henry Draughon
• End‐to‐End Process Maps Segmented by
Logical Groups
• Resource Directories
• Applications, Forms, and Document
Bridging the Gap Between Operations and Strategy
Henry Draughon
Process Delivery Systems
(972) 980‐9041
hdraughon@processdeliverysystems.com
d li t
Libraries
• Glossaries
• Process Governance
• Links to External Resources www.processdeliverysystems.com• Links to External Resources