Presented by Dhiraj Lal
About Continuity & Resilience (CORE)
Consulting Services (ISO 22301 Certified)
Cyber Security
Business Continuity Management
Crisis Management
IT Disaster Recovery
Information Security
Risk Management
Training Services
NCEMA developed Training (we are trainers for the NCEMA courses at GCAS, NCEMA licensed training entity)
CORE is an approved Global Training partner for the UK based Business Continuity Institute licensed to conduct BCI trainings anywhere in the Globe
Notification and Automation Tools
CORE acts as a enabler between the partner & client by providing support for:
Gather requirements
Shortlist Vendors
Subject matter expertise for tool selection
Perform Vendor Demos
Tool installation & implementation
support for BC, ITDR & Notification
Assistance during tool testing
What is ISO 27005? How is an ISO 27005 Risk Assessment done effectively? Find out in this presentation delivered at the ISACA Bangalore Chapter Office by Dharshan Shanthamurthy.
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
Governance, Culture & Incentives. -Fundamentals of Operational Risk. This presentation provides some practical tools to answer three key questions and create alignment.
ISO 22301 Business Continuity ManagementRamiro Cid
Presentation of ISO 22301 Societal Security - Business Continuity Management Systems, main concepts, basic terms, content of the standard, clauses, mandatory documentation, related standards, comparision with BS25999-2, benefits of ISO 22301 implementation, etc.
This presentation is mainly focused on swift csp framework v22 .I discussed about swift architecture,scope of work components, Assessment method and so on.
What is ISO 27005? How is an ISO 27005 Risk Assessment done effectively? Find out in this presentation delivered at the ISACA Bangalore Chapter Office by Dharshan Shanthamurthy.
2022 Webinar - ISO 27001 Certification.pdfControlCase
ControlCase Introduction
What is ISO 27001?
What is ISO 27002?
What is ISO 27701, ISO 27017, & ISO 27018?
What is an ISMS?
What is ISO 27001 Certification?
Who Needs ISO 27001?
What is Covered in ISO 27001?
How Many Controls in ISO 27001?
What is the ISO 27001 Certification Process?
How Often Do You Need ISO 27001 Certification?
What are the Challenges to ISO 27001 Compliance?
Why ControlCase?
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
Governance, Culture & Incentives. -Fundamentals of Operational Risk. This presentation provides some practical tools to answer three key questions and create alignment.
ISO 22301 Business Continuity ManagementRamiro Cid
Presentation of ISO 22301 Societal Security - Business Continuity Management Systems, main concepts, basic terms, content of the standard, clauses, mandatory documentation, related standards, comparision with BS25999-2, benefits of ISO 22301 implementation, etc.
This presentation is mainly focused on swift csp framework v22 .I discussed about swift architecture,scope of work components, Assessment method and so on.
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
[To download this complete presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
ISO/IEC 27001:2022 is the latest internationally-recognised standard for Information Security Management Systems (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It provides a robust framework to protect information that can be adapted to all types and sizes of organization. Organizations that have significant exposure to information-security related risks are increasingly choosing to implement an ISMS that complies with ISO/IEC 27001.
This ISMS awareness PPT presentation material is designed for organizations who are embarking on ISO/IEC 27001:2022 implementation and need to create awareness of information security among its employees.
LEARNING OBJECTIVES
1. Acquire knowledge on the fundamentals of information security
2. Describe the ISO/IEC 27001:2022 structure
3. Understand the ISO/ IEC 27001:2022 implementation and certification process
4. Gather useful tips on handling an audit session
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
How To Handle Cybersecurity Risk Powerpoint Presentation SlidesSlideTeam
"You can download this product from SlideTeam.net"
Presenting How To Handle Cybersecurity Risk Powerpoint Presentation Slides. This complete PPT deck is composed of 55 visually-stunning templates. Build a presentation faster using our 100% customizable PowerPoint slideshow. Edit text, font, colors, orientation, shapes, background, and patterns however you choose. Change the file format into PDF, PNG, or JPG as and when convenient. This presentation works well with standard and widescreen resolutions. Use Google Slides for a quick view. https://bit.ly/3woGCUj
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Presented by Ramesh Ramani (LRQA)
AGENDA
Introduction-BCMS and ISMS
International Standards, UAE Regulations (NCEMA, ADSIC, NESA, ISR, GDPR). Dubai Data Law
PDCA Cycle
Common Factors-BCMS and ISMS
Organisational Considerations
Joint Project Management
Where this will work?
Where this will not work
Q&A
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
Improve Cybersecurity posture by using ISO/IEC 27032PECB
Cybersecurity is a universal concern across today’s enterprise and the need for strategic approach is required for appropriate mitigation.
Adopting ISO 27032 will help to:
• Understanding the nature of Cyberspace and Cybersecurity
• Explore Cybersecurity Ecosystem – Roles & Responsibilities
• Achieve Cyber Resilience through implementing defensive and detective cybersecurity controls
Presenter:
Obadare Peter Adewale is a first generation and visionary cyberpreneur. He is a PECB certified Trainer, Fellow Chartered Information Technology Professional, the First Licensed Penetration Tester in Nigeria, second COBIT 5 Assessor in Africa and PCI DSS QSA. He is also an alumnus of Harvard Business School and MIT Sloan School of Management Executive Education.
Link of the recorded session published on YouTube: https://youtu.be/NX5RMGOcyBM
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
[To download this complete presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
ISO/IEC 27001:2022 is the latest internationally-recognised standard for Information Security Management Systems (ISMS). An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It provides a robust framework to protect information that can be adapted to all types and sizes of organization. Organizations that have significant exposure to information-security related risks are increasingly choosing to implement an ISMS that complies with ISO/IEC 27001.
This ISMS awareness PPT presentation material is designed for organizations who are embarking on ISO/IEC 27001:2022 implementation and need to create awareness of information security among its employees.
LEARNING OBJECTIVES
1. Acquire knowledge on the fundamentals of information security
2. Describe the ISO/IEC 27001:2022 structure
3. Understand the ISO/ IEC 27001:2022 implementation and certification process
4. Gather useful tips on handling an audit session
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
How To Handle Cybersecurity Risk Powerpoint Presentation SlidesSlideTeam
"You can download this product from SlideTeam.net"
Presenting How To Handle Cybersecurity Risk Powerpoint Presentation Slides. This complete PPT deck is composed of 55 visually-stunning templates. Build a presentation faster using our 100% customizable PowerPoint slideshow. Edit text, font, colors, orientation, shapes, background, and patterns however you choose. Change the file format into PDF, PNG, or JPG as and when convenient. This presentation works well with standard and widescreen resolutions. Use Google Slides for a quick view. https://bit.ly/3woGCUj
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Presented by Ramesh Ramani (LRQA)
AGENDA
Introduction-BCMS and ISMS
International Standards, UAE Regulations (NCEMA, ADSIC, NESA, ISR, GDPR). Dubai Data Law
PDCA Cycle
Common Factors-BCMS and ISMS
Organisational Considerations
Joint Project Management
Where this will work?
Where this will not work
Q&A
Critical Facilities Operations Process: Explanations and illustrative examples.
For training videos, please visit https://m.youtube.com/channel/UCYw2fG4p7buyhJD0EYHahuQ
How to integrate BCMS with Organization's culture?Abdul Naseer
Business Continuity Management and Crisis Management needs to be an integral part of corporate governance. The process should start with defining Business Continuity objectives, scope of BCMS and then building a proper governance.
A section of the Welcome session of the course ECP-501 Business Continuity Audit and Evaluation, by the Institute for Business Continuity Training, https://www.ibct.com
IT Cost Transparency with Capacity OptimizationBMC Software
Learn how Health Care Service Corporation's investment in TrueSight Capacity Optimization empowered their IT organization with better cost transparency. www.bmc.co/TrueSight
How to plan and manage a BCM and IT DR projectCORE Consulting
Continuity and Resilience (CORE), ISO 22301 BCM Consulting Firm Presentations by Speakers at the 1st KSA Business & IT Resilience Summit at Riyadh
http://coreconsulting.ae/
Citihub Consulting is a global, independent IT advisory firm with deep domain expertise across every layer of the technology stack - from business applications and data platforms down to core infrastructure.
The Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq BajwaContinuity and Resilience
Business Continuity Strategies
What is a Business Continuity Strategy?
Keeping the ISO-22301 definition of Business Continuity in mind, the aim of a Business Continuity Strategy should be:
“To continue the delivery of products and services at predefined capacity during a disruption”
So a Business Continuity strategy should:
Meet the Minimum Business Continuity Objectives (MBCO)
Legal and regulatory requirements
Contractual commitments
Quantity, Quality, time commitments with the customers
Practical
Cost Effective
An effective business continuity strategy should be specific to the needs of an organization
It should be:
Able to meet the MBCO
Practical
Cost effective
Business Continuity Strategies should be regularly reviewed and updated to remain relevant and effective.
A strategy considered effective today may not be effective in 6 months.
The Business Continuity Conference, 25th October 2023 in Riyadh - Nuha EltinayContinuity and Resilience
Building Urban Resilience in Critical Infrastructure
Assets, systems, and networks that are essential by governments for the functioning of a society and economy and deserving of special protection for national security.
The ability of a system, community or society exposed to hazards to resist, absorb, accommodate, adapt to, transform and recover from the effects of a hazard in a timely and efficient manner, including through the preservation and restoration of its essential basic structures and functions through risk management (UNDRR).
The FIVE ICLEI PATHWAYS reflect ICLEI’s approach to achieving a sustainable city as well as local contributions to implementing the goals laid out in international frameworks such as the Sustainable Development Goals. Any of our individual projects or initiatives can be oriented along one or more specific pathways. We also look at how the pathways connect to bring about change in an INTEGRATED way. For example, we consider how nature-based development contributes to resilience, or how to bring equity into low emission development.
Cities need to look at resilience from a systemic governance perspective
Integrated management starts with wide-scale mobilization of support from stakeholders and robust facts and data.
Challenges often lie in the acceleration and upscaling of activities. Individual best practice is easier to achieve, follow-up funding and investment is challenging
The Business Continuity Conference, 25th October 2023 in Riyadh - Paul GantContinuity and Resilience
The five essential elements of optimising your BC programme through technology -
1. Securing Accurate Data
2. Delivering Programme Compliance
3. Turning Data into Intelligence
4. Enabling Continuous Improvement
5. Positioning in a Risk World
The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...Continuity and Resilience
IT Disaster Recovery – Challenges and Solutions.
What is IT DR?
1. The ability to respond and recover from disruptions to IT infrastructure, networking, systems, equipment and data to support business continuity.
2. Originated from the legacy environment of mainframes where IT was centralised and had a major impact.
3. Further improved to IT DR sites to manage failover:
Cold
Warm
Hot
4. Traditionally strategies related to data backup by tape only.
5. Introduction of cloud and SAAS solutions has improved resilience through decentralisation.
Next step cloud-to-cloud DR solutions?
Why IT DR?
IT DR is critical and always important, which is often not given enough focus in BCM programs
Critical component of resilience
IT DR and IT resilience is a critical element of a thorough BCM system and resilience program
High % of real disruptions
It failures continue to be a leading cause of business continuity disruption.
Examples?
More important that ever
With increasing reliance on IT and digitisation, complexity and new risks, the requirement for IT DR continues to become even more important
Make or break your recovery
A well defined, implemented and exercised IT DR program is essential to the recovery of business delivery of products and services
The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...Continuity and Resilience
Lessons from a Chief Continuity Officer-
A Chief Continuity Officer (CCO) is responsible for ensuring that an organization's critical operations continue despite any disruptions or crises.
1. Build a robust business continuity plan.
2. Foster a culture of preparedness.
3. Establish clear roles and responsibilities.
4. Develop strong partnerships.
5. Implement robust technology systems.
6. Continuously assess and mitigate risks.
7. Communicate effectively.
8. Learn from incidents.
Remember, flexibility and adaptability are key in the ever-changing landscape of continuity management. As a CCO, it's essential to stay proactive, be prepared for unexpected events, and continuously improve the organization's ability to recover and thrive in the face of disruptions.
Business Resilience and its components often gather varied points of view and impressions from practitioners, champions, consultants, and other related stakeholders.
Over time there are few misconceptions that seem to have held on and often turn out to be counterproductive to the vision and goal of such programs.
CREATING should eventually lead to putting in place a comprehensive Program covering all phases of the full BCM Lifecycle – Plan, Do, Check and Act
MAINTAINING involves performing the activities to keep the BCM Program appropriate and relevant for the upcoming future – including Improvement. This covers:
Almost all BCM standards and guidelines make it mandatory to build a BCM culture. This is best done by ensuring ongoing and regular emphasis on the concept of Business Continuity, and its importance to the organization.
Business Continuity Compliance
Cycle
Regulatory
Internal
Third party
Industry Compliance
SecOps
Review and maintain
Regulatory Compliance
Meet the Specific Compliance requirements by SAMA, NCA, CITC etc..
Industry Specific Compliance
For BFSI – SAMA, NCA
For Telco – CITC, NCA
For hospitality - STA, NCA
Third Party
ISO , 27001, 27021 ,
COSO , NIST, NESA
HIPAA , 27005 RISK
internal
Compliance to internal Polices , procedures Standards
InfoSec, Financial , HR, IT
SecOps
Adherence to specific Cyber Security –First line of defense polices
Vulnerability Assessment.
Identification of BCM related risks and comply to the remediation
BCM Maintenance Plan
This phase maintain the BCP in a constant ready-state. The maintenance process of a BCMS is constant and dynamic.
Crisis is an inherent abnormal, unstable, and complex situation that represents a threat to the strategic objectives, reputation or existence of an organization.
(ISO 22361 Crisis Management Guidelines)
Crisis Management is a coordinated activities to lead, direct and control an organization with regard to a crisis.
(ISO 22329: Crisis Management Guidelines)
Cyber security and IT resilience is a journey, not a destination, and we need to consider how business continuity, integrated with them.
This is becoming more and more prevalent at Board level and is having significant impacts, particularly on sectors.
Enterprise resilience goes beyond organizational and operational resilience.
It indicates an organization's ability to:
Dynamically plan, prepare, and understand risks and critical functions;
Anticipate disruptions and potential downstream impacts;
Respond progressively in a coordinated, organized, and controlled manner; and
Recover, adapt, and evolve to improve future responses.
Enterprise resilience encompasses cyber and physical threats across all geographies.
Enterprise resilience goes beyond organizational and operational resilience.
It indicates an organization's ability to:
Dynamically plan, prepare, and understand risks and critical functions;
Anticipate disruptions and potential downstream impacts;
Respond in a coordinated, organized, and controlled manner; and
Recover, adapt, and evolve to improve future responses.
Enterprise resilience encompasses cyber and physical threats across all geographies.
“The best way to get management excited about a resiliency plan is to have a fire in one of your production data centers.”
Presented by Daman Dev Sood, Continuity & Resilience (CORE)
Introduction:
Over 33 years in the industry
Over 15 years in BCM a related domains
National and Global Winner of the BCI Awards
AFBCI
Mix of experience as Practitioner, Trainer, and Consultant
BCI Approved Instructor
Presented by-Kashish Jhamb Cityinnovates
What’s a Social Media Crisis?CRISIS? Really?
If there’s a high volume of incoming social media messages on one particular topic or negative comments, chances are you have a social media crisis on your hands.
A communications crisis can strike at any time. It could be a faulty product, a lousy campaign, or a slip of the tongue from someone higher up.
It doesn’t matter the industry you’re in, or how popular you’ve been to this point. Sometimes, it just happens.
Waiting for a social media crisis to blow over is never an option. If you ignore it, it will likely get worse. Social media can be an asset in a crisis when used correctly, not an extra problem.
How to identify a Crisis on Social Media
When the public knows more (than your company) about the issue and they voice it on social media that’s your first sign of a social media crisis
If you start receiving a negative review in series on a particular product or a service then it is a sign of social media crisis
If you get more than 10 negative mentions per hour, for more than three consecutive hours then it is a sign of social media crisis
Presented by -AWS AL KHANJARI
A serious threat which, under time pressure and highly uncertain circumstances, necessitates making critical decisions.
A Crisis Communication Plan outlines the procedures for collecting conveying information to interested parties during or immediately following an emergency or crisis.
Disaster and disruptive business incidents push people and organisation to their limits, and one of the first impacted elements are communication systems.
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...RNayak3
Explore how a risk-based approach to Enhanced Due Diligence can deliver effective Anti-Money Laundering (AML) compliance and monitoring in banking and financial services.
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier. Come to our Trophy Shop today and check out all our variety of Trophies available. We have the widest range of Trophies in Malaysia. Our team is always ready to greet your needs and discuss with you on your custom Trophy for your event. Rest assured, you will be with the best Trophy Supplier in Malaysia. The official Trophy Malaysia. Thank you for your support.
Get your dream bridal look with top North Indian makeup artist - Pallavi KadalePallavi Makeup Artist
Achieve your dream wedding day look with renowned North Indian bridal makeup artist, Pallavi Kadale. With years of experience, her expert techniques and skills will leave you looking flawless and radiant. Book today for your perfect bridal makeover.
Comprehensive Water Damage Restoration Serviceskleenupdisaster
Find out how Disaster Kleenup's professional water damage restoration services can quickly and efficiently restore your property. Find more about our advanced techniques and quick action plans. Visit here: https://iddk.com/disaster-cleanup-services/flood-damage/
Don't Wait Until It's Too Late! 5-Signs Your Garage Door Needs ReplacingCR Garage Doors
This infographic unveils the 5 telltale signs your garage door needs a replacement. Avoid costly repairs and upgrade to a modern, secure, and silent entryway. Visit our website for more information about garage door replacement.
Website-> https://cr-garagedoors.com/
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...Landscape Express
Create a harmonious blend of luxury and sustainability in your outdoor living space with eco-friendly kitchens, enchanting water features, and lush plant landscaping. Embrace energy-efficient appliances, solar lighting, rainwater harvesting, and native plants to enhance beauty while reducing environmental impact. Transform your space into a glamorous, eco-conscious retreat for relaxation and social gatherings.
What Are the Latest Trends in Endpoint Security for 2024?VRS Technologies
In this PDF, Discover the top 2024 endpoint security trends, including zero trust, AI integration, XDR, cloud security, and enhanced mobile protection. VRS Technologies LLC supplies the top level Endpoint Security Service Dubai. For More Info Contact us: +971 56 7029840 Visit us: https://www.vrstech.com/endpoint-security-solutions.html
Office Business Furnishings | Office EquipmentOFWD
OFWD is Edmonton’s Newest and most cost-effective source for Office Furnishings. Conveniently located on 170 street and 114 Avenue in Edmonton’s West End. We take pride in servicing a client base of over 500 corporations throughout the Edmonton and Alberta area. OFWD is in the business of satisfying the home or corporate office environment needs of our clients, from individual pieces of furniture for the home user to the implementation of complete turn-key projects on much larger scales. We supply only quality products from reputable manufacturers. It is our intention to continue to earn the trust of our clients by dealing with honesty and integrity and by providing service and after sales follow-up second to none.
The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...Softradix Technologies
In this infographic, the Jamstack architecture emphasizes pre-rendered content and decoupling the frontend from the backend. It leverages static site generators (SSGs) to create fast-loading HTML files and APIs for dynamic functionality. Benefits include improved performance, enhanced security, scalability, and ease of deployment. Real-world examples include Netlify, Gatsby, and Contentful. https://softradix.com/web-development/
Learn about Inspect Edge, the leading platform for efficient inspections, featuring the advanced NSPIRE Inspection Application for seamless property assessments. Discover how the NSPIRE Inspection Application by Inspect Edge revolutionizes property inspections with advanced features and seamless integration.
Experience the breathtaking beauty of a Waikiki sunset aboard the MAITAI Catamaran. Sail along the stunning coastline as the sun dips below the horizon, casting vibrant hues across the sky. Enjoy the gentle ocean breeze, refreshing drinks, and a relaxed atmosphere. This unforgettable voyage offers panoramic views of Diamond Head and the Waikiki skyline, making it the perfect way to end your day in paradise. Join us for a memorable sunset cruise you won't forget. Please visit our website: https://www.maitaicatamaran.net/ and call us at 808-922-5665 for additional information.
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...gitapress3
TOP No AsTro 1 black magic SpecialiSt UK baba ji +91-9463629203 VashIkaRan blaCk maGiC specialist in uSA Uk England Luxembourg CanAdA America BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem solution Uk USA america england LonDon Divorce problem solution astroloGer
Unlock the potential of Ruby on Rails for your next project. Hire RoR Developers from Semiosis for scalable and efficient web solutions. With expertise in RoR development, our team crafts robust applications to meet your business goals. Dial +1 9177322215 to collaborate with us and elevate your online presence.
Upvc Bathroom Doors Price and Designs In Keralabpshafeeque
UPVC Bathroom Doors Price in Kerala
When renovating or designing a bathroom, the choice of doors plays a pivotal role in ensuring both functionality and aesthetics. In Kerala, UPVC (Unplasticized Polyvinyl Chloride) bathroom doors have gained popularity for their durability, water resistance, and modern designs. This article delves into the pricing of UPVC bathroom doors in Kerala and why they are a preferred choice for homeowners.
#### Benefits of UPVC Bathroom Doors
UPVC bathroom doors offer several advantages, making them an ideal choice for the humid climate of Kerala:
1. **Water Resistance**: Unlike wooden doors, UPVC doors do not swell or warp when exposed to moisture, making them perfect for bathrooms.
2. **Durability**: These doors are resistant to termites and corrosion, ensuring a long lifespan.
3. **Low Maintenance**: UPVC doors require minimal upkeep, saving homeowners time and effort.
4. **Energy Efficiency**: They provide good insulation, helping maintain a comfortable bathroom temperature and reducing energy costs.
5. **Aesthetic Variety**: Available in various colors and designs, UPVC doors can complement any bathroom decor, from modern to traditional.
#### Price Range of UPVC Bathroom Doors in Kerala
The cost of UPVC bathroom doors in Kerala varies depending on factors such as size, design, and additional features. Here's a general overview of the price range:
- **Basic Models**: Simple UPVC bathroom doors start from ₹2,500 to ₹5,000. These doors are functional and offer essential benefits like water resistance and durability.
- **Mid-Range Models**: For more intricate designs or additional features such as frosted glass panels or metallic handles, prices range between ₹5,000 and ₹10,000.
- **Premium Models**: High-end UPVC bathroom doors, which may include custom designs, advanced locking systems, and superior finishes, can cost anywhere from ₹10,000 to ₹20,000 or more.
#### Conclusion
UPVC bathroom doors are an excellent investment for homes in Kerala, offering a blend of practicality and style. With a wide range of prices and designs available, homeowners can easily find a UPVC door that fits their budget and enhances their bathroom’s aesthetic appeal. When choosing a UPVC bathroom door, consider the specific needs of your space and the long-term benefits these doors provide. Investing in a quality UPVC bathroom door ensures a durable, low-maintenance, and stylish addition to your home.
DOJO Training Center - Empowering Workforce ExcellenceHimanshu
The document delves into DOJO training, an immersive offline training concept designed to educate both new hires and existing staff. This method follows an organized eight-step process within a simulated work setting. The steps encompass safety protocols, behavioral coaching, product familiarity, production guidelines, and procedural understanding. Trainees acquire skills through hands-on simulations and rehearsal prior to transitioning to actual shop floor duties under supervision. The primary aim is to minimize accidents and defects by ensuring employees undergo comprehensive training, preparing them effectively for their job roles.
Maximizing Efficiency with Integrated Water Management SystemsIrri Design Studio
Integrated water management systems are essential for improving irrigation design sustainability and efficiency. Irri Design Studio helps customers maximize water consumption, reduce waste, and encourage responsible stewardship of water resources by utilizing cutting-edge technology like drone-based construction updates and BIM modeling. The increasing issues of water shortage and environmental protection require an all-encompassing strategy to water management. Irrigation systems may be planned to optimize water consumption efficiency while guaranteeing the safety of people and the environment by putting new ideas and concepts into practice. Visit our website https://www.irridesignstudio.com/ for more information.
Colors of Wall Paint and Their Mentally Properties.pptxBrendon Jonathan
Discover how different wall paint colors can influence your mood and mental well-being. Learn the psychological effects of colors and find the perfect hue for every room in your home.
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROLsecurexukweb
At Securex UK Ltd we are dedicated to providing top-rated security solutions tailored to your specific needs. With a team of highly trained professionals and cutting-edge technology, we prioritize your safety and peace of mind.
Our commitment to excellence extends beyond traditional security measures. We understand the dynamic nature of security challenges, and our personalized approach ensures that every client receives a bespoke protection plan.
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROL
SAMA BCM Framework
1. Continuity & Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
8th ME Business & IT Resilience Summit
March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE
2. 2
SAMA BCM Framework
Dhiraj Lal
Executive Director
Continuity and Resilience
Abu Dhabi
8th BC & IT Resilience Summit
March 10, 2019, The Address Hotel, Dubai Mall
SAMA BCM Framework
3. About Continuity & Resilience (CORE)
Consulting Services (ISO 22301 Certified)
▪ Cyber Security
▪ Business Continuity Management
▪ Crisis Management
▪ IT Disaster Recovery
▪ Information Security
▪ Risk Management
Training Services
▪ NCEMA developed Training (we are trainers for the
NCEMA courses at GCAS, NCEMA licensed training
entity)
▪ CORE is an approved Global Training partner for the
UK based Business Continuity Institute licensed to
conduct BCI trainings anywhere in the Globe
3
4. Notification and Automation Tools
CORE acts as a enabler between
the partner & client by
providing support for:
• Gather requirements
• Shortlist Vendors
• Subject matter expertise for
tool selection
• Perform Vendor Demos
• Tool installation &
implementation
support for BC, ITDR &
Notification
• Assistance during tool testing
4
Benefits
5. E-learning Development and Deployment
• Higher coverage
• Consistency in communication
• Higher learning retention
• Learn at your own pace,
anytime and anywhere
• Latest and most updated
course ware always available
• Cost effective as against
class room based training
• Saves paper reduces carbon
foot print
5
Crisis
Management
1
Business
Continuity
2
ITService
Management
6
Sustainability7
6. Assurance & long term
sustainability
Validation of documented steps
Effective & coordinated response
during crisis in order to minimize
decision points at the time
Identify potential threats & take
measures to mitigate impact
Focus on high priority items
Maturity Assessment
Industry Benchmarking
Current State Assessment
Implementation
BC Strategy & Response
Risk Assessment
Business Impact Analysis
Program Management Plan
Operationalizethe
BCMS
Continual Improvement
Performance Evaluation
Exercising
Testing
InitialAssessment&
Roadmap
Assessment Report
Implementation Review
Documentation Review
Interview Senior Management
Implementation
Operationalize
the BCMS
Initial
Assessment
Benefits
Our Consulting approach
Consulting
BCM
Consulting
Assignment
6
7. Training
• Cyber Attack/ Crisis Simulation Exercise
• Senior Management Awareness workshops
• ISMS and BCMS coordinators training courses
• BCI Courses – CBCI Certification Workshop, BIA, Writing BC Plans
workshops
• Certification aspirants workshops for CISSP, CISA, CISM and
CRISC
• ISO 27001 Lead Auditor training
• ISO 22301 Lead Implementer/ Auditor training
• ISO 31000 (Risk Management) courses
• IT Disaster Recovery workshop
7
8. Training
• NCEMA “official” courses –
✓ 1 day awareness
✓ 5 day Lead Implementer
✓ 5 day Lead auditor
✓ 2 day exercising and Testing
• Cyber Attack/ Crisis Simulation Exercise
• Senior Management Awareness workshops
• Coordinator training courses in ISMS and BCMS
• BCI Courses – CBCI Certification Workshop, BIA, Writing BC Plans
• Lead Auditor training in ISO 27001/ISO 22301
• Certification in Risk Management, IT Disaster Recovery, Crisis Mgt
8
9. SAMA Framework
• Is quite explicit of what is to be done
• Mandates many items often left unsaid
• Could well be used by non-banks also – key principles are valid
for any industry
• Can be used as a guidance document for any industry, any
geography, any ownership
• Makes clear that BCM is a senior management responsibility,
typically the board level
9
10. Mandate
• SAMA mandates the BCM framework requirements document to
Member Organizations. This document outlines the BCM
requirements to be implemented by the Member Organizations.
• All Member Organizations are required to comply with these
requirements and integrate it formally in their BCM program.
• The BCM framework document is applicable to the full scope of
the Member Organization, including subsidiaries, employees,
subcontractors, third-parties and customers.
10
11. Member Organisations
The BCM Framework document is applicable to following:
• All organizations affiliated with SAMA (“the Member
Organizations”)
• All banks operating in Saudi Arabia
• All banking subsidiaries of Saudi banks
• Subsidiaries of foreign banks situated in Saudi Arabia
11
12. Target Audience
This document is intended for those, who are responsible for and
involved in defining, implementing and reviewing business continuity
controls….
• Board of Directors
• CEO
• Chief Risk Officer
• Senior and Executive Management
• Business owners
• Owners of information assets
• CIO/CISO
• Business Continuity Managers
• Internal Auditors
12
13. BCM Governance
BC governance framework should be monitored by senior management.
1. Board of directors or a delegated executive member should have the
ultimate responsibility for the BCM program.
2. Management should allocate sufficient budget to execute the required
BCM activities.
3. BCM Committee should be mandated by the board of directors.
4. Senior management, such as CRO, COO, CIO, CISO, BCM Manager
and other relevant departments should be represented in the business
continuity committee.
5. A business continuity committee charter should reflect:
a. Committee objectives
b. Roles and responsibilities
c. Minimum number of meeting participants
d. Meeting frequency (minimum on quarterly basis)
13
14. Responsibilities
A BCM function should be established.
The BCM function should be adequately staffed with qualified team members
Cross-functional teams, consisting of strategic, tactical and operations team
members should contribute in implementation and maintenance of the
business continuity and disaster recovery plans.
The BCM Manager and BCM coordinators are responsible to maintain and keep
the BCPs and arrangements up-to-date.
The IT manager should be responsible to maintain and keep the disaster
recovery plans and arrangements upto-date with an overall accountability of
integration within the BCM Program on the BCM Manager.
14
15. Business Impact Analysis (BIA)
The Member Organization should determine the following but no limited
to:
a. The potential impact of business disruptions for each prioritized
business function and processes, including but not restricted to
financial, operational, customer, legal and regulatory impacts
b. The recovery time objectives (RTOs), recovery point objectives
(RPOs) and maximum Acceptable Outage (MAO)
c. The internal and external interdependencies
d. Supporting recovery resources
The BCM committee should endorse the prioritized list, BIA results, RA
and the defined RTOs, RPOs and MAOs.
Member Organizations should ensure that RTOs are adequately defined
for payment systems, customer related services, etc. considering the
high availability of these operations and minimum disruption in the event
of disaster.
15
16. Risk Assessment (RA)
Risk assessment results should be communicated to the BCM
committee
The risk assessment should include risks associated with overall
organization as well as data centers (primary and alternative), which
are not owned by the Member Organization (e.g., consider the
timeframe needed to relocate to a new site and accordingly, it should
include a sufficient timeframe in the contractual agreement)
Capability of vendors, suppliers and service providers should be
assessed at least on a yearly basis
Member Organization should ensure that the key service providers (if
any) have a BCP in place and their plans tested at least on a yearly
basis…. for all critical activities, as determined by the BIA
16
17. IT Disaster Recovery
The Member Organization should define and implement a backup and
recovery process.
The Member Organization should have offsite location for storing
backups.
The Member Organization should ensure that critical services, business
functions and processes run on reliable and robust infrastructure and
software.
An IT DRP in alignment with business impact analysis should be defined,
approved, implemented and maintained …. to recover and restore
technology services and infrastructure components (Data, systems,
network, services and applications)
17
18. Alternate Data Centre
The Member Organization should establish an alternative data center at
an appropriate location.
The location should be identified based on a risk assessment to confirm
that the location does not share the same risks of the main data center
(e.g., geographical threat)
Data, system, network and application configurations, and capacities in
the alternative data center should be commensurate to such
configurations and capacities maintained in the main data center.
Member Organization should implement the same logical, physical,
environmental and cyber security controls for the alternative data center
as for the primary data center.
18
19. Suppliers and Service Providers
• For all critical activities, as determined by the BIA, the Member
Organization should ensure that the key service providers (if any)
have a BCP in place and their plans tested at least on a yearly
basis.
• Formal contracts should be signed with third-parties to ensure the
continuity of outsourced services or delivery of replacing hardware
or software within the agreed timelines in case of a disaster (for
IT DR). Include guidelines to ensure that the contracts signed with
external service providers are aligned with the BIA and RA
outcomes.
• Capability of vendors, suppliers and service providers should be
assessed at least on a yearly basis… to support and maintain
service levels for prioritized activities during disruptive incidents
19
20. Alternate Locations (RA)
• The Member Organization should have sufficient alternative
business workspace(s) where it can relocate the required
resources to deliver the critical processes required as per
predefined recovery objectives in the BIA.
• The alternative business workspace(s) should have clear
demarcation of the sitting arrangement for different business
units.
• The Member Organization should implement sufficient logical,
physical and environmental security controls in order to support
the same level of access and security in case the alternative
location needs to be activated.
20
21. Business Continuity Plans (BCPs)
The procedures should collectively include:
a. Key resources (e.g., people, equipment, facilities, technologies)
b. Defined roles, responsibilities and authorities for stakeholders
c. A process to manage the immediate consequences of a disruptive
incident and escalation procedures
d. A process to continue the critical activities within predetermined
recovery objectives (RTO, RPO and MAO)
e. A process to resume the Member Organization’s operations to
business-as-usual once the incident is resolved
f. Guidelines for communicating with employees, relevant third-
parties and emergency contacts
g. Process for including relevant cyber security requirements, if any,
within the business continuity planning
21
22. Crisis Management Plan (CMP)
The Member Organization should document
• Criteria for declaring a crisis.
• Command center for centralized management and an emergency
command center.
• Crisis-management team members which include representatives
of the critical products, services, functions and processes of the
Member Organization (including Communications department, and
any third-parties to be involved also)
• Communication plan (including rapid communication) including
the media response plan, to ensure overall safety and address the
communication with the internal and external stakeholders during
crisis.
• The frequency of crisis management tests
22
23. Awareness and Training
• A training program should be provided on an annual basis to
employees involved in BCM to achieve the required level of
experience, skills and competences.
• The Member Organization should periodically measure the
effectiveness of the training and awareness program.
• The Member Organization and relevant third-parties, such as
providers and suppliers should be:
a. Familiar with relevant parts of business continuity policy and plans
b. Contractually bound to provide their services or products within
the agreed time, in case of disruptive event
c. Familiar with their point of contact or their local BCM coordinator
in the Member Organization
d. Familiar with their roles and responsibilities during disruptive
incidents
23
24. Exercise and Testing
The Member Organization should:
• Define, approve, implement, execute and monitor regular BCP and
DRP tests
• Train their employees and third-parties and test the effectiveness of
the BC and DR plans.
• Ensure that defined test scenarios cover the activation and
involvement for crisis management team.
• Conduct BCP simulation test exercises (“at least once a year”)
• The tests should consider appropriate scenarios that are well planned
with clearly defined objectives (e.g., per function, per service, per
process, per location, per worst cases scenarios)
• The Member Organization should take into consideration to include
cyber security scenarios.
• Consider conducting an integrated BCM test for all critical services,
business processes and functions.
24
25. IT DR Tests
The Member Organization should:
• Periodically execute a DR test combined with BCP (“at least once a
year”).
• Conduct an evaluation of the executed test of IT DR infrastructure
that supports the Member Organization’s critical systems
• Ensure that the DR test results provide an evaluation and
suggestion for improvements
• Ensure that tests cover the activation and involvement of the
crisis management team.
25
26. Effectiveness
• Internal Audit or a qualified external auditor, should observe the
business continuity and disaster recovery testing activities as an
independent participant
• In case of test failure, the re-testing timelines should not exceed
the limit of three (3) months.
• All BCP and DRP tests results should be reported to the BCM
committee, senior management and the board of directors.
• Test results of business continuity and disaster recovery should be
shared with SAMA within four weeks after the test. The Member
Organization should identify the improvements based on the test
performed and provide an action plan to SAMA within two months
after the submission of the test results.
26
27. Summary
• If you are struggling with what to do in your BCM program,
consider taking guidance from the SAMA framework.
• Set up for success your BCM program in line with SAMA principles,
focusing on:
▪ Senior Management Accountability (Board level)
▪ Adequate budget
▪ Adequate and competent resources
▪ Full lifecycle implementation
▪ Exercise and Testing
▪ Regular Senior Management Monitoring and support
▪ Continuous Improvement
ALL THE BEST!!!!
27
30. Head Office
Continuity & Resilience
Level 15,Eros Corporate Tower
Nehru Place ,New Delhi-110019, INDIA
Tel: +91 11 41055534/ +91 11 41613033
Fax: +91 11 41055535
Email: info@continuityandresilience.com
30
Contact:
Padmanabha Bora
Director
Mobile & WhatsApp: +91 9654870406
Email: pb@continuityandresilience.com
Skype: Padmanabha.bora
31. CORE Cyber Security / Information Security
Services
31
Capacity
Building & Skill
Dvlp
• Corporate Instructor Led Trainings
• Cyber Attack Simulation Exercise
• Customised training for Corporate
• Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC)
Professional
Services
• Governance, Risk & Compliance
• CERT & CSIRT (BOMT Model)
• Forensics & Investigations / VAPT
• Gap Analysis / Health Checks & Pre Audit Services
Managed
Security
Services
• CSIRT as a Service
• SOC (remote, BOMT/O&M)
• Predictive Security through Threat Hunting & Counter Threat Intelligence
• Forensics & Investigation Services
Products
• Confront & Denial of Operations Area through Smoke Screen
• Forensics Workstation & DDoS Protection Tool
• Employee Forensics & Monitoring Tool
• Mobile Device Management & Mobile Data Security
32. Trainings
Public
Programs
• Global
Certifications
like BCI, IRCA
• CORE
Certifications
In-house
Workshops
• Global
Certifications
like BCI,
IRCA,
• CORE
Certifications
Tailor-made
• Customized to
clients
• Specialized
coverage
• Awareness
Education
• Simulated
Exercises
32
33. Sectors
• Telecom
• Critical Infrastructure
• Financial Sector
• Banking
• Government sector
• Oil and Gas
• Insurance
• Government
• Real Estate
• Aviation
• IT/ ITeS
• … Etc
33
34. How can we help?
• Gap Assessment
• Training for top management
• Implementation Roadmap
• Coordinators Orientation training
• Policy
• Templates
• RA Strategies
• Vulnerability Assessment
• Penetration Testing
• Tool Assessment as per your IT setup
• Data Centre assessment
34
35. E-learning Support
• Scope The BCM framework document defines principles,
objectives and control considerations for initiating, implementing,
maintaining, monitoring and improving business continuity
controls in member organizations. The BCM framework document
has an interrelationship with other corporate policies for related
areas, such as enterprise risk management, health, safety and
environment (HSE), physical security, cybersecurity (including
cyber resilience and incident management).
35
36. Continuity & Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
8th ME Business & IT Resilience Summit
March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE