SlideShare a Scribd company logo

SAMA BCM Framework

Continuity and Resilience
Continuity and Resilience

Presented by Dhiraj Lal About Continuity & Resilience (CORE) Consulting Services (ISO 22301 Certified) Cyber Security Business Continuity Management Crisis Management IT Disaster Recovery Information Security Risk Management Training Services NCEMA developed Training (we are trainers for the NCEMA courses at GCAS, NCEMA licensed training entity) CORE is an approved Global Training partner for the UK based Business Continuity Institute licensed to conduct BCI trainings anywhere in the Globe Notification and Automation Tools CORE acts as a enabler between the partner & client by providing support for: Gather requirements Shortlist Vendors Subject matter expertise for tool selection Perform Vendor Demos Tool installation & implementation support for BC, ITDR & Notification Assistance during tool testing

Services
1 of 36
Download to read offline
Continuity & Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 8th ME Business & IT Resilience Summit March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE
2 SAMA BCM Framework Dhiraj Lal Executive Director Continuity and Resilience Abu Dhabi 8th BC & IT Resilience Summit March 10, 2019, The Address Hotel, Dubai Mall SAMA BCM Framework
About Continuity & Resilience (CORE) Consulting Services (ISO 22301 Certified) ▪ Cyber Security ▪ Business Continuity Management ▪ Crisis Management ▪ IT Disaster Recovery ▪ Information Security ▪ Risk Management Training Services ▪ NCEMA developed Training (we are trainers for the NCEMA courses at GCAS, NCEMA licensed training entity) ▪ CORE is an approved Global Training partner for the UK based Business Continuity Institute licensed to conduct BCI trainings anywhere in the Globe 3
Notification and Automation Tools CORE acts as a enabler between the partner & client by providing support for: • Gather requirements • Shortlist Vendors • Subject matter expertise for tool selection • Perform Vendor Demos • Tool installation & implementation support for BC, ITDR & Notification • Assistance during tool testing 4 Benefits
E-learning Development and Deployment • Higher coverage • Consistency in communication • Higher learning retention • Learn at your own pace, anytime and anywhere • Latest and most updated course ware always available • Cost effective as against class room based training • Saves paper reduces carbon foot print 5 Crisis Management 1 Business Continuity 2 ITService Management 6 Sustainability7
Assurance & long term sustainability Validation of documented steps Effective & coordinated response during crisis in order to minimize decision points at the time Identify potential threats & take measures to mitigate impact Focus on high priority items Maturity Assessment Industry Benchmarking Current State Assessment Implementation BC Strategy & Response Risk Assessment Business Impact Analysis Program Management Plan Operationalizethe BCMS Continual Improvement Performance Evaluation Exercising Testing InitialAssessment& Roadmap Assessment Report Implementation Review Documentation Review Interview Senior Management Implementation Operationalize the BCMS Initial Assessment Benefits Our Consulting approach Consulting BCM Consulting Assignment 6
Training • Cyber Attack/ Crisis Simulation Exercise • Senior Management Awareness workshops • ISMS and BCMS coordinators training courses • BCI Courses – CBCI Certification Workshop, BIA, Writing BC Plans workshops • Certification aspirants workshops for CISSP, CISA, CISM and CRISC • ISO 27001 Lead Auditor training • ISO 22301 Lead Implementer/ Auditor training • ISO 31000 (Risk Management) courses • IT Disaster Recovery workshop 7
Training • NCEMA “official” courses – ✓ 1 day awareness ✓ 5 day Lead Implementer ✓ 5 day Lead auditor ✓ 2 day exercising and Testing • Cyber Attack/ Crisis Simulation Exercise • Senior Management Awareness workshops • Coordinator training courses in ISMS and BCMS • BCI Courses – CBCI Certification Workshop, BIA, Writing BC Plans • Lead Auditor training in ISO 27001/ISO 22301 • Certification in Risk Management, IT Disaster Recovery, Crisis Mgt 8
SAMA Framework • Is quite explicit of what is to be done • Mandates many items often left unsaid • Could well be used by non-banks also – key principles are valid for any industry • Can be used as a guidance document for any industry, any geography, any ownership • Makes clear that BCM is a senior management responsibility, typically the board level 9
Mandate • SAMA mandates the BCM framework requirements document to Member Organizations. This document outlines the BCM requirements to be implemented by the Member Organizations. • All Member Organizations are required to comply with these requirements and integrate it formally in their BCM program. • The BCM framework document is applicable to the full scope of the Member Organization, including subsidiaries, employees, subcontractors, third-parties and customers. 10
Member Organisations The BCM Framework document is applicable to following: • All organizations affiliated with SAMA (“the Member Organizations”) • All banks operating in Saudi Arabia • All banking subsidiaries of Saudi banks • Subsidiaries of foreign banks situated in Saudi Arabia 11
Target Audience This document is intended for those, who are responsible for and involved in defining, implementing and reviewing business continuity controls…. • Board of Directors • CEO • Chief Risk Officer • Senior and Executive Management • Business owners • Owners of information assets • CIO/CISO • Business Continuity Managers • Internal Auditors 12
BCM Governance BC governance framework should be monitored by senior management. 1. Board of directors or a delegated executive member should have the ultimate responsibility for the BCM program. 2. Management should allocate sufficient budget to execute the required BCM activities. 3. BCM Committee should be mandated by the board of directors. 4. Senior management, such as CRO, COO, CIO, CISO, BCM Manager and other relevant departments should be represented in the business continuity committee. 5. A business continuity committee charter should reflect: a. Committee objectives b. Roles and responsibilities c. Minimum number of meeting participants d. Meeting frequency (minimum on quarterly basis) 13
Responsibilities A BCM function should be established. The BCM function should be adequately staffed with qualified team members Cross-functional teams, consisting of strategic, tactical and operations team members should contribute in implementation and maintenance of the business continuity and disaster recovery plans. The BCM Manager and BCM coordinators are responsible to maintain and keep the BCPs and arrangements up-to-date. The IT manager should be responsible to maintain and keep the disaster recovery plans and arrangements upto-date with an overall accountability of integration within the BCM Program on the BCM Manager. 14
Business Impact Analysis (BIA) The Member Organization should determine the following but no limited to: a. The potential impact of business disruptions for each prioritized business function and processes, including but not restricted to financial, operational, customer, legal and regulatory impacts b. The recovery time objectives (RTOs), recovery point objectives (RPOs) and maximum Acceptable Outage (MAO) c. The internal and external interdependencies d. Supporting recovery resources The BCM committee should endorse the prioritized list, BIA results, RA and the defined RTOs, RPOs and MAOs. Member Organizations should ensure that RTOs are adequately defined for payment systems, customer related services, etc. considering the high availability of these operations and minimum disruption in the event of disaster. 15
Risk Assessment (RA) Risk assessment results should be communicated to the BCM committee The risk assessment should include risks associated with overall organization as well as data centers (primary and alternative), which are not owned by the Member Organization (e.g., consider the timeframe needed to relocate to a new site and accordingly, it should include a sufficient timeframe in the contractual agreement) Capability of vendors, suppliers and service providers should be assessed at least on a yearly basis Member Organization should ensure that the key service providers (if any) have a BCP in place and their plans tested at least on a yearly basis…. for all critical activities, as determined by the BIA 16
IT Disaster Recovery The Member Organization should define and implement a backup and recovery process. The Member Organization should have offsite location for storing backups. The Member Organization should ensure that critical services, business functions and processes run on reliable and robust infrastructure and software. An IT DRP in alignment with business impact analysis should be defined, approved, implemented and maintained …. to recover and restore technology services and infrastructure components (Data, systems, network, services and applications) 17
Alternate Data Centre The Member Organization should establish an alternative data center at an appropriate location. The location should be identified based on a risk assessment to confirm that the location does not share the same risks of the main data center (e.g., geographical threat) Data, system, network and application configurations, and capacities in the alternative data center should be commensurate to such configurations and capacities maintained in the main data center. Member Organization should implement the same logical, physical, environmental and cyber security controls for the alternative data center as for the primary data center. 18
Suppliers and Service Providers • For all critical activities, as determined by the BIA, the Member Organization should ensure that the key service providers (if any) have a BCP in place and their plans tested at least on a yearly basis. • Formal contracts should be signed with third-parties to ensure the continuity of outsourced services or delivery of replacing hardware or software within the agreed timelines in case of a disaster (for IT DR). Include guidelines to ensure that the contracts signed with external service providers are aligned with the BIA and RA outcomes. • Capability of vendors, suppliers and service providers should be assessed at least on a yearly basis… to support and maintain service levels for prioritized activities during disruptive incidents 19
Alternate Locations (RA) • The Member Organization should have sufficient alternative business workspace(s) where it can relocate the required resources to deliver the critical processes required as per predefined recovery objectives in the BIA. • The alternative business workspace(s) should have clear demarcation of the sitting arrangement for different business units. • The Member Organization should implement sufficient logical, physical and environmental security controls in order to support the same level of access and security in case the alternative location needs to be activated. 20
Business Continuity Plans (BCPs) The procedures should collectively include: a. Key resources (e.g., people, equipment, facilities, technologies) b. Defined roles, responsibilities and authorities for stakeholders c. A process to manage the immediate consequences of a disruptive incident and escalation procedures d. A process to continue the critical activities within predetermined recovery objectives (RTO, RPO and MAO) e. A process to resume the Member Organization’s operations to business-as-usual once the incident is resolved f. Guidelines for communicating with employees, relevant third- parties and emergency contacts g. Process for including relevant cyber security requirements, if any, within the business continuity planning 21
Crisis Management Plan (CMP) The Member Organization should document • Criteria for declaring a crisis. • Command center for centralized management and an emergency command center. • Crisis-management team members which include representatives of the critical products, services, functions and processes of the Member Organization (including Communications department, and any third-parties to be involved also) • Communication plan (including rapid communication) including the media response plan, to ensure overall safety and address the communication with the internal and external stakeholders during crisis. • The frequency of crisis management tests 22
Awareness and Training • A training program should be provided on an annual basis to employees involved in BCM to achieve the required level of experience, skills and competences. • The Member Organization should periodically measure the effectiveness of the training and awareness program. • The Member Organization and relevant third-parties, such as providers and suppliers should be: a. Familiar with relevant parts of business continuity policy and plans b. Contractually bound to provide their services or products within the agreed time, in case of disruptive event c. Familiar with their point of contact or their local BCM coordinator in the Member Organization d. Familiar with their roles and responsibilities during disruptive incidents 23
Exercise and Testing The Member Organization should: • Define, approve, implement, execute and monitor regular BCP and DRP tests • Train their employees and third-parties and test the effectiveness of the BC and DR plans. • Ensure that defined test scenarios cover the activation and involvement for crisis management team. • Conduct BCP simulation test exercises (“at least once a year”) • The tests should consider appropriate scenarios that are well planned with clearly defined objectives (e.g., per function, per service, per process, per location, per worst cases scenarios) • The Member Organization should take into consideration to include cyber security scenarios. • Consider conducting an integrated BCM test for all critical services, business processes and functions. 24
IT DR Tests The Member Organization should: • Periodically execute a DR test combined with BCP (“at least once a year”). • Conduct an evaluation of the executed test of IT DR infrastructure that supports the Member Organization’s critical systems • Ensure that the DR test results provide an evaluation and suggestion for improvements • Ensure that tests cover the activation and involvement of the crisis management team. 25
Effectiveness • Internal Audit or a qualified external auditor, should observe the business continuity and disaster recovery testing activities as an independent participant • In case of test failure, the re-testing timelines should not exceed the limit of three (3) months. • All BCP and DRP tests results should be reported to the BCM committee, senior management and the board of directors. • Test results of business continuity and disaster recovery should be shared with SAMA within four weeks after the test. The Member Organization should identify the improvements based on the test performed and provide an action plan to SAMA within two months after the submission of the test results. 26
Summary • If you are struggling with what to do in your BCM program, consider taking guidance from the SAMA framework. • Set up for success your BCM program in line with SAMA principles, focusing on: ▪ Senior Management Accountability (Board level) ▪ Adequate budget ▪ Adequate and competent resources ▪ Full lifecycle implementation ▪ Exercise and Testing ▪ Regular Senior Management Monitoring and support ▪ Continuous Improvement ALL THE BEST!!!! 27
28 Dhiraj Lal Executive Director Landline : +971 2 6594006 Mobile & WhatsApp: +971 52 9263933 Email: dhiraj.l@continuityandresilience.com Skype: dhiraj.lal21
Implementation Approach & Methodology 29
Head Office Continuity & Resilience Level 15,Eros Corporate Tower Nehru Place ,New Delhi-110019, INDIA Tel: +91 11 41055534/ +91 11 41613033 Fax: +91 11 41055535 Email: info@continuityandresilience.com 30 Contact: Padmanabha Bora Director Mobile & WhatsApp: +91 9654870406 Email: pb@continuityandresilience.com Skype: Padmanabha.bora
CORE Cyber Security / Information Security Services 31 Capacity Building & Skill Dvlp • Corporate Instructor Led Trainings • Cyber Attack Simulation Exercise • Customised training for Corporate • Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC) Professional Services • Governance, Risk & Compliance • CERT & CSIRT (BOMT Model) • Forensics & Investigations / VAPT • Gap Analysis / Health Checks & Pre Audit Services Managed Security Services • CSIRT as a Service • SOC (remote, BOMT/O&M) • Predictive Security through Threat Hunting & Counter Threat Intelligence • Forensics & Investigation Services Products • Confront & Denial of Operations Area through Smoke Screen • Forensics Workstation & DDoS Protection Tool • Employee Forensics & Monitoring Tool • Mobile Device Management & Mobile Data Security
Trainings Public Programs • Global Certifications like BCI, IRCA • CORE Certifications In-house Workshops • Global Certifications like BCI, IRCA, • CORE Certifications Tailor-made • Customized to clients • Specialized coverage • Awareness Education • Simulated Exercises 32
Sectors • Telecom • Critical Infrastructure • Financial Sector • Banking • Government sector • Oil and Gas • Insurance • Government • Real Estate • Aviation • IT/ ITeS • … Etc 33
How can we help? • Gap Assessment • Training for top management • Implementation Roadmap • Coordinators Orientation training • Policy • Templates • RA Strategies • Vulnerability Assessment • Penetration Testing • Tool Assessment as per your IT setup • Data Centre assessment 34
E-learning Support • Scope The BCM framework document defines principles, objectives and control considerations for initiating, implementing, maintaining, monitoring and improving business continuity controls in member organizations. The BCM framework document has an interrelationship with other corporate policies for related areas, such as enterprise risk management, health, safety and environment (HSE), physical security, cybersecurity (including cyber resilience and incident management). 35
Continuity & Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 8th ME Business & IT Resilience Summit March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE

Recommended

ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
Andrew Smart
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity Management
Ramiro Cid
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
SWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxSWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptx
MdMofijulHaque
 

Recommended

ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
Priyanka Aash
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
Andrew Smart
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity Management
Ramiro Cid
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
SWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptxSWIFT CSP Presentations.pptx
SWIFT CSP Presentations.pptx
MdMofijulHaque
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
Reza Teynia ISMS, ITSM, MSc
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4Obrina Candra, CISA, ISMS-LA
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
How To Handle Cybersecurity Risk Powerpoint Presentation Slides
How To Handle Cybersecurity Risk Powerpoint Presentation SlidesHow To Handle Cybersecurity Risk Powerpoint Presentation Slides
How To Handle Cybersecurity Risk Powerpoint Presentation Slides
SlideTeam
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
OCTF Industry Engagement
 
Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!
Continuity and Resilience
 
Digital Strategy and Transformation
Digital Strategy and TransformationDigital Strategy and Transformation
Digital Strategy and Transformation
GustavoVelandia3
 

More Related Content

What's hot

ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
Reza Teynia ISMS, ITSM, MSc
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approachtschraider
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
Pranav Shah
 
How To Handle Cybersecurity Risk Powerpoint Presentation Slides
How To Handle Cybersecurity Risk Powerpoint Presentation SlidesHow To Handle Cybersecurity Risk Powerpoint Presentation Slides
How To Handle Cybersecurity Risk Powerpoint Presentation Slides
SlideTeam
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
OCTF Industry Engagement
 

What's hot (20)

ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
Infosec Audit Lecture_4
Infosec Audit Lecture_4Infosec Audit Lecture_4
Infosec Audit Lecture_4
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
How To Handle Cybersecurity Risk Powerpoint Presentation Slides
How To Handle Cybersecurity Risk Powerpoint Presentation SlidesHow To Handle Cybersecurity Risk Powerpoint Presentation Slides
How To Handle Cybersecurity Risk Powerpoint Presentation Slides
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk Management
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 

Similar to SAMA BCM Framework

Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!
Continuity and Resilience
 
Digital Strategy and Transformation
Digital Strategy and TransformationDigital Strategy and Transformation
Digital Strategy and Transformation
GustavoVelandia3
 
16. Process: ocp cfops delivery support
16. Process: ocp cfops delivery support16. Process: ocp cfops delivery support
16. Process: ocp cfops delivery support
ssusereb347d
 
How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?
Abdul Naseer
 
Business Continuity Audit
Business Continuity AuditBusiness Continuity Audit
Business Continuity Audit
Institute for Business Continuity Training
 
IT Cost Transparency with Capacity Optimization
IT Cost Transparency with Capacity OptimizationIT Cost Transparency with Capacity Optimization
IT Cost Transparency with Capacity Optimization
BMC Software
 
How to plan and manage a BCM and IT DR project
How to plan and manage a BCM and IT DR projectHow to plan and manage a BCM and IT DR project
How to plan and manage a BCM and IT DR project
CORE Consulting
 
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
Continuity and Resilience
 
How to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR ProjectHow to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR Project
Continuity and Resilience
 
Grc (V3) Brown Yarberry For Feb 10th Keynote Presentation
Grc (V3) Brown Yarberry For Feb 10th Keynote PresentationGrc (V3) Brown Yarberry For Feb 10th Keynote Presentation
Grc (V3) Brown Yarberry For Feb 10th Keynote Presentation
William Yarberry
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
Alexey Chekanov
 
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Jerimi Soma
 
Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15David John Bollaert
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.in
Satya Yadav
 
A Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingA Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning Prototyping
GH_Wijnants
 
Citihub Consulting Capabilities Presentation
Citihub Consulting Capabilities PresentationCitihub Consulting Capabilities Presentation
Citihub Consulting Capabilities Presentation
Chris Allison
 
Basel II self assessment
Basel II self assessmentBasel II self assessment
Basel II self assessment
Sohail_farooq
 

Similar to SAMA BCM Framework (20)

Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!Business Continuity and Information Security- An Excellent Fit!
Business Continuity and Information Security- An Excellent Fit!
 
Digital Strategy and Transformation
Digital Strategy and TransformationDigital Strategy and Transformation
Digital Strategy and Transformation
 
CV_CMDB_ITAM_SACM_Anil_Kumar_S
CV_CMDB_ITAM_SACM_Anil_Kumar_SCV_CMDB_ITAM_SACM_Anil_Kumar_S
CV_CMDB_ITAM_SACM_Anil_Kumar_S
 
16. Process: ocp cfops delivery support
16. Process: ocp cfops delivery support16. Process: ocp cfops delivery support
16. Process: ocp cfops delivery support
 
How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?How to integrate BCMS with Organization's culture?
How to integrate BCMS with Organization's culture?
 
Business Continuity Audit
Business Continuity AuditBusiness Continuity Audit
Business Continuity Audit
 
IT Cost Transparency with Capacity Optimization
IT Cost Transparency with Capacity OptimizationIT Cost Transparency with Capacity Optimization
IT Cost Transparency with Capacity Optimization
 
Suchasmita Padhi Resume
Suchasmita Padhi ResumeSuchasmita Padhi Resume
Suchasmita Padhi Resume
 
Profile_Kishore Sundar
Profile_Kishore SundarProfile_Kishore Sundar
Profile_Kishore Sundar
 
How to plan and manage a BCM and IT DR project
How to plan and manage a BCM and IT DR projectHow to plan and manage a BCM and IT DR project
How to plan and manage a BCM and IT DR project
 
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
HOW TO PLAN AND MANAGE A BCM AND IT DR PROJECT
 
How to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR ProjectHow to Plan and Manage a BCM and IT DR Project
How to Plan and Manage a BCM and IT DR Project
 
Grc (V3) Brown Yarberry For Feb 10th Keynote Presentation
Grc (V3) Brown Yarberry For Feb 10th Keynote PresentationGrc (V3) Brown Yarberry For Feb 10th Keynote Presentation
Grc (V3) Brown Yarberry For Feb 10th Keynote Presentation
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
 
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
 
Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15Resus Advisory Profile - Resilience services Nov 15
Resus Advisory Profile - Resilience services Nov 15
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.in
 
A Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning PrototypingA Vision On Integrated Inspection Planning Prototyping
A Vision On Integrated Inspection Planning Prototyping
 
Citihub Consulting Capabilities Presentation
Citihub Consulting Capabilities PresentationCitihub Consulting Capabilities Presentation
Citihub Consulting Capabilities Presentation
 
Basel II self assessment
Basel II self assessmentBasel II self assessment
Basel II self assessment
 

More from Continuity and Resilience

The Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq Bajwa
The Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq BajwaThe Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq Bajwa
The Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq Bajwa
Continuity and Resilience
 
The Business Continuity Conference, 25th October 2023 in Riyadh - Nuha Eltinay
The Business Continuity Conference, 25th October 2023 in Riyadh - Nuha EltinayThe Business Continuity Conference, 25th October 2023 in Riyadh - Nuha Eltinay
The Business Continuity Conference, 25th October 2023 in Riyadh - Nuha Eltinay
Continuity and Resilience
 
The Business Continuity Conference, 25th October 2023 in Riyadh - Paul Gant
The Business Continuity Conference, 25th October 2023 in Riyadh - Paul GantThe Business Continuity Conference, 25th October 2023 in Riyadh - Paul Gant
The Business Continuity Conference, 25th October 2023 in Riyadh - Paul Gant
Continuity and Resilience
 
The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...
The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...
The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...
Continuity and Resilience
 
The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...
The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...
The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...
Continuity and Resilience
 
DEFLUFFING RESILIENCE
DEFLUFFING RESILIENCEDEFLUFFING RESILIENCE
DEFLUFFING RESILIENCE
Continuity and Resilience
 
CREATING AND MAINTAINING A BCM PROGRAM
CREATING AND MAINTAINING A BCM PROGRAM CREATING AND MAINTAINING A BCM PROGRAM
CREATING AND MAINTAINING A BCM PROGRAM
Continuity and Resilience
 
BCM Challenges and Compliance
BCM Challenges and Compliance BCM Challenges and Compliance
BCM Challenges and Compliance
Continuity and Resilience
 
Thriving in the Crisis Situation
Thriving in the Crisis SituationThriving in the Crisis Situation
Thriving in the Crisis Situation
Continuity and Resilience
 
Cyber Security & IT Resilience
Cyber Security & IT Resilience Cyber Security & IT Resilience
Cyber Security & IT Resilience
Continuity and Resilience
 
Enterprise Resilience
Enterprise ResilienceEnterprise Resilience
Enterprise Resilience
Continuity and Resilience
 
Advancing the Enterprise Towards Enterprise Resilience
Advancing the Enterprise Towards Enterprise ResilienceAdvancing the Enterprise Towards Enterprise Resilience
Advancing the Enterprise Towards Enterprise Resilience
Continuity and Resilience
 
Bcm is all about people!
Bcm is all about people!Bcm is all about people!
Bcm is all about people!
Continuity and Resilience
 
Value of Work Place Services in the Middle East
Value of Work Place Services in the Middle EastValue of Work Place Services in the Middle East
Value of Work Place Services in the Middle East
Continuity and Resilience
 
Social Media Influence in the field of Crisis Management– Case Studies
Social Media Influence in the field of Crisis Management– Case StudiesSocial Media Influence in the field of Crisis Management– Case Studies
Social Media Influence in the field of Crisis Management– Case Studies
Continuity and Resilience
 
Cyber Resilience Tips and Techniques For Protection & Response
Cyber Resilience Tips and Techniques For Protection & Response Cyber Resilience Tips and Techniques For Protection & Response
Cyber Resilience Tips and Techniques For Protection & Response
Continuity and Resilience
 
Crisis Communication & BCM in Aviation Sector
Crisis Communication & BCM in Aviation SectorCrisis Communication & BCM in Aviation Sector
Crisis Communication & BCM in Aviation Sector
Continuity and Resilience
 
Effectiveness of Disaster Management Ground Reality and Potential.
Effectiveness of Disaster Management Ground Reality and Potential.Effectiveness of Disaster Management Ground Reality and Potential.
Effectiveness of Disaster Management Ground Reality and Potential.
Continuity and Resilience
 
BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..
Continuity and Resilience
 
Kerala floods case study automated two-way crisis communication
Kerala floods case study automated two-way crisis communicationKerala floods case study automated two-way crisis communication
Kerala floods case study automated two-way crisis communication
Continuity and Resilience
 

More from Continuity and Resilience (20)

The Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq Bajwa
The Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq BajwaThe Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq Bajwa
The Business Continuity Conference, 25th October 2023 in Riyadh - Mr. Atiq Bajwa
 
The Business Continuity Conference, 25th October 2023 in Riyadh - Nuha Eltinay
The Business Continuity Conference, 25th October 2023 in Riyadh - Nuha EltinayThe Business Continuity Conference, 25th October 2023 in Riyadh - Nuha Eltinay
The Business Continuity Conference, 25th October 2023 in Riyadh - Nuha Eltinay
 
The Business Continuity Conference, 25th October 2023 in Riyadh - Paul Gant
The Business Continuity Conference, 25th October 2023 in Riyadh - Paul GantThe Business Continuity Conference, 25th October 2023 in Riyadh - Paul Gant
The Business Continuity Conference, 25th October 2023 in Riyadh - Paul Gant
 
The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...
The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...
The Business Continuity Conference, 25th October 2023 in Riyadh - David Boll...
 
The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...
The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...
The Business Continuity Conference, 25th October 2023 in Riyadh - Abdulrahma...
 
DEFLUFFING RESILIENCE
DEFLUFFING RESILIENCEDEFLUFFING RESILIENCE
DEFLUFFING RESILIENCE
 
CREATING AND MAINTAINING A BCM PROGRAM
CREATING AND MAINTAINING A BCM PROGRAM CREATING AND MAINTAINING A BCM PROGRAM
CREATING AND MAINTAINING A BCM PROGRAM
 
BCM Challenges and Compliance
BCM Challenges and Compliance BCM Challenges and Compliance
BCM Challenges and Compliance
 
Thriving in the Crisis Situation
Thriving in the Crisis SituationThriving in the Crisis Situation
Thriving in the Crisis Situation
 
Cyber Security & IT Resilience
Cyber Security & IT Resilience Cyber Security & IT Resilience
Cyber Security & IT Resilience
 
Enterprise Resilience
Enterprise ResilienceEnterprise Resilience
Enterprise Resilience
 
Advancing the Enterprise Towards Enterprise Resilience
Advancing the Enterprise Towards Enterprise ResilienceAdvancing the Enterprise Towards Enterprise Resilience
Advancing the Enterprise Towards Enterprise Resilience
 
Bcm is all about people!
Bcm is all about people!Bcm is all about people!
Bcm is all about people!
 
Value of Work Place Services in the Middle East
Value of Work Place Services in the Middle EastValue of Work Place Services in the Middle East
Value of Work Place Services in the Middle East
 
Social Media Influence in the field of Crisis Management– Case Studies
Social Media Influence in the field of Crisis Management– Case StudiesSocial Media Influence in the field of Crisis Management– Case Studies
Social Media Influence in the field of Crisis Management– Case Studies
 
Cyber Resilience Tips and Techniques For Protection & Response
Cyber Resilience Tips and Techniques For Protection & Response Cyber Resilience Tips and Techniques For Protection & Response
Cyber Resilience Tips and Techniques For Protection & Response
 
Crisis Communication & BCM in Aviation Sector
Crisis Communication & BCM in Aviation SectorCrisis Communication & BCM in Aviation Sector
Crisis Communication & BCM in Aviation Sector
 
Effectiveness of Disaster Management Ground Reality and Potential.
Effectiveness of Disaster Management Ground Reality and Potential.Effectiveness of Disaster Management Ground Reality and Potential.
Effectiveness of Disaster Management Ground Reality and Potential.
 
BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..BCM Regulations and Learnings from across the globe..
BCM Regulations and Learnings from across the globe..
 
Kerala floods case study automated two-way crisis communication
Kerala floods case study automated two-way crisis communicationKerala floods case study automated two-way crisis communication
Kerala floods case study automated two-way crisis communication
 

Recently uploaded

Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
RNayak3
 
Top Email Marketing Trends to Watch in 2024
Top Email Marketing Trends to Watch in 2024Top Email Marketing Trends to Watch in 2024
Top Email Marketing Trends to Watch in 2024
time4servers technologies
 
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques SupplierAll Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
Trophy-World Malaysia Your #1 Rated Trophy Supplier
 
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi KadaleGet your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Pallavi Makeup Artist
 
Comprehensive Water Damage Restoration Services
Comprehensive Water Damage Restoration ServicesComprehensive Water Damage Restoration Services
Comprehensive Water Damage Restoration Services
kleenupdisaster
 
Don't Wait Until It's Too Late! 5-Signs Your Garage Door Needs Replacing
Don't Wait Until It's Too Late! 5-Signs Your Garage Door Needs ReplacingDon't Wait Until It's Too Late! 5-Signs Your Garage Door Needs Replacing
Don't Wait Until It's Too Late! 5-Signs Your Garage Door Needs Replacing
CR Garage Doors
 
Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098
Chandigarh export services garal
 
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Landscape Express
 
What Are the Latest Trends in Endpoint Security for 2024?
What Are the Latest Trends in Endpoint Security for 2024?What Are the Latest Trends in Endpoint Security for 2024?
What Are the Latest Trends in Endpoint Security for 2024?
VRS Technologies
 
Office Business Furnishings | Office Equipment
Office Business Furnishings | Office EquipmentOffice Business Furnishings | Office Equipment
Office Business Furnishings | Office Equipment
OFWD
 
The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...
The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...
The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...
Softradix Technologies
 
Inspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
Inspect Edge & NSPIRE Inspection Application - Streamline Housing InspectionsInspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
Inspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
inspectedge1
 
Waikiki Sunset Catamaran ! MAITAI Catamaran
Waikiki Sunset Catamaran ! MAITAI CatamaranWaikiki Sunset Catamaran ! MAITAI Catamaran
Waikiki Sunset Catamaran ! MAITAI Catamaran
maitaicatamaran
 
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
gitapress3
 
Hire RoR Developers - ☎ +1 9177322215
Hire RoR Developers - ☎ +1 9177322215Hire RoR Developers - ☎ +1 9177322215
Hire RoR Developers - ☎ +1 9177322215
Semiosis Software Private Limited
 
Upvc Bathroom Doors Price and Designs In Kerala
Upvc Bathroom Doors Price and Designs In KeralaUpvc Bathroom Doors Price and Designs In Kerala
Upvc Bathroom Doors Price and Designs In Kerala
bpshafeeque
 
DOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce ExcellenceDOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce Excellence
Himanshu
 
Maximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management SystemsMaximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management Systems
Irri Design Studio
 
Colors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptxColors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptx
Brendon Jonathan
 
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROL
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROLSECUREX UK FOR SECURITY SERVICES AND MOBILE PATROL
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROL
securexukweb
 

Recently uploaded (20)

Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
 
Top Email Marketing Trends to Watch in 2024
Top Email Marketing Trends to Watch in 2024Top Email Marketing Trends to Watch in 2024
Top Email Marketing Trends to Watch in 2024
 
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques SupplierAll Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
All Trophies at Trophy-World Malaysia | Custom Trophies & Plaques Supplier
 
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi KadaleGet your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
 
Comprehensive Water Damage Restoration Services
Comprehensive Water Damage Restoration ServicesComprehensive Water Damage Restoration Services
Comprehensive Water Damage Restoration Services
 
Don't Wait Until It's Too Late! 5-Signs Your Garage Door Needs Replacing
Don't Wait Until It's Too Late! 5-Signs Your Garage Door Needs ReplacingDon't Wait Until It's Too Late! 5-Signs Your Garage Door Needs Replacing
Don't Wait Until It's Too Late! 5-Signs Your Garage Door Needs Replacing
 
Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098
 
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
 
What Are the Latest Trends in Endpoint Security for 2024?
What Are the Latest Trends in Endpoint Security for 2024?What Are the Latest Trends in Endpoint Security for 2024?
What Are the Latest Trends in Endpoint Security for 2024?
 
Office Business Furnishings | Office Equipment
Office Business Furnishings | Office EquipmentOffice Business Furnishings | Office Equipment
Office Business Furnishings | Office Equipment
 
The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...
The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...
The Jamstack Revolution: Building Dynamic Websites with Static Site Generator...
 
Inspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
Inspect Edge & NSPIRE Inspection Application - Streamline Housing InspectionsInspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
Inspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
 
Waikiki Sunset Catamaran ! MAITAI Catamaran
Waikiki Sunset Catamaran ! MAITAI CatamaranWaikiki Sunset Catamaran ! MAITAI Catamaran
Waikiki Sunset Catamaran ! MAITAI Catamaran
 
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
 
Hire RoR Developers - ☎ +1 9177322215
Hire RoR Developers - ☎ +1 9177322215Hire RoR Developers - ☎ +1 9177322215
Hire RoR Developers - ☎ +1 9177322215
 
Upvc Bathroom Doors Price and Designs In Kerala
Upvc Bathroom Doors Price and Designs In KeralaUpvc Bathroom Doors Price and Designs In Kerala
Upvc Bathroom Doors Price and Designs In Kerala
 
DOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce ExcellenceDOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce Excellence
 
Maximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management SystemsMaximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management Systems
 
Colors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptxColors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptx
 
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROL
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROLSECUREX UK FOR SECURITY SERVICES AND MOBILE PATROL
SECUREX UK FOR SECURITY SERVICES AND MOBILE PATROL
 

SAMA BCM Framework

  • 1. Continuity & Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 8th ME Business & IT Resilience Summit March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE
  • 2. 2 SAMA BCM Framework Dhiraj Lal Executive Director Continuity and Resilience Abu Dhabi 8th BC & IT Resilience Summit March 10, 2019, The Address Hotel, Dubai Mall SAMA BCM Framework
  • 3. About Continuity & Resilience (CORE) Consulting Services (ISO 22301 Certified) ▪ Cyber Security ▪ Business Continuity Management ▪ Crisis Management ▪ IT Disaster Recovery ▪ Information Security ▪ Risk Management Training Services ▪ NCEMA developed Training (we are trainers for the NCEMA courses at GCAS, NCEMA licensed training entity) ▪ CORE is an approved Global Training partner for the UK based Business Continuity Institute licensed to conduct BCI trainings anywhere in the Globe 3
  • 4. Notification and Automation Tools CORE acts as a enabler between the partner & client by providing support for: • Gather requirements • Shortlist Vendors • Subject matter expertise for tool selection • Perform Vendor Demos • Tool installation & implementation support for BC, ITDR & Notification • Assistance during tool testing 4 Benefits
  • 5. E-learning Development and Deployment • Higher coverage • Consistency in communication • Higher learning retention • Learn at your own pace, anytime and anywhere • Latest and most updated course ware always available • Cost effective as against class room based training • Saves paper reduces carbon foot print 5 Crisis Management 1 Business Continuity 2 ITService Management 6 Sustainability7
  • 6. Assurance & long term sustainability Validation of documented steps Effective & coordinated response during crisis in order to minimize decision points at the time Identify potential threats & take measures to mitigate impact Focus on high priority items Maturity Assessment Industry Benchmarking Current State Assessment Implementation BC Strategy & Response Risk Assessment Business Impact Analysis Program Management Plan Operationalizethe BCMS Continual Improvement Performance Evaluation Exercising Testing InitialAssessment& Roadmap Assessment Report Implementation Review Documentation Review Interview Senior Management Implementation Operationalize the BCMS Initial Assessment Benefits Our Consulting approach Consulting BCM Consulting Assignment 6
  • 7. Training • Cyber Attack/ Crisis Simulation Exercise • Senior Management Awareness workshops • ISMS and BCMS coordinators training courses • BCI Courses – CBCI Certification Workshop, BIA, Writing BC Plans workshops • Certification aspirants workshops for CISSP, CISA, CISM and CRISC • ISO 27001 Lead Auditor training • ISO 22301 Lead Implementer/ Auditor training • ISO 31000 (Risk Management) courses • IT Disaster Recovery workshop 7
  • 8. Training • NCEMA “official” courses – ✓ 1 day awareness ✓ 5 day Lead Implementer ✓ 5 day Lead auditor ✓ 2 day exercising and Testing • Cyber Attack/ Crisis Simulation Exercise • Senior Management Awareness workshops • Coordinator training courses in ISMS and BCMS • BCI Courses – CBCI Certification Workshop, BIA, Writing BC Plans • Lead Auditor training in ISO 27001/ISO 22301 • Certification in Risk Management, IT Disaster Recovery, Crisis Mgt 8
  • 9. SAMA Framework • Is quite explicit of what is to be done • Mandates many items often left unsaid • Could well be used by non-banks also – key principles are valid for any industry • Can be used as a guidance document for any industry, any geography, any ownership • Makes clear that BCM is a senior management responsibility, typically the board level 9
  • 10. Mandate • SAMA mandates the BCM framework requirements document to Member Organizations. This document outlines the BCM requirements to be implemented by the Member Organizations. • All Member Organizations are required to comply with these requirements and integrate it formally in their BCM program. • The BCM framework document is applicable to the full scope of the Member Organization, including subsidiaries, employees, subcontractors, third-parties and customers. 10
  • 11. Member Organisations The BCM Framework document is applicable to following: • All organizations affiliated with SAMA (“the Member Organizations”) • All banks operating in Saudi Arabia • All banking subsidiaries of Saudi banks • Subsidiaries of foreign banks situated in Saudi Arabia 11
  • 12. Target Audience This document is intended for those, who are responsible for and involved in defining, implementing and reviewing business continuity controls…. • Board of Directors • CEO • Chief Risk Officer • Senior and Executive Management • Business owners • Owners of information assets • CIO/CISO • Business Continuity Managers • Internal Auditors 12
  • 13. BCM Governance BC governance framework should be monitored by senior management. 1. Board of directors or a delegated executive member should have the ultimate responsibility for the BCM program. 2. Management should allocate sufficient budget to execute the required BCM activities. 3. BCM Committee should be mandated by the board of directors. 4. Senior management, such as CRO, COO, CIO, CISO, BCM Manager and other relevant departments should be represented in the business continuity committee. 5. A business continuity committee charter should reflect: a. Committee objectives b. Roles and responsibilities c. Minimum number of meeting participants d. Meeting frequency (minimum on quarterly basis) 13
  • 14. Responsibilities A BCM function should be established. The BCM function should be adequately staffed with qualified team members Cross-functional teams, consisting of strategic, tactical and operations team members should contribute in implementation and maintenance of the business continuity and disaster recovery plans. The BCM Manager and BCM coordinators are responsible to maintain and keep the BCPs and arrangements up-to-date. The IT manager should be responsible to maintain and keep the disaster recovery plans and arrangements upto-date with an overall accountability of integration within the BCM Program on the BCM Manager. 14
  • 15. Business Impact Analysis (BIA) The Member Organization should determine the following but no limited to: a. The potential impact of business disruptions for each prioritized business function and processes, including but not restricted to financial, operational, customer, legal and regulatory impacts b. The recovery time objectives (RTOs), recovery point objectives (RPOs) and maximum Acceptable Outage (MAO) c. The internal and external interdependencies d. Supporting recovery resources The BCM committee should endorse the prioritized list, BIA results, RA and the defined RTOs, RPOs and MAOs. Member Organizations should ensure that RTOs are adequately defined for payment systems, customer related services, etc. considering the high availability of these operations and minimum disruption in the event of disaster. 15
  • 16. Risk Assessment (RA) Risk assessment results should be communicated to the BCM committee The risk assessment should include risks associated with overall organization as well as data centers (primary and alternative), which are not owned by the Member Organization (e.g., consider the timeframe needed to relocate to a new site and accordingly, it should include a sufficient timeframe in the contractual agreement) Capability of vendors, suppliers and service providers should be assessed at least on a yearly basis Member Organization should ensure that the key service providers (if any) have a BCP in place and their plans tested at least on a yearly basis…. for all critical activities, as determined by the BIA 16
  • 17. IT Disaster Recovery The Member Organization should define and implement a backup and recovery process. The Member Organization should have offsite location for storing backups. The Member Organization should ensure that critical services, business functions and processes run on reliable and robust infrastructure and software. An IT DRP in alignment with business impact analysis should be defined, approved, implemented and maintained …. to recover and restore technology services and infrastructure components (Data, systems, network, services and applications) 17
  • 18. Alternate Data Centre The Member Organization should establish an alternative data center at an appropriate location. The location should be identified based on a risk assessment to confirm that the location does not share the same risks of the main data center (e.g., geographical threat) Data, system, network and application configurations, and capacities in the alternative data center should be commensurate to such configurations and capacities maintained in the main data center. Member Organization should implement the same logical, physical, environmental and cyber security controls for the alternative data center as for the primary data center. 18
  • 19. Suppliers and Service Providers • For all critical activities, as determined by the BIA, the Member Organization should ensure that the key service providers (if any) have a BCP in place and their plans tested at least on a yearly basis. • Formal contracts should be signed with third-parties to ensure the continuity of outsourced services or delivery of replacing hardware or software within the agreed timelines in case of a disaster (for IT DR). Include guidelines to ensure that the contracts signed with external service providers are aligned with the BIA and RA outcomes. • Capability of vendors, suppliers and service providers should be assessed at least on a yearly basis… to support and maintain service levels for prioritized activities during disruptive incidents 19
  • 20. Alternate Locations (RA) • The Member Organization should have sufficient alternative business workspace(s) where it can relocate the required resources to deliver the critical processes required as per predefined recovery objectives in the BIA. • The alternative business workspace(s) should have clear demarcation of the sitting arrangement for different business units. • The Member Organization should implement sufficient logical, physical and environmental security controls in order to support the same level of access and security in case the alternative location needs to be activated. 20
  • 21. Business Continuity Plans (BCPs) The procedures should collectively include: a. Key resources (e.g., people, equipment, facilities, technologies) b. Defined roles, responsibilities and authorities for stakeholders c. A process to manage the immediate consequences of a disruptive incident and escalation procedures d. A process to continue the critical activities within predetermined recovery objectives (RTO, RPO and MAO) e. A process to resume the Member Organization’s operations to business-as-usual once the incident is resolved f. Guidelines for communicating with employees, relevant third- parties and emergency contacts g. Process for including relevant cyber security requirements, if any, within the business continuity planning 21
  • 22. Crisis Management Plan (CMP) The Member Organization should document • Criteria for declaring a crisis. • Command center for centralized management and an emergency command center. • Crisis-management team members which include representatives of the critical products, services, functions and processes of the Member Organization (including Communications department, and any third-parties to be involved also) • Communication plan (including rapid communication) including the media response plan, to ensure overall safety and address the communication with the internal and external stakeholders during crisis. • The frequency of crisis management tests 22
  • 23. Awareness and Training • A training program should be provided on an annual basis to employees involved in BCM to achieve the required level of experience, skills and competences. • The Member Organization should periodically measure the effectiveness of the training and awareness program. • The Member Organization and relevant third-parties, such as providers and suppliers should be: a. Familiar with relevant parts of business continuity policy and plans b. Contractually bound to provide their services or products within the agreed time, in case of disruptive event c. Familiar with their point of contact or their local BCM coordinator in the Member Organization d. Familiar with their roles and responsibilities during disruptive incidents 23
  • 24. Exercise and Testing The Member Organization should: • Define, approve, implement, execute and monitor regular BCP and DRP tests • Train their employees and third-parties and test the effectiveness of the BC and DR plans. • Ensure that defined test scenarios cover the activation and involvement for crisis management team. • Conduct BCP simulation test exercises (“at least once a year”) • The tests should consider appropriate scenarios that are well planned with clearly defined objectives (e.g., per function, per service, per process, per location, per worst cases scenarios) • The Member Organization should take into consideration to include cyber security scenarios. • Consider conducting an integrated BCM test for all critical services, business processes and functions. 24
  • 25. IT DR Tests The Member Organization should: • Periodically execute a DR test combined with BCP (“at least once a year”). • Conduct an evaluation of the executed test of IT DR infrastructure that supports the Member Organization’s critical systems • Ensure that the DR test results provide an evaluation and suggestion for improvements • Ensure that tests cover the activation and involvement of the crisis management team. 25
  • 26. Effectiveness • Internal Audit or a qualified external auditor, should observe the business continuity and disaster recovery testing activities as an independent participant • In case of test failure, the re-testing timelines should not exceed the limit of three (3) months. • All BCP and DRP tests results should be reported to the BCM committee, senior management and the board of directors. • Test results of business continuity and disaster recovery should be shared with SAMA within four weeks after the test. The Member Organization should identify the improvements based on the test performed and provide an action plan to SAMA within two months after the submission of the test results. 26
  • 27. Summary • If you are struggling with what to do in your BCM program, consider taking guidance from the SAMA framework. • Set up for success your BCM program in line with SAMA principles, focusing on: ▪ Senior Management Accountability (Board level) ▪ Adequate budget ▪ Adequate and competent resources ▪ Full lifecycle implementation ▪ Exercise and Testing ▪ Regular Senior Management Monitoring and support ▪ Continuous Improvement ALL THE BEST!!!! 27
  • 28. 28 Dhiraj Lal Executive Director Landline : +971 2 6594006 Mobile & WhatsApp: +971 52 9263933 Email: dhiraj.l@continuityandresilience.com Skype: dhiraj.lal21
  • 29. Implementation Approach & Methodology 29
  • 30. Head Office Continuity & Resilience Level 15,Eros Corporate Tower Nehru Place ,New Delhi-110019, INDIA Tel: +91 11 41055534/ +91 11 41613033 Fax: +91 11 41055535 Email: info@continuityandresilience.com 30 Contact: Padmanabha Bora Director Mobile & WhatsApp: +91 9654870406 Email: pb@continuityandresilience.com Skype: Padmanabha.bora
  • 31. CORE Cyber Security / Information Security Services 31 Capacity Building & Skill Dvlp • Corporate Instructor Led Trainings • Cyber Attack Simulation Exercise • Customised training for Corporate • Public Certification Aspirants Workshops (CISSP, CISA, CISM, CRISC) Professional Services • Governance, Risk & Compliance • CERT & CSIRT (BOMT Model) • Forensics & Investigations / VAPT • Gap Analysis / Health Checks & Pre Audit Services Managed Security Services • CSIRT as a Service • SOC (remote, BOMT/O&M) • Predictive Security through Threat Hunting & Counter Threat Intelligence • Forensics & Investigation Services Products • Confront & Denial of Operations Area through Smoke Screen • Forensics Workstation & DDoS Protection Tool • Employee Forensics & Monitoring Tool • Mobile Device Management & Mobile Data Security
  • 32. Trainings Public Programs • Global Certifications like BCI, IRCA • CORE Certifications In-house Workshops • Global Certifications like BCI, IRCA, • CORE Certifications Tailor-made • Customized to clients • Specialized coverage • Awareness Education • Simulated Exercises 32
  • 33. Sectors • Telecom • Critical Infrastructure • Financial Sector • Banking • Government sector • Oil and Gas • Insurance • Government • Real Estate • Aviation • IT/ ITeS • … Etc 33
  • 34. How can we help? • Gap Assessment • Training for top management • Implementation Roadmap • Coordinators Orientation training • Policy • Templates • RA Strategies • Vulnerability Assessment • Penetration Testing • Tool Assessment as per your IT setup • Data Centre assessment 34
  • 35. E-learning Support • Scope The BCM framework document defines principles, objectives and control considerations for initiating, implementing, maintaining, monitoring and improving business continuity controls in member organizations. The BCM framework document has an interrelationship with other corporate policies for related areas, such as enterprise risk management, health, safety and environment (HSE), physical security, cybersecurity (including cyber resilience and incident management). 35
  • 36. Continuity & Resilience (CORE) ISO 22301 BCM Consulting Firm Presentations by speakers at the 8th ME Business & IT Resilience Summit March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE