This document discusses the concept of corporate resilience and how it can be achieved. It defines resilience from engineering, psychological, ecological, and organizational perspectives. Corporate resilience is described as an organization's ability to adapt quickly when facing disruptive events through adaptive, proactive, and reactive strategies. The document outlines three dimensions that contribute to organizational resilience: management processes, organizational attributes, and leadership and culture. It argues that resilience is achieved through an integrated approach involving risk management, business continuity planning, security, and other functions working together from both a top-down leadership model and bottom-up employee engagement. Standards and frameworks that can assist in building resilience are also reviewed.
Certified in Risk and Information Systems Control™ (CRISC™) is the most current and rigorous assessment which is presently available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.
CRISC help enterprises to understand business risk, and have the technical knowledge to implement appropriate IS controls.
This CRISC Certification training course accredited by ISACA is ideal for IT professionals, risk professionals, control professionals, business analysts, project managers, compliance, professionals and more.
To know more about CRISC Certification training worldwide,
please contact us at -
Email: support@invensislearning.com
Phone - US +1-910-726-3695,
Website: https://www.invensislearning.com
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
PECB Webinar: Risk Treatment according to ISO 27005PECB
Summary:
Risk management is a trade-off between risks and costs. Risk treatment is no doubt essential for any business or individual to survive. ISO 27005 elaborates different methods on treating risk related to information security, which help organizations to mitigate risks. In this free PECB International webinar, the following areas will be covered:
• Risk treatment option
• Risk treatment plan
• Evaluation of residual risk
Presenter:
This webinar will be presented by Mohamad Khachab, an independent consultant and a managing partner of ICS SARL, a boutique management consulting, recruiting, and training firm in Lebanon. Khachab has a wide range of information risk management and IT procurement skills earned through more than 30 years of experience in the US and Middle East. Khachab has been performing consulting assignments since the late 80's (KPMG, AIC, ADETEF, Nielsen, World Bank, ITCILO, etc.). He has established a strong reputation and proven record of delivering benefits to clients by teaching information risk management and MIS to businesses and universities.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
Certified in Risk and Information Systems Control™ (CRISC™) is the most current and rigorous assessment which is presently available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.
CRISC help enterprises to understand business risk, and have the technical knowledge to implement appropriate IS controls.
This CRISC Certification training course accredited by ISACA is ideal for IT professionals, risk professionals, control professionals, business analysts, project managers, compliance, professionals and more.
To know more about CRISC Certification training worldwide,
please contact us at -
Email: support@invensislearning.com
Phone - US +1-910-726-3695,
Website: https://www.invensislearning.com
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/3iSww5L
PECB Webinar: Risk Treatment according to ISO 27005PECB
Summary:
Risk management is a trade-off between risks and costs. Risk treatment is no doubt essential for any business or individual to survive. ISO 27005 elaborates different methods on treating risk related to information security, which help organizations to mitigate risks. In this free PECB International webinar, the following areas will be covered:
• Risk treatment option
• Risk treatment plan
• Evaluation of residual risk
Presenter:
This webinar will be presented by Mohamad Khachab, an independent consultant and a managing partner of ICS SARL, a boutique management consulting, recruiting, and training firm in Lebanon. Khachab has a wide range of information risk management and IT procurement skills earned through more than 30 years of experience in the US and Middle East. Khachab has been performing consulting assignments since the late 80's (KPMG, AIC, ADETEF, Nielsen, World Bank, ITCILO, etc.). He has established a strong reputation and proven record of delivering benefits to clients by teaching information risk management and MIS to businesses and universities.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
Presenting this set of slides with name - Business Continuity Management PowerPoint Presentation Slides. This complete deck is oriented to make sure you do not lag in your presentations. Our creatively crafted slides come with apt research and planning. This exclusive deck with fifty-two slides is here to help you to strategize, plan, analyze, or segment the topic with clear understanding and apprehension. Utilize ready to use presentation slides on Business Continuity Management PowerPoint Presentation Slides with all sorts of editable templates, charts and graphs, overviews, analysis templates. It is usable for marking important decisions and covering critical issues. Display and present all possible kinds of underlying nuances, progress factors for an all inclusive presentation for the teams. This presentation deck can be used by all professionals, managers, individuals, internal external teams involved in any company organization.
A to Z of Information Security ManagementMark Conway
The purpose of information security is to protect an organisation’s valuable assets, such as information, Intellectual property, hardware, and software.
Through the selection and application of appropriate safeguards or controls, information security helps an organisation to meet its business objectives by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets.
In this A to Z I’d like to outline some of the key focus areas for organisations wishing to pursue compliance to the ISO27001 Information Security standard.
Cryptika cybersecurity - company profileSafwan Talab
Why Choose Cryptika
Weaknesses in information security can jeopardize your mission, threaten your profitability, and invite fines and penalties from regulatory bodies.
If you aren’t completely confident in your information security posture or your ability to manage IT risk, talk to Cryptika.
Our cyber security consultants provide services and solutions that deliver continuous security assurance for business, government, and critical infrastructure.
By having around the clock monitoring and analysis, security is now a business enabler to help enterprises embark on their transformation journey confidently...
لماذا عليك اختيار كريبتيكا
نقاط الضعف في أمن المعلومات يمكن أن تعرض مهمتك للخطر، وقد تهدد الربحية الخاصة بك، او تجلب لمؤسستك الغرامات والعقوبات من الهيئات التنظيمية.
إذا لم تكن واثقًا تمامًا من وضع أمان معلوماتك أو قدرتك على إدارة مخاطر تكنولوجيا المعلومات، فتحدث إلى كريبتيكا.
يقدم مستشارو الأمن الرقمي لدينا الخدمات والحلول التي توفر ضمانًا أمنيًا مستمرًا للأعمال والحوكمة والبنية التحتية الحيوية.
من خلال المراقبة والتحليل على مدار الساعة، أصبح الأمن الآن أداة تمكين الأعمال لمساعدة الشركات على الشروع في رحلة تحولها الرقمي بثقة ...
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/35YJ5W9
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
Here is your guide on how to progress through the cyber security career ladder. This resource shows you all the different cyber security roles and the qualifications needed for each!
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
Developing an attractive website for your business operations to generate more leads and profit for the company is no longer the only concern. There are various other factors in play. It is important to ensure that the website and software of your company are safe from any kind of malware. The main priority of any organization should be to build a defence system for its servers and data. Render your expert service to the clients and meet their requirements with this Cyber Security for Organization Proposal PowerPoint Presentation Slides. Utilize this PPT template to highlight your key deliverables such as uninterrupted server protection, secure organization information, network security, penetration testing, monitoring system vulnerabilities, and personnel training to avoid cyber attacks. Use this internet security PPT layout to talk about the whole process of project kick-off, planning, development, implementation, maintaining, and training for the cyber security services that your company adopts. Showcase the overall project cost that a client has to invest in availing your services as well as mention in detail the financial outlay according to each service and package. Grab the opportunity to educate your audience about the additional services that you provide like software development, cloud services, security, and networking by employing our electronic safeguard services PPT deck. Implement this visually-appealing security services PowerPoint theme to present an attractive business overview of your company and convey your mission, vision, objectives, and goals in an organized manner. Gain the trust of your clients by displaying your past achievements, awards, and client testimonials with this PPT design. You can take the assistance of this PowerPoint slide to inform the customer about your expertise in mobile app development, onsite developer, and business intelligence analytics. Download our ready-to-use computer security PPT graphic and promise the best security to your clients and make an everlasting impression on them. https://bit.ly/3fxyjMt
The GDPR Foundation training allows you to study the essential elements to execute and manage the framework of compliance with respect to the personal data protection. All through this training course you will be able to comprehend the fundamental principles of privacy and get acquainted with the role of the Data Protection Officer.
BS 11200 Crisis Management and BS 65000 Organizational Resilience and what is...Continuity and Resilience
Presented by: Bill Crichton FBCI
May 27th 2015
1. Crisis Management is an essential part of any BCM programme
2. Organizational resilience is the goal of any BCM programme
3. New Standards in ISO 22301 family
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
Presenting this set of slides with name - Business Continuity Management PowerPoint Presentation Slides. This complete deck is oriented to make sure you do not lag in your presentations. Our creatively crafted slides come with apt research and planning. This exclusive deck with fifty-two slides is here to help you to strategize, plan, analyze, or segment the topic with clear understanding and apprehension. Utilize ready to use presentation slides on Business Continuity Management PowerPoint Presentation Slides with all sorts of editable templates, charts and graphs, overviews, analysis templates. It is usable for marking important decisions and covering critical issues. Display and present all possible kinds of underlying nuances, progress factors for an all inclusive presentation for the teams. This presentation deck can be used by all professionals, managers, individuals, internal external teams involved in any company organization.
A to Z of Information Security ManagementMark Conway
The purpose of information security is to protect an organisation’s valuable assets, such as information, Intellectual property, hardware, and software.
Through the selection and application of appropriate safeguards or controls, information security helps an organisation to meet its business objectives by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets.
In this A to Z I’d like to outline some of the key focus areas for organisations wishing to pursue compliance to the ISO27001 Information Security standard.
Cryptika cybersecurity - company profileSafwan Talab
Why Choose Cryptika
Weaknesses in information security can jeopardize your mission, threaten your profitability, and invite fines and penalties from regulatory bodies.
If you aren’t completely confident in your information security posture or your ability to manage IT risk, talk to Cryptika.
Our cyber security consultants provide services and solutions that deliver continuous security assurance for business, government, and critical infrastructure.
By having around the clock monitoring and analysis, security is now a business enabler to help enterprises embark on their transformation journey confidently...
لماذا عليك اختيار كريبتيكا
نقاط الضعف في أمن المعلومات يمكن أن تعرض مهمتك للخطر، وقد تهدد الربحية الخاصة بك، او تجلب لمؤسستك الغرامات والعقوبات من الهيئات التنظيمية.
إذا لم تكن واثقًا تمامًا من وضع أمان معلوماتك أو قدرتك على إدارة مخاطر تكنولوجيا المعلومات، فتحدث إلى كريبتيكا.
يقدم مستشارو الأمن الرقمي لدينا الخدمات والحلول التي توفر ضمانًا أمنيًا مستمرًا للأعمال والحوكمة والبنية التحتية الحيوية.
من خلال المراقبة والتحليل على مدار الساعة، أصبح الأمن الآن أداة تمكين الأعمال لمساعدة الشركات على الشروع في رحلة تحولها الرقمي بثقة ...
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
This template is useful in presenting cybersecurity plan to higher authority. Cybersecurity officer will present it to top level management. It will help in determining the roles and responsibilities of senior management and executives who are responsible in handling risks. Firm will also optimize its cybersecurity risk framework. Firm will assess the current concerns that are impeding cybersecurity in terms of increase in cybercrimes, data breach and exposure and amount spent on settlements. It will also analyze firm its current cybersecurity framework. Firm will categorize various risk and will assess them on parameters such as risk likelihood and severity. The IT department will also improve their incident handling mechanism. Cybersecurity contingency plan will be initiated by firm. In this plan, firm will build an alternate site for backup maintenance. Backup site selection will be done by keeping certain parameters into consideration such as cost for implementation, duration, location, etc. The other plan essentials include business impact assessment, vital record maintenance, recovery task list maintenance, etc. The template also includes information regarding the role of personnel in terms of role and responsibilities of line managers, senior managers and executives in risk management. It also includes information related to the role of top management in ensuring effective information security governance. The information regarding the budget required for the cybersecurity plan implementation is also provided with staff training cost. https://bit.ly/35YJ5W9
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
One of the core Meaningful use measures requires providers to perform a security audit to ensure the protection of patient information. Learn more about what a security audit should entail, as well as potential risks and how configuration options within the SuccessEHS solution can be used to protect patient data.
As a follow-up on the previous session (4th of December), we run through the GDPR part of the ISO/IEC 27701 standard which has been published in August 2019.
We'll take it from another angle and use the ISO/IEC 27701 as a guide to complete the checklist for the GDPR implementation.
Also, with the help of the (new) PECB ISO/IEC 27701 lead auditor course, we'll have an auditor's look at the ISO certification and compliance. It's important to see how it works, to make sure your GDPR implementation can withstand the increasing demand for maturity from customers, subjects and data protection authorities that start to exercise their rights.
The ISO27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
- The GDRP view of the ISO/IEC 27701
- Mapping the GDPR to-do and the ISO/IEC 27701 to-do list.
- The ISO/IEC 27701 auditor mindset
- Compliance AND/OR/XOR solid data protection?
- Status of GDPR certification
Date: December 04, 2019
Recorded Webinar: https://www.youtube.com/watch?v=P80So3ryvJ8&feature=youtu.be
Here is your guide on how to progress through the cyber security career ladder. This resource shows you all the different cyber security roles and the qualifications needed for each!
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
Developing an attractive website for your business operations to generate more leads and profit for the company is no longer the only concern. There are various other factors in play. It is important to ensure that the website and software of your company are safe from any kind of malware. The main priority of any organization should be to build a defence system for its servers and data. Render your expert service to the clients and meet their requirements with this Cyber Security for Organization Proposal PowerPoint Presentation Slides. Utilize this PPT template to highlight your key deliverables such as uninterrupted server protection, secure organization information, network security, penetration testing, monitoring system vulnerabilities, and personnel training to avoid cyber attacks. Use this internet security PPT layout to talk about the whole process of project kick-off, planning, development, implementation, maintaining, and training for the cyber security services that your company adopts. Showcase the overall project cost that a client has to invest in availing your services as well as mention in detail the financial outlay according to each service and package. Grab the opportunity to educate your audience about the additional services that you provide like software development, cloud services, security, and networking by employing our electronic safeguard services PPT deck. Implement this visually-appealing security services PowerPoint theme to present an attractive business overview of your company and convey your mission, vision, objectives, and goals in an organized manner. Gain the trust of your clients by displaying your past achievements, awards, and client testimonials with this PPT design. You can take the assistance of this PowerPoint slide to inform the customer about your expertise in mobile app development, onsite developer, and business intelligence analytics. Download our ready-to-use computer security PPT graphic and promise the best security to your clients and make an everlasting impression on them. https://bit.ly/3fxyjMt
The GDPR Foundation training allows you to study the essential elements to execute and manage the framework of compliance with respect to the personal data protection. All through this training course you will be able to comprehend the fundamental principles of privacy and get acquainted with the role of the Data Protection Officer.
BS 11200 Crisis Management and BS 65000 Organizational Resilience and what is...Continuity and Resilience
Presented by: Bill Crichton FBCI
May 27th 2015
1. Crisis Management is an essential part of any BCM programme
2. Organizational resilience is the goal of any BCM programme
3. New Standards in ISO 22301 family
Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
I\'m speaking at the QLD Safety Conference in Brisbane 21-23 June 2011 where I will present "Why my contractor is killing me". Check out the full program.
A presentation given by international keynote speaker Dr. Stephen Muething from Cincinnati Children's Hospital, USA at the CHA conference The Journey, in October 2012.
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
This report from the Security for Business Innovation Council (SBIC), sponsored by RSA, contends that keeping pace with cyber threats requires an overhaul of information-security processes and provides actionable guidance for change.
This a presentation on the Basic Security Concepts which is focused on ensuring that the Company can achieved it Goals of Efficiency, Stability, Profitability, Growth and Sustainability. it sets aside the use of force and fortification as a conventional mindset for security
3. What is Resilience?
Engineering:
Resilience is the property of a material to absorb energy when it is deformed elastically
and then, upon unloading to have this energy recovered.
Psychology:
Resilience in psychology is the positive capacity of people to cope with stress and adversity.
Ecology:
In ecology, resilience is the capacity of an ecosystem to respond to a perturbation or
disturbance by resisting damage and recovering quickly.
Networking:
Resilience is the ability to provide and maintain an acceptable level of service in the face of
faults and challenges to normal operation.
Organisations:
Resilience is defined as “the positive ability of a system or company to adapt itself to the
consequences of a catastrophic event.
4. ASIS Organisational Resilience
Resilience is an organization’s ability to quickly, efficiently, and effectively adapt to
a change, such as disruptive events (natural, intentional or unintentional), by
implementing adaptive, proactive and reactive strategies. (Marc Siegel Sydney 2010)
BCI Organisational Resilience
“Holistic management process that identifies potential threats to an organization
and the impacts to business operations those threats, if realized, might cause, and
which provides a framework for building organizational resilience with the
capability for an effective response that safeguards the interests of its key
stakeholders, reputation, brand and value-creating activities."
19. And Then There Are A Few
Standards
AS/NZS ISO 31000 2009 Risk Management Standard
AS/NZS ISO 9001 2008 Quality Management System
AS 8001 2003 Fraud & Corruption Control
AS 8000 2003 Good Governance Principles
AS 3745 2010 Planning for Emergencies in Facilities
AS/NZ 5050 2010 Business Continuity – Managing disruption related
risk
AS 4083 2010 Planning for Emergencies – Health Care
BS 7799 Information Security Management
BS 31100 2011 Risk Management: Code of Practice
BS 25999-2 2007 Business Continuity management
ASIS SPC. 1 2009 Security, Preparedness and Continuity Management
Systems
ISO/IEC 10181 1996 Security frameworks
ISO/IEC 13335 2001 IT security management
ISO TR 13569 2005 Financial services - information security
guidelines
ISO 20858: 2007 Ships and marine technology -- Maritime port
facility security assessments and security plan
development
IS0 28001 2007 Security Management Systems for the supply chain
20. LEADERSHIP
The Top Down Dynamic
• Leadership align O.R. with business objectives
• Leadership uses O.R. to seize new business practices e.g.
technology
• Leadership embraces new organisational principles i.e. corporate
governance
• Leadership drives and supports change in internal and external
environments
• Leadership MUST delegate operational responsibility to business
units
• Leadership MUST value diversity
• Leaders MUST protect shareholder value
• Leadership can use O.R. to deliver long term value
22. Organisational Resilience is also
BOTTOM UP
• The numerous functional processes including
Security Management, Risk Management, BCM,
Health & Safety, Governance, Internal Audit,
Financial Management drive O.R from bottom up
• Businesses MUST nurture Creativity and
Learnability within to allow bottom up influence on
O.R.
• Behaviours and Trust must be embedded from the
Bottom Up
• Communication MUST be a two way interaction
Bottom up as well as Top Down
24. SO WHERE TO FROM HERE?
• Identify and understand the essential
elements of Organisation Resilience
• Capture the principles
• Deliver a practical O.R. model to
assist organisations to become more
resilient
• Ultimate aim to gain consensus as to
what organisational actually is
Source: Australian Journal Emergency
Management
25. Thank You
Questions
Bruce Braes Dr. David Brooks
AECOM School of Computer & Security Science
Perth Edith Cowan University
Western Autralia Perth
bruce.braes@aecom.com Western Australia
d.brooks@ecu.edu.au
Source: Australian Journal Emergency
Management
Editor's Notes
Before we begin I would like to set a baseline upon which this presentation is based.Research being conducted for PhD in Australia, USA, UK, Singapore, New Zealand and Hong KongThis presentation represents our understanding from research conducted until now and may not be universally acceptedWhen we use the term Organisational Resilience we refer to Corporate or Business Resilience
Arguments prevail that Organisational Resilience is a rebranding exercise by policy makers. Disagreement exists whether Organisational Resilience is - a framework, process or outcome. Resilience is used extensively in both government and corporate environments; however, there is conjecture as to what Corporate or Organisational Resilience is. The presentation provides a framework that defines and applies corporate resilienceDoes a Standard provide the resolution?
The concept of resilience in academic terms has its origin in fields psychology and child behaviour (Coutu, 2002; Reinmoeller & VanBaardwijk, 2005). Resilience is a fundamental quality of individuals, groups, organisations and systems as a whole to respond productively to significant change that disrupts the expected pattern of events without engaging in an extended period of regressive behaviour (Horne III & Orr, 1998)
ASIS promotes organisational resilience as an abilityThe Business Continuity Institute promotes Organisational Resilience as a process
We understand Organisational Resilience as a STATE or CULTUREIt relies upon both Top down and Bottom up interactions i.e LEADERSHIP and PROCESSIt is about It is about ADAPTABILITY TENACITY FLEXIBILITYIt must be FIT FOR PURPOSE = is different for every organisation
Resilience & Maslow’s Theory can be easily mapped against each other
ASISSPC 1 is a very good tactical tool to assist implementation
One of the principal barriers to organizational maturity in this area is that frequently,resilience elements are viewed as separate, with separate sponsors, stakeholders,audiences and objectives.Security generally sits at middle management level, as do Information Security, Health &Safety, BCM etc., with only Crisis Management regularly engaging Senior Management.To truly embed resilience in an organization, all other aspects of resilience must beregarded as part of an integrated whole, owned and driven by senior management andencouraging both individual and collective resilience in all areas of operations. This must bethe level of maturity which we should be promoting organisations to aspire to.We are unlikely ever to see a Security Director on the main board, but if all theResilience disciplines are seen as part of an integrated organizational resilience model directly tied to brand, reputation, stakeholder value or share price, perhaps one day alongside the CEO, CIO and CFO we might see a CRO (Chief Resilience Officer) whose job is to protect the intrinsic value of the organization.