• No results found

INFOSEC.MY KNOWLEDGE SHARING SESSION

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "INFOSEC.MY KNOWLEDGE SHARING SESSION"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

INFOSEC.MY KNOWLEDGE

INFOSEC.MY KNOWLEDGE

SHARING SESSION

SHARING SESSION

Integration BCM into your

Integration BCM into your

Organization: Challenges &

Organization: Challenges &

Opportunities

(2)

Prabha Ramanathan

Prabha Ramanathan

( CBCP, MBCI, MBCS, MSCS) ( CBCP, MBCI, MBCS, MSCS)

Certified Business Continuity Professional Certified Business Continuity Professional

….have been involved in business .have been involved in business continuity & disaster recovery design,

continuity & disaster recovery design,

development, implementation, testing

development, implementation, testing

and training since 1993

(3)

Challenges in BCM

Challenges in BCM

z

z International LevelInternational Level z

z National LevelNational Level z

z Local LevelLocal Level z

z Business LevelBusiness Level

• Need • Design

• Development

(4)

Challenge 1 : What is BCM?

Challenge 1 : What is BCM?

Without have a complete picture / idea what

Without have a complete picture / idea what

BCM is, it would be difficult, if not

BCM is, it would be difficult, if not

impossible, to integrate it into your

impossible, to integrate it into your

Organization.

Organization.

How many of you can honestly say that you

How many of you can honestly say that you

have a total grasp of BCM?

(5)

Let’s look at some definitions

Let’s look at some definitions

A holistic management process that identifies potential impacts

A holistic management process that identifies potential impacts that that threatens an organization and provides a framework from building

threatens an organization and provides a framework from building

resilience with the capability for an effective response that sa

resilience with the capability for an effective response that safeguards feguards the interest of its key stakeholders, reputation, brand and valu

the interest of its key stakeholders, reputation, brand and value e creating activities.

creating activities.

THE BCI

THE BCI

Management process that safeguards the interest of its key

Management process that safeguards the interest of its key

stakeholders, reputation, brand and value creating activities by

stakeholders, reputation, brand and value creating activities by

identifying potential impacts that threaten the organization and

identifying potential impacts that threaten the organization and

provides a framework for building resilience and the capability

provides a framework for building resilience and the capability for an for an effective response

effective response

MS 1970 : BCM Framework

(6)

What is the PURPOSE?

What is the PURPOSE?

z

z To protect the key stakeholders, To protect the key stakeholders,

reputation, brand and value creating

reputation, brand and value creating

activities

activities

(7)

How do you achieve the PURPOSE?

How do you achieve the PURPOSE?

z

z By implementing a FRAMEWORK which By implementing a FRAMEWORK which will :

will :

1.

1. Identify Potential Threats to the OrganizationIdentify Potential Threats to the Organization 2.

2. Effectively respond to mitigate the impactEffectively respond to mitigate the impact 3.

3. Quickly and orderly recover key business Quickly and orderly recover key business operations

operations

4.

4. Restore and Normalize operations within a short Restore and Normalize operations within a short time frame.

(8)

What does the FRAMEWORK contain?

What does the FRAMEWORK contain?

z

z The framework is made up of :The framework is made up of :-

-z

z People People –– Designers, Executioners, SupervisorsDesigners, Executioners, Supervisors z

z Processes Processes –– Design, Development, MaintenanceDesign, Development, Maintenance z

z Strategies, Policies and ProceduresStrategies, Policies and Procedures z

z Infrastructure, Infrastructure, -- Facilities, Furniture, FittingsFacilities, Furniture, Fittings z

(9)

What is the difference between

What is the difference between

z

z BCM and Business Continuity Planning (BCP)BCM and Business Continuity Planning (BCP) z

z BCP and Disaster Recovery PlanningBCP and Disaster Recovery Planning z

z BCM and Crisis ManagementBCM and Crisis Management z

z Crisis Management and Emergency Crisis Management and Emergency Management

Management

z

(10)

Who should CHAMPION BCM?

Who should CHAMPION BCM?

z

z The Principal Officer The Principal Officer ieie. CEO, MD or GM should . CEO, MD or GM should

be the CHAMPION

be the CHAMPION z

z The Operations Department should be The Operations Department should be

responsible to design, develop and maintain the

responsible to design, develop and maintain the

plan

plan z

z BNM makes the Risk Department responsible for BNM makes the Risk Department responsible for

Banks & Financial Institutions

Banks & Financial Institutions z

z It now common for Business Continuity It now common for Business Continuity

Department / Units to be established in large

Department / Units to be established in large

organizations to handle the MAINTENANCE

organizations to handle the MAINTENANCE

PROGRAM

(11)

Challenge 2 : What Yardstick?

Challenge 2 : What Yardstick?

z

z How do I know that I have got a good BC How do I know that I have got a good BC plan in place?

plan in place?

z

z How do I know I have done it correctly?How do I know I have done it correctly? z

z How do I know my BC plans will be How do I know my BC plans will be

accepted by the Auditors, Regulators and /

accepted by the Auditors, Regulators and /

or Business Partners?

(12)

Standards & Guidelines

Standards & Guidelines

z

z MS 1970 MS 1970 –– Business Continuity Management Framework, SIRIMBusiness Continuity Management Framework, SIRIM

z

z BS 25999 BS 25999 –– 1 : Business Continuity Management 1 : Business Continuity Management –– Code of Practice, Code of Practice,

BSI

BSI z

z BS 25999 BS 25999 –– 2 : Business Continuity Management 2 : Business Continuity Management –– Specifications, Specifications,

BSI

BSI z

z HB 221 HB 221 –– 2005 : Business Continuity Management Handbook, 2005 : Business Continuity Management Handbook,

Standard Australia

Standard Australia z

z TR 19 TR 19 –– 2005 : Technical Reference on Business Continuity 2005 : Technical Reference on Business Continuity

Management, SPRING, Singapore

(13)

2. 2. DEFINING BCM DEFINING BCM STRATEGIES STRATEGIES 4. IMPLEMENTING 4. IMPLEMENTING BCM PROGRAMMES BCM PROGRAMMES 3. 3. DEVELOPING BCM DEVELOPING BCM PLANS PLANS 1. 1. GETTING TOP GETTING TOP MANAGEMENT MANAGEMENT SUPPORT SUPPORT BCM BCM PROGRAMME PROGRAMME MANAGEMENT MANAGEMENT 1. BCM Terms of Reference 1. Awareness and Training Programme 2. Exercising / Testing Programme 3. BCM Maintenance Programme 4. BCM Audit

(14)

Elements of a BC Plan

Elements of a BC Plan

z

z There are 5 elements which make up a BC There are 5 elements which make up a BC Plan. These elements are:

Plan. These elements are:-

-1. People 2. Data 3. Infra 2. Comms 5. Plans

(15)

Ensuring Readiness?

Ensuring Readiness?

z

z The only way of ensuring that your plans The only way of ensuring that your plans and people are ready for a disaster is by

and people are ready for a disaster is by

regularly:

regularly:-

-z

z Testing and ExercisingTesting and Exercising z

(16)

Opportunity 1 : Address Key Issues

Opportunity 1 : Address Key Issues

z

z Very often, organization are too busy Very often, organization are too busy making money to look at ‘gaps’ or

making money to look at ‘gaps’ or

‘vulnerability’ within their organization.

‘vulnerability’ within their organization.

z

z In fact, many organization are ‘fire In fact, many organization are ‘fire

fighting’ everyday that they don’t realize

fighting’ everyday that they don’t realize

that their vulnerability to a disaster is very

that their vulnerability to a disaster is very

high

(17)

Remember

Remember

z

z Disaster are not events but consequences or impact of Disaster are not events but consequences or impact of

an event.

an event.

z

z It may be argued that a DISASTER is a badly managed It may be argued that a DISASTER is a badly managed

Crisis.

Crisis.

z

z If we look at major catastrophes in the world, many are If we look at major catastrophes in the world, many are

due to lack of communication, complacency or bad

due to lack of communication, complacency or bad

maintenance.

maintenance.

z

z In the case of the Tsunami or Hurricane Katrina, it was In the case of the Tsunami or Hurricane Katrina, it was

clear that the lack of coordination and preparedness by

clear that the lack of coordination and preparedness by

authorities was the key reason for the extend of the

(18)

BCM gives us the OPPORTUNITY

BCM gives us the OPPORTUNITY

z

z To review and understand our To review and understand our VULNERABILITIES

VULNERABILITIES

z

z Identify our key business operations and Identify our key business operations and determine acceptable downtime

determine acceptable downtime

z

z Prepare ourselves and the organization for Prepare ourselves and the organization for Unknown

Unknown

z

z Work with business partners, vendors and Work with business partners, vendors and suppliers who are equally resilient

(19)

In Conclusion

In Conclusion

z

z Integrating and Implementing BCM into Integrating and Implementing BCM into your Organization is a tedious and

your Organization is a tedious and

complex process.

complex process.

z

z There are many guidelines, standards and There are many guidelines, standards and other documents available that can assist

other documents available that can assist

you.

you.

z

z Networking or seeking assistance are fast Networking or seeking assistance are fast and cost effective ways of implementing

and cost effective ways of implementing

BCM

(20)

References

Download now ( PDF - 20 Page - 271.15 KB )

Related documents

Ancient Rhetoric

As early as the fourth century BCE, Greek teachers of rhetoric gave suggestions about how a person's character (Greek ethos) could be p u t to per- suasive uses, and

Finding Aid to The HistoryMakers Promotional Videos (Chicago 2001)

The HistoryMakers is a national 501(c)(3) non profit educational institution founded in 1999, committed to preserving, developing and providing easy access to an

Code An App That Replicates A Spreadsheet

How could build apps spreadsheet app is think spreadsheets constantly have entered in code to replicating something that replicates processes in google.. Great tool or create a

On behalf of Ozarks Electric Cooperative Corporation, I respectfully submit the following documents for electronic filing in this matter:

Ozarks Electric Cooperative Corporation is seeking approval to change the Pre Pay Electric Service Program Tariff Sheet by removing the administration fee of $6.50 per month..

Denmark s National Reform Programme

The Danish Reform Strategy · October 2005 3 Fiscal sustainability requires, in particular, moderate growth in real public consump- tion of ½ per cent per year in the period

The proposed Project would be constructed in portions of Montana, South Dakota, Nebraska, Kansas, Oklahoma, and Texas.

Air quality impacts associated with operation of the proposed Project would include minimal fugitive emissions from crude oil pipeline connections and pumping equipment at the

Connecting the morphological and molecular species concepts to facilitate species identification within the genus Fragilaria (Bacillariophyta)

Sampling site Country Streams, Pentland Hills, Green Cleuch, above Balerno, Midlothian United Kingdom Streams, Pentland Hills, Green Cleuch, above Balerno, Midlothian United

Building A Website That Offers A Quotes

Does building policy has quotes and cited text, offers low compared to building a website that offers a quotes can do you need.. Free quotation management software