Copyright 2006-2008 1105Media Inc. See our Privacy Policy
- Security Products •
- Federal Computer Week •
- Water & Wastewater News •
- Occupational Health & Safety •
- Campus Technology
This popular all-day session provides a solid foundation for understanding business continuity principles and practices. The course is a starting point for all new planners and, when combined with other sessions at the conference, builds a framework for developing and implementing a business recovery plan. Learn all about safety, incident response, risk analysis, recovery strategies, plan development, plan testing and maintenance and awareness programs. This is also a terrific refresher course for more experienced planners. Participants receive a manual and sample recovery plan.
Public Law 110-53, which is based on implementing recommendations of the 9/11 Commission Act of 2007, provides for voluntary certification of emergency and business continuity plans using independent third-party firms. As the process for certification has not yet been determined, it’s a perfect time to examine the process of conformity assessment (CA). A well-defined and developed process, CA validates, through a series of structured activities, that a product or service indeed conforms to one or more identified standards. This session examines the CA process and provides delegates with insight on a process that may in time become very important to the business continuity profession.
This session provides an in-depth review of the Wells Fargo BC plan profile process. Profiling provides independent, unbiased review of a BC plan and it's critical components to ensure the plan can provide for viable recovery at time of incident. This includes both business and technology plan profiles. Attendees will learn the origins of the Wells Fargo profiling process, the components of a good profile and take away a process they can incorporate within their own organizations in an entertaining, fast-paced presentation.
Emergency Health Service (EHS) is Nova Scotia’s only emergency medical agency, responsible for 973,000 residents spread over almost 40,000 square miles of largely rural landscape. With no other agencies to back it up and many residents depending on it as their sole link to emergency medical care, EHS puts a high value on reliability, continuous availability and readiness throughout its organization. In this session, attendees will hear how fault-tolerant systems are helping EHS maintain disaster-proof, 24/7 emergency medical services by providing 99.999-percent uptime for computerized dispatch software at its primary and backup communications centers. The session will also describe how EHS tested its plan by conducting a full-scale evacuation of their center during the middle of a typical day. The test showed them what works and helped them identify areas that needed improvement. Attendees will hear these results and leave understanding why it’s important to build disaster recovery into operational plans.
Team coordination, group dynamics, leadership and decision-making capabilities are all integral and essential components to effective management of risk, response and recovery in catastrophic events. At these times, groups are formed quickly from diverse professionals, responders and officials who carry unrelated skill sets and organizational repetoires. They are asked to work together in a coordinated effort to with strong leadership, effective communication and the capability to provide direction and safety in extreme conditions. This program is designed to provide an in-depth examination and practice with some of the dynamic components which characterize disaster response teams. Training will address integral processes which demand flexibility and cooperation under stress and will familiarize participants with priorities in group cohesion and adaptibility to circumstances, and help to recognize particular strengths and weaknesses with guidelines in how to continue to be effective.
Have you ever seen an employee walk out with a mainframe computer? If not, better check again. With today’s multi-gig USB devices, iPods and pocket PCs equaling the capacity of hard drives, organizations must start assigning value to assets based on the cost to business if the asset is compromised. This can only be accomplished through an integrated security strategy that incorporates people, process and technology. This session will address systemic weaknesses introduced by new corporate technologies and how information security attacks targeted at both the organization's business systems and employees can result in high costs of recovery and critical information loss.
Whatever crisis you've planned for, employees will be affected; sometimes physically, always emotionally. In a crisis of short duration, most recover quickly and get back to work. If it is a disaster, recovering productivity is a longer process. A very powerful piece of your contingency plans should include getting people back to work quickly and effectively. Mitigating the risks of worker's compensation, absenteeism or reduced productivity become key to business recovery and continued financial success. This session covers the employee-focused actions providing the highest positive return on your plans; what leadership qualities and competencies people most respond to; why HR professionals are beginning to play a role in contingency planning and how you can partner with HR to improve your planning process to include contingent HR policies and special programs.
This session will discuss business continuity, the rapid growth of various planning models, and requriements and regulations driving the industry today. It will also look at the influencers and effects they have on business today.
This case study will explore the innovative methods used at News Corporation for conducting senior executive level BIAs in key operating companies. This unique, rapid and painless approach does not follow survey or interview processes traditionally advocated in BC literature yet produces results that are arguably more valuable. Objectives, deliverables, and approach will be studied as well as key techniques including: value-chain analysis and value proposition development. All pre-session through post-session presentations and other materials will be reviewed. Session participants should be able to replicate the process following their participation.
Business and industrial facilities are vulnerable to natural and manmade emergencies. During a crisis, valuable time is gained through improved situational awareness and preparedness. The development of a visual facility database is a powerful tool for emergency managers, planners and responders. The visual database enables quick interactive access to a wide range of information, including aerial imagery, maps, floor plans, interactive 3-D models, virtual walkthroughs and live security cameras. Ready access to the visual database, coupled with site-specific risk analysis, hazmat data, utilities and other information, improves situational awareness and rapid incident response. Emergency preparedness is improved through virtual access to busy facilities for planning and training. Advanced visualization is a powerful tool when complex information must be quickly absorbed. The overall result is a more secure environment through facility visualization, making it an investment in asset and personnel protection.
Understanding how to identify and subdue, without force or disruption, individuals who are an immediate danger to the safety of people in a public facility, including schools, is a challenge. There is a delicate balance of threat suppression and dealing in close quarters (ie. classrooms, offices, laboratories), including the handling of minors by adults. How can this be achieved without disrupting the orderly process of daily activities and creating panic within a large public space? After four years in an urban school setting and 15 years clearing out drug-infested neighborhoods, this educator has some clear observations. Learn how interventions are possible to conquer the fear of violence and terror activities within a public setting.
The last five years have seen the development and enhancement of industry leading toolkits that include business continuity and security components; IT infrastructure library (ITIL), control objectives for IT (COBIT) and the quality standard ISO 20000. This presentation will integrate learnings from these toolkits into the BCP process to guide the BCP and/or security efforts of an organization and provide an integrated best practice environment. In particular, the session will examine principles from the ITIL-defined IT service continuity management process, management guidelines for service continuity from COBIT and security policies from ISO 20000 in the definition of contingency strategy planning, testing, implementation and maintenance of the technical (disaster recovery) plans as applied to the BCP process. The sesion will provide examples of these best practice methodologies being implemented in BCP through applications in disaster recovery planning.
Managers contemplate daily, sometimes hourly, how to move forward with minimal risk. Evaluated is the cost of the decision (hard and soft), and this is mitigated by the potential fallout, including potential litigation and negative public reaction. Is there room in the process to "do what is right because it's the right thing to do"?
The threat of workplace violence can be successfully managed by the use of threat assessment teams. This session will use case studies, video, and audience participation in threat assessment exercises to help them later manage some of their most difficult interpersonal situations -- those involving high-risk people who threaten their organizations internally or externally. Attendees will receive a threat assessment questions job aide cheat sheet and learn who should be on a TAT, when the team needs to convene and how to create a plan of action to manage the actions of current or former employees, outsiders, domestic violence perpetrators, cyberstalkers and others who seek to disrupt the business.
Convincing management to invest in BCP is always a challenge. This session, taught by one of the BCP industry’s leaders, discusses how to get management to focus on BCP. This session will zero-in on how to get management to specifically invest in an emergency notification system. Content will include how to develop allies, how to get funding and what features are important because of their “saleability.”
REACH is the new European Union chemical regulatory scheme that is changing the way companies must communicate up and down their supply chains, both inside and outside of the EU. This lecture will detail the main points of the regulation and point out the inter-company issues involved. It will also provide suggestions on how companies should prepare to deal with REACH.
Large-scale disasters have drawn attention to the need for medical surge capacity. It is this surge capacity that was eliminated in order to maximize efficiency. Healthcare is now being charged with the task of increasing surge capacity to accommodate an influx of patients requiring triage and emergency care with little or no advance warning. Surge needs associated with a pandemic are among the most challenging given that surge capacity would likely be depleted. Commonly, hospital disaster plans rely on external sources to maintain surge capabilities and create additional capacity. External mechanisms include alternate care sites, patient transfers, volunteerism and special disaster medical assistance teams. External assistance is unlikely to be available to hospitals in catastrophes such as a pandemic. Employee illness, care for family members and fear of contracting serious illness may drive hospital absenteeism rates to 40 percent while needs for services may increase well above the norm.
SOA enables businesses to define and implement loosely-coupled and coarse-grained services to increase ROI and reusability. This session identifies the SOA security stack, such as SAML, WS-Federation, WS-Policy and XACML, to give participants basic understanding of the security for SOA. The session then introduces the road map for applying BCP to SOA: BCP must be considered in the early stage of a SOA initiative; senior management support is crucial; a service partner's support is important, and data and service redundancy is no longer sufficient; clear definition of the responsibilities and downstream liabilities due to the impact of SOA services is mandatory. Finally, the session will give some practical recommendation on how to secure SOA applications.
Every large commercial enterprise must successfully deal with challenges of planning, coordinating and managing IT governance and compliance. However, in most organizations, IT decision makers lack strategic insight into spending, performance and TCO of programs. This presentation will discuss how IT project decision making continues to be based on reactive responses to needs, inadequate risk-versus-value assessments and over-optimistic projections of outcomes. Whatever business case is made to launch an initiative at a departmental or division level, it rarely includes the necessary factual details to ensure accurate estimates, and it usually increases IT spending without consideration of objectives or priorities. Employing non-biased performance measures, benchmarks and models reveal the true risks and cost benefits of IT governance and compliance programs.
The term “resiliency” has been used often in recent times to refer to an advanced achievement in business continuity planning. But each reference seems to be at least a little different than the last in terms of what “resiliency” specifically means. So what does “resiliency” mean? The SEI (Software Engineering Institute) has provided a detailed answer! The SEI Computer Emergency Response Team, of Carnegie Mellon University, has developed extensive guidance through their “Resiliency Engineering Framework,” which puts a definitive and specific foundation on the meaning of “resiliency” for both IT and business processes. This session will provide a walkthrough of this important guidance.
This case study presents the successful application of enterprise risk management techniques to develop an organization. Specifically, an alliance contract was established between a utility and an electrical contractor to execute approximately $100 million of substation and transmission line projects to upgrade and stabilize the electrical transmission grid in Northern Wisconsin. A contingency and risk management matrix process was developed and applied at both the project and program levels to identify, assess and determine the proper response and control activities. The net result of this application was to substantially reduce the total risk expenditures and maximize the information flow between all alliance team members, which ultimately resulted in a very satisfied customer and a mature risk management organization.
Developing an integrated public-private emergency response system will support collaborative and synchronized public safety, medical, corporate and governmental responses in domestic disasters. Mission accomplishment is achieved by identifying opportunities for such integration through an initial strategic assessment and then by developing, piloting, implementing, evaluating and disseminating programs and services that meet the documented needs of both public-private partners. The public and private sectors each have numerous directives, standards, regulations and guidelines that encourage or require such integration. Additionally, challenges identified from response activities during natural disasters such as hurricanes Katrina and Rita have highlighted the necessity of achieving a greater level of integration. Although both public and private organizations themselves have expressed interest in preparing for joint responses, substantial support by joint leadership is required.
Assessing and addressing risks in the vulnerability of diverse infrastructure has no easy formula. While there are some guidelines offered in the National Infrastructure Protection Plan, the efforts to coordinate these with the National Response Plan and NIMS has not been without confusion. This study examines some real and potential vulnerabilities, including physical structures, personal, as well as some IT security issues. It will provide a tactical structure to assist with clarifying identification methodology, strategical procedures and tactical response options through the local, state and federal network while referencing the mentioned policy documents.
Crisis leaders face challenges outside the box of normal operations. It is one thing to be a good leader, it is entriely another to be a good crisis leader. The aspect of crisis brings a plethora of factors into the leadership equation that many are not prepared for. With crisis leaders coming from other disciplines, how are they prepared to handle tough decisions, and what can be done to prepare them for performance in a "real" crisis situation? The reality is crisis practices can do more. This session blends theory and practice to demonstrate and explain the gaps that exist in current crisis management and leadership fields. This session will provide tips to allow attendees to reflect upon their own crisis leadership abilities and their current crisis practices, and examine how they too can build better crisis leaders within themselves and their company.
Don’t be caught unprepared! Find out how you would perform in an actual disaster. This popular, dynamic workshop is a favorite at CPM. Get ready for the action and sign up early to reserve your seat. This session fills up quickly!
Data storage requirements continue to grow at a dizzying pace. Backup times are increasing, and backup windows are shrinking. How do you get a handle on this rampant growth while ensuring your business can still recover after an incident? This session presents a case study of a major international law firm's experience in changing its disaster recovery methodology from use of a national recovery vendor to an internal consolidation and replication of data storage resources. Learn how they accomplished this change over a two-year period, reducing their recovery time objective from more than 34 hours for critical data to less than four hours. What were the requirements? What were the critical factors? How do you breakdown such a complex project? The case study will highlight the various tasks that were accomplished, the phases they followed and some of the pitfalls they would work to avoid the next time they undertake such a project.
Many small and medium sized businesses lack the resources, time and budget to validate their emergency plans by conducting contingency tests and exercises annually. But with a little planning and management support, testing can not only be conducted easily on an annual basis but can also be embedded into your everyday operations schedule. Through discussion and interactive workshops attendees will learn test methods geared towards saving time and money by using the companies' existing resources.
On July 22, 2007, Mike McConnell, head of national intelligence, was a guest on "Meet The Press," where he discussed recent intelligence reports where al Qaida is reported to be planning a mass casualty attack on U.S. soil. Those threats come in the form of nuclear, biological and chemical threats. The presenter will discuss biological, chemical and nuclear issues, so that the audience will better understand the threats, identify related symptoms, know what safety measures to employ and understand their potential impact. With a good working knowledge of these mass casualty threats, there will be less panic, higher rates of survival, and companies will have a higher probability of continuing their operations in event of an attack. It will also be stressed that a comprehensive BCP that has been revised and exercised on a regular basis will dramatically increase the survival rate of a company, no matter what the threat may be.
Network and IT devices are constantly logging events and capturing information -- these event and audit logs are among the most reliable, accurate and proactive tools needed to secure IT environments and thwart malicious activity. Yet, few organizations understand what devices to monitor, what information to capture or how to properly mine the data. This session will outline a step-by-step event log process for information security and network management professionals. In this session, information security and network professionals will learn which devices to track and monitor, including Windows/Unix devices, Web servers, firewalls and other devices, such as routers and switches; how to determine what information you need, and how often you need to review it; and what tools are available to ease the management of event-log data.
Are you worried about how your vendors deliver systems and services? Business continuity relies on executing processes -- whether in the development, implementation or operation of the system lifecycle. Many organizations are developing processes and procedures and are not getting the results they need from these processes because they have no way of judging compliance with standards. Often, they are hoping their vendors are following standards because they do not have the in-house skills to properly monitor the work. A properly structured independent verification and validation (IV&V) engagement can proactively ensure process continuity and conformance to standards throughout the system lifecycle and/or the vendor's contract. This session will demonstrate how IV&V will ensure business continuity in a cost-effective manner.
When thinking about e-discovery, it is helpful to think of two sides of a coin. First, how is the source information being operationally managed -- from routing, archiving and how it will be recovered? Second, what is the process that is used after the subpoena or discovery request hits? The two issues are tightly linked, since the better the policy management of the electronically stored information, the more efficient and less risky the e-discovery process can be.
It is essential that companies involve legal counsel in preparedness activities from the onset, especially when considering catastrophe planning. This informative session will cover an overview of legal issues that can arise from a crisis, whether due to avian flu, natural disasters or terrorism. Topics will include legal issues surrounding human resources management, wage and hour, leave policies, OSHA, the WARN Act, whistleblowing, employment contracts, benefits, discrimination, defamation and privacy. It will also address other business planning legal issues, such as supplier/vendor contracts, the Sarbanes-Oxley Act of 2002, insurance coverage and work-at-home infrastructure. The presentation will address how governmental authorities and the courts may impact business operations in a disaster and beyond.
No industry segment is more prepared to deal with and recover from a crisis than commercial aviation. Yet, the vast majority of airline companies in the United States have only developed crisis preparedness and recovery plans for an airplane crash and have ignored other threats that can cause business interruptions, draining resources and damaging reputation and image. In this workshop, using a case study of one major airline, the steps taken to transition from a disaster response and recovery structure to an enterprise risk management and business continuity environment will be highlighted. Attendees will learn the reasons driving the change, steps taken in the transition and how employees are engaged in the business continuity development process without sacrificing gains made in disaster recovery or compromising regulatory requirements. This is a how-to presentation for professionals at an intermediate level.
How much risk does the United States face regarding tsunamis, and what could the impact be? A brief history of tsunamis and their impact on the United States followed by a detailed review of the methods used to detect tsunami,s including the Tsunami Warning System; underwater listening systems like SOSUS; satellite imagery; and the various other geological event detection systems are outlined. The recent increases in geologic activity combined with increasing sea levels will be used to identify the parts of the United States that are most exposed. This session will explore how prepared areas of the United States are and some precautions that can be taken to mitigate risk.
A critical piece of securing any organization’s infrastructure is the ability to assess the risk of the software running within that organization. In fact, more than 70 percent of security attacks are now happening at the software level. Whether those applications are developed in-house, offshore, directly purchased or inherited through an M&A transaction, enterprises are clearly at risk. If this risk is not managed properly, organizations face the consequences of a data breach that could cost them customers, drive down their stock price and/or devastate their brand. This session will examine approaches to third-party software validation and how it can help organizations ensure the quality of software and applications they implement. Attendees will leave armed with strategies to diminish operational risk and maintain corporate value.
Many organizations downplay the importance of energy efficiency when planning or upgrading their IT infrastructures. As datacenters grow, electrical and cooling costs become an increasingly unavoidable cost of IT. Power is one of the core costs an IT department can cut without impacting users or its computing infrastructure. In many organizations, server utilization is frequently only 10-20% of total capacity. By deploying a virtualization solution and running multiple operating systems on a single server, organizations can reduce the number of physical servers required by increasing the utilization of existing servers. This session will cover the “green” benefits of virtualization; the various types of virtualization that are available; prospective “green” pluses and minuses; best practices for managing and migrating physical and virtual assets and how all of this results in improved ROI.
This session will describe UNC-Chapel Hill's challenges and successes as it implements enterprise risk management and business continuity planning throughout the many colleges, departments, centers and institutes affiliated with the university. The session provides a step-by-step look at a work in progress, including finding a workable strategy that identifies common ground upon which to develop a business continuity initiative at a major university.
Rebuilding a business continuity management program that has gone stale is no easy feat. In just over two years -- a reconfigured ERP, an implementation of global shared services and major acquisitions -- Nestle has accomplished just that. By leveraging the risks inherent in a global ERP combined with the fear of a H5N1 pandemic, Nestle used tools, internal employees and select industry specialists to help achieve a level of resiliency not previously known to the organization. Through a panel presentation including three Nestle BCM professionals, this session will explore the BETH3 methodology, approach and tools that can help you improve upon the quality and integration of your strategies, including pandemic readiness.
In order to sustain competitive product and margin advantage, companies must consider moving existing business continuity and IT disaster recovery planning efforts beyond the traditional RA/BIA processes, and shift the focus to reliability, resiliency and advanced disaster recovery preparedness initiatives that enhance customer satisfaction, adhere to technical service-level commitments and minimize commercial exposure. Thomson Reuters, with 2007 pro forma revenues of US $12.4bn, serves clients in more than 160 countries as the world's leading source of intelligent information for businesses and professionals. Industry expertise and innovative technology combine to deliver critical information to leading decision makers in the financial, legal, tax & accounting, scientific, healthcare and media markets, powered by the world’s most trusted news organization. This presentation will discuss a reliability driven approach, including technical performance, service level and DR convergence issues, and provide a roadmap for business and IT owners.
The National Infrastructure Protection Plan (NIPP) and supporting Sector-Specific Plans (SSPs) provide a coordinated approach to critical infrastructure and key resources protection roles and responsibilities for federal, state, local, tribal, and private sector security partners. The NIPP sets national priorities, goals, and requirements for effective distribution resources to help ensure that our government, economy, and public services continue in the event of a terrorist attack or other disaster. These plans and policies are developed through sector and government coordinating councils. Learn how you can join the homeland security partnership, receive timely alerts and warnings through the Homeland Security Information Network (HSIN), access classified threat information, and be a part of the creation of the next edition of the NIPP and SSPs.
It’s no secret that the Internet threat landscape has shifted. What used to be a playground for hackers, crackers and script kiddies is now a borderless abyss of organized crime fueled by financial gain. This session will explore the current threat landscape by highlighting the newest cyber criminals and examining the latest tactics employed by these predators. It will address how spammers, phishers, worm writers and hackers interact with this new crime element and how users can prepare their infrastructures to stave off these relentless attacks and protect critical business assets.
Decision making under normal conditions typically allows managers ample opportunities to gather pertinent facts, weigh alternatives, and plan an effective implementation strategy. Conversely, crisis decision making is often made intuitively within the context of unexpected circumstances, high velocity, and with insufficient time and information. These high-consequence management decisions are often highly visible, painstakingly scrutinized by impacted stakeholders and can be career defining. This presentation will provide practical, research-based methods to increase the quality and timeliness for management decisions during crisis response. Additionally, it will address the methods that make some managers excellent during crises versus those who are much less effective.
If critical third party service providers were affected by an incident or disaster how would it affect your business' continued operations? Developing a risk assessment program designed to analyze critical vendors' business continuity planning programs and the impact to your organization may mean the difference between business as usual and business survival. This presentation will cover one in-depth approach, why and how to address this risk with examples, and positive benefits for both the organization and their key vendors.
This session discusses the actions, tools and the information used to contact and support employees in Florida displaced by Hurricane Wilma. Automated notification technology was critical to the success of this support work. Most of the activity took place remotely rather than locally, since the nature of the event precluded relocation to the affected area. Most employees were contacted within 24 hours, and local assistance was arranged as necessary. The speakers were formerly the chief information security officer and business continuity manager, respectively, of this firm. Together they designed and implemented the EOC activities where the emergency associated with this difficult task took place.
Tabletop exercises (TTX) effectively test existing disaster response plans and procedures. Typically, they facilitate understanding of concepts, identification of strengths and shortfalls, or achieving a change in attitude. This session will provide participants with the skills needed to create a non-traditional TTX that challenges participants and provides a unique learning experience. Learn the skills to conduct this form of tabletop and the key components of a long-term tabletop exercise. Participants will be able to list the three most common pitfalls in conducting this type of exercise.
The session describes the evolution from a BCP model that focused on systems application recovery to a business-led, operational risk-based program that focuses on the protection of people, business process and technology. The objective is to administer a BCM program that is directed by business requirements and is aligned to the needs of a business of which business owners are its stakeholders. The presentation discusses lessons learned from major business disruptions, the role of IT in a business-led approach and steps/ideas in organizing, maintaining and communicating this strategy. Side-by-side comparison is made from the traditional IT-based model to the business-led concept. The organizational structure of a business-led program is also highlighted, along with steps in promoting a business continuity awareness program.
Statement on Audit Standards No. 70, Services Organizations, or SAS 70, is becoming much more frequent as auditors understand better the dependence of companies on their external services suppliers. The overall objective is to assess the effectiveness of the supplier's controls and, therefore, its reliability to provide its services. BC, DR, emergency management and many other controls are involved. An anonymous case study at a software services company's preparation for a SAS 70 audit will be discussed. Attendees will learn from first-hand experience what worked and what did not and gain a deeper understanding of the SAS 70 processes.
Consistent and secure communications are essential to providing business continuity and effective emergency response during a crisis. This presentation will discuss how incorporating satellite broadband utilizing Very Small Aperture Technology (VSAT) into emergency strategic planning activities can help ensure that COOP, emergency management, and security professionals are able to communicate during an emergency when it is needed most. Attendees will learn about the benefits of path diversity vs. carrier diversity in ensuring reliable, point-to-point voice and data connectivity between government and community officials; the value of a diverse back up system if an agency’s terrestrial network fails; and the use of satellite broadband to connect essential personnel at remote locations. The presentation will also dispel myths associated with the value of using duplicate terrestrial networks to satisfy requirements for redundancy in connectivity.
Are you a business continuity professional who wants to start or improve executive communications? Learn how to plan and prepare for your audience; chain-of-command; and length of the meeting. Find out how to get opportunities and say what executives like to hear. Learn what to tell them and how to share the good, and bad, news.
Public Law 110-53 Title IX, Private Sector Preparedness, was enacted Aug. 3, 2007. The law clearly states compliance with being better prepared, having technology recovery plans and business continuity for the private sector is voluntary. So why a law? What’s in it for the business continuity professional, private businesses and the United States? Title IX is the best non-catastrophic opportunity to advance the BC profession. Growth will only come with a unified effort. What is voluntary compliance? How can professionals reach out to the private sector? Who in the private sector needs to be prepared? How, can and will BC professionals answer these questions? This session will attempt to answer these questions and more as we grow towards a more unified effort in the industry.
This session will feature a two-part presentation about discovery network business continuity plans, starting with a summary of discovery's preparations in South Florida prior to Hurricane Wilma, including the response immediately following landfall. The second part of the presentation will outline discovery's supply chain planning and how lessons from previous hurricanes and disaster events were incorporated into the planning process.
Resilience is often portrayed as an IT issue. While data center and network availability are essential parts of a robust infrastructure, that infrastructure also includes personnel, processes and facilities that must be available around the clock. Moreover, the unbroken availability of resources must be surrounded by a supportive environment, including governance structures, risk management and compliance. The overall resilience of an organization must be measured and evaluated so that it can be continuously improved over time. This presentation will define a "to-be state" for a resilient enterprise and present a roadmap for how to achieve one, highlighting the interdependency of infrastructure, environment and management.
This session is about planning for the emergencies related to the sticks and bricks of the organization. The speaker will guide you through the fundamentals of a disaster management plan, so when the next stand pipe ruptures or the next laptop battery overheats and causes a fire, a plan for speedy facility recovery is set. Some key elements of the session include developing the emergency procedures plan and implementing it; what the risk manager or facilities manager needs to know after a disaster happens; health concerns about water damage; assessing current risk; protecting an investment; and determining scope and value of a loss.
Virtualization is all the rage, and the benefits are undeniable. Green data centers and virtualization will drive down a myriad of costs like space, power, cooling and provisioning, to name a few. However, as people embrace these benefits, it is paramount that they ensure acceptable levels of security. Virtualization breeds new security challenges, attack surfaces and a swath of availability implications. This session will examine these new threats and outline best practices and strategies for how to securely adopt virtualization without constraining the innovation and flexibility it offers.
Join this panel discussion with representatives from three industry associations. Who is doing what to further the education of the industry? Why is it important to you? Find out what is happening in the US and abroad and how you can further your own professional education.
You have conducted and reviewed your business impact analysis and risk assessment annually, yet you are never quite sure you have the most effective recovery strategies in place based on your results. Most software planning tools do little to help a planner decide on an effective strategy. This session will provide a structured approach (BETH3) to consider feasible, effective resiliency and recovery solutions based on your requirements. Included in the discussion will be how to consider scenario planning versus worst-case, how to strategize for both short and long term events and how to differentiate your strategy for an isolated impact event versus one that affects many assets. Learn to develop sustainable, cost-effective strategies that work and that match your time objectives for recovery.
This newest presentation has to do with the most important part of a disaster recovery and/or business continuity exercise. It analyzes the steps that should be taken after an exercise has been completed (post-exercise review phase). Having concluded a DR or BC exercise, the results must be analyzed. A failure to undertake this task will likely detract from the value of the exercise. The problems arising should be documented and addressed subsequently. This includes scoring and determining the success of exercises, a proper executive summary, how to deal with open issues and, of course, the possibility of re-testing and what the new goals should be. Handouts and tools will be provided.
The presentation will provide attendees with an understanding of how the cellular system works, describing the components, their redundancies, and noting points of failure.
This is not a sales pitch! Come see for yourself what past attendees are raving about! Attend this session with your questions and challenges and our team of experts will help you through them. The free advise you receive in this session alone could be worth the cost of conference registration!
The National Institute of Standards and Technology of the U.S. Government (NIST) has announced its flagship document in the series of FISMA-related publications. NIST Special Publication 800-39 provides a disciplined, structured, flexible, extensible, and repeatable approach for managing that portion of risk resulting from the incorporation of information systems into the mission and business processes of the organization. This publication describes the NIST Risk Management Framework and provides guidance on a variety of important information security issues. In addition, Special Publication 800-39 provides information on applying the steps of the Risk Management Framework to the phases of the system development life cycle to help ensure that information security is tightly integrated into the mission and business functions of organizations. This session provides a walkthrough of this guidance. Handouts will be provided that will map the NIST Management Framework including guidance on the linkages between the framework and the associates FIPS Publications and NIST Special Publications for reference when developing your own risk management program.
The U.S. Department of Labor reports “43% of businesses experiencing a disaster never reopen. Of those that do, 29% close within two years.” The success or failure of the business after a disaster is directly related to the emergency preparedness and business continuity efforts made prior to the disaster. This presentation will look at three case scenarios where disaster did strike. The exploration of each scenario will cover the elements of the plans in place at the time of the event. We will review success or failure of the plans, and investigate what could or should be done to improve future success.
In the past 12 months, has your organization conducted an exercise to test contingency plans?
view resultsCopyright 2006-2008 1105Media Inc. See our Privacy Policy
