User:Bcm1969

Implementation of Enterprise Business Continuity - Presented at the IT Security and Enterprise Continuity Conference at the Sofitel Wentworth Hotel, Sydney on 26 September, 2006 by Mike Short - Asia Pacific Business Continuity Manager, Verizon Business.

Agenda - Enterprise-wide business continuity - Regional business continuity - Business continuity and information security - BCM drivers - Exercising the plan

The Business Continuity Institute - Definition of BCM: Business Continuity Management is an holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.

Enterprise-wide Business Continuity - Multiple business units across multiple locations across multiple countries - Mergers and takeovers - Committees and approvals - Who pays for what - Reporting lines - Global policies, processes and definitions

Regional Business Continuity - Points of contact - Regional specifics - Cultural awareness - Training and awareness - Keeping it simple - Reporting lines - Change control

Business Continuity and Information Security - The “A” of CIA - Deliverables from a compliance perspective - Data encryption - Information outside of the company’s control - Secure ID authentication - N+1 architecture – overlay security requirements on the network topology

Business Continuity and Information Security - Quarantine standby site infrastructure - Standby site PCs – how are they refreshed with security updates etc - Incorporate security elements into exercising BCPs

BCM Drivers - Compliance - APRA - Sarbanes-Oxley - Basel II  - ASX - SEC - Market Share, Reputation, Competitive Edge

Exercising the plan - People and processes - A successful exercise is one that fails - Regular exercise - 3rd party facilitator - Test and refresh - Involve 3rd parties

Any questions?