![Page 1: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/1.jpg)
CoBIT 5: Managing Continuity Aspects With A Practical Approach
Amardeep Singh Business Continuity Consultant
ISACA Adelaide Chapter
12 May 2015
![Page 2: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/2.jpg)
2 May 13, 2015
• Business Continuity Management (BCM)
• Standards and Best Practice
• CoBIT 5 & BCM: Practical Implementation
• Future Trends
• Information Sharing
Discussion
![Page 3: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/3.jpg)
3 May 13, 2015
CoBIT 5 & Managing Continuity
Source: CoBIT 5
![Page 4: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/4.jpg)
4 May 13, 2015
“holistic management process that identifies potential
threats to an organization and the impacts to
business operations those threats, if realized, might
cause, and which provides a framework for building
organizational resilience with the capability of an
effective response that safeguards the interests of its
key stakeholders, reputation, brand and value-
creating activities”
International Standard 22301 Definition
“continuing business in times of a threat / s”
“safety”
“criticality”
Or Simply
![Page 5: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/5.jpg)
5 May 13, 2015
Threats: Natural and Man Made
Source: www.bom.gov.au
Source: www.bbc.com.au/news
Source: www.nbcnews.com
Source: www.skynews.com.au
Source: www.northlandsnewscenter.com/home/PIN-numbers-also-
part-of-Target-data-breach-237547411.html
Source: The Australian
![Page 6: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/6.jpg)
6 May 13, 2015
Risks
Source:www.aon.com/2015GlobalRisk (2015-Global-Risk-Management-Report-230415.pdf)
![Page 7: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/7.jpg)
7 May 13, 2015
Impacts
Source: www.
swissre.com/media/news_releases/Insured_loss
es_from_disasters_below_average_in_2014.ht
ml
![Page 8: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/8.jpg)
8 May 13, 2015
• Prepare: Safety, Insurance advantages
• Reduces risk of damage and access vulnerabilities
• Safely continue during “threat” conditions (keep business running)
• Data loss and recovery times minimised
• Regulatory and Governance (who is responsible for BC?)
• Competitive advantage – reputation, certified
Benefits of BCM
Source: http://en.wikibooks.org/wiki/Business_Continuity_Planning
![Page 9: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/9.jpg)
9 May 13, 2015
• Early Years (60s and 70s)
• 1969: Information Security Audit and Control Association (ISACA)
• 1980s: ITIL (British Govt)
• 1988: DRI International (DRII) – Professional Practices (US)
• 1994: Business Continuity Institute (BCI) – GPG (UK)
• 2006: BS 25999 Business Continuity Management
• 2009: Australian National Audit Office (ANAO)
• 2012: ISO Standard 22301
• 2012: CoBIT 5
• BS 65000 Guidance on Organizational Resilience
History of BCM: Standards / Guides
![Page 10: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/10.jpg)
10 May 13, 2015
• Australian Prudential Regulatory Authority (APRA)
• APS 232: Business Continuity Management (deposit institutions)
• GPS 222: Business Continuity Management (insurance)
• CPS 232: Business Continuity Management (Board of Directors or equivalent have ultimate responsibility)
• AS/NZS 5050:2010: Business continuity – Managing disruption-related risk
• HB 221:2004: Handbook Business Continuity Management
Other Standards / Guides
Sources (Slides 11 -14, 16 – 21):
Good Practice Guidelines 2013 v3_1 (BCI 2013)
CoBIT5: Enabling Processes (ISACA 2012)
![Page 11: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/11.jpg)
11 May 13, 2015
ISACA CoBIT 5: Continuity Related Practices
![Page 12: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/12.jpg)
12 May 13, 2015
Policy and Programme Management
Embedding Business Continuity
Management Practices
Technical Practices
Analysis
Design
Implementation
Validation
BCI Good Practice Guide 2013
Professional Practices (PP)
![Page 13: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/13.jpg)
13 May 13, 2015
CoBIT & GPG: Policy / Governance
• Other priorities, Buy In
• Where start, what and who covered?
• Who will do this?
Practical
Project Management (Cost vs Benefit) Responsibilities
Experts Communication
Solutions
![Page 14: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/14.jpg)
14 May 13, 2015
CoBIT & GPG: Analysis and Design
• Priorities and political - criticality
• What and who covered?
• Who will do this and how?
• Alignment and changes
Practical
Senior Management Prepare
Tools Experts Reuse / Share
Solutions
![Page 15: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/15.jpg)
15 May 13, 2015
BC and Alignment (DR - IT)
Source: CSC, Business Continuity Services
![Page 16: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/16.jpg)
16 May 13, 2015
CoBIT & GPG: Implementation
Organisational Knowledge Responsibilities
Reuse / Share Validate
Solutions
• Size (Strategic, Tactical, Operational, 1)
• Responsibilities - Criticality
• Simple - Useful
Practical
![Page 17: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/17.jpg)
17 May 13, 2015
CoBIT & GPG: Validation (Exercise, Test, Review)
Planning Cycle Report Follow up
Experts Contracts Tools Planning (3 years)
Solutions
• Other priorities
• Relevance & Regularity (how)
• Who (does this, involved)
Practical
![Page 18: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/18.jpg)
18 May 13, 2015
CoBIT & GPG: Validation (Review, Maintain, Improve)
Planning (3 years) Responsibilities Performance (KRA)
Tools Organisation Daily Tasks (Change, Release) & Culture
Solutions
• Benchmark & Audits
• Relevance & Regularity (how)
• Who (does this, involved)
Practical
![Page 19: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/19.jpg)
19 May 13, 2015
CoBIT & GPG: Awareness
Planning (3 years) Lead – Senior Management
Use “Threats” & “Opportunities” (BCAW) Experts
Solutions
• Regularity
• Who (does this, involved)
• Costs
Practical
![Page 20: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/20.jpg)
20 May 13, 2015
CoBIT & GPG: Backups
Relevance (BIA) Senior Management Directive
Solutions
• Costs - Criticality
• Protect
Practical
![Page 21: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/21.jpg)
21 May 13, 2015
CoBIT & GPG: Never Ends
• DSS04.01 to DSS04.07
• PP1 to PP6
• Backlog Planning
Practical & Solutions
![Page 22: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/22.jpg)
22 May 13, 2015
• Update skills
• Multi tasking
• Networking
• Think outside the square
• Experts
• Communication
Solutions
• Business / Client Demands
• Technology – Cloud, Big Data, Social Media, Mobility
Internet of Things {IoT}
• Natural and Man Made threats simultaneously and higher occurrence
Challenge
Future Trends: New Developments; New Threats
Source: DRII Newsletter
![Page 23: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/23.jpg)
23 May 13, 2015
• BCM is a holistic approach
• Every organisation is different
• Get Senior buy in up front (responsibility rests here)
• Plan
• Exercise and Test
• Regular and continuous
• Keep up to date
• Resilience
Summary
![Page 24: CoBIT 5: Managing Continuity Aspects With A ... - ISACA 5_I… · May 13, 2015 4 “holistic management process that identifies potential threats to an organization and the impacts](https://reader031.vdocument.in/reader031/viewer/2022011800/5ab82f657f8b9a684c8c849e/html5/thumbnails/24.jpg)
24 May 13, 2015
• Question and Answers
• Share Your Experience
• Further Reading
• ANAO: www.anao.gov.au/Publications/Better-Practice-Guides/2008-2009/Business-Continuity-Management---Building-resilience-in-public-sector-entities
• BCI: www.thebci.org
• CoBIT: www.isaca.org
• DRII: www.drii.org
Information Sharing & Further Reading