HYDSPIN-ProMinds CERT-RMM Presentation (25Aug2011)

Overview to ProMinds®

www.promindsglobal.com

Overview to ProMinds®

Engineering Business Transformations

CERT®-RMM : A Curtain Raiser


ForHYDSPIN, Hyderabad, India

25th August 2011

By P M Shareef

Certified Lead Appraiser & Lead Auditor

NO WARRANTY

THIS MATERIAL OF PROMINDS CONSULTING IS FURNISHED ON AN ―AS-IS" BASIS FROM THE REFERENCE

MATERIALS AS STATED IN THE LAST WITHOUT ANY ALTERATIONS. PROMINDS CONSULTING MAKES NO

WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT

LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS

OBTAINED FROM USE OF THE MATERIAL. PROMINDS CONSULTING DOES NOT MAKE ANY WARRANTY OF

ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the

trademark holder.

Notice and Disclaimer


DISCLAIMER

This message and any attachments are solely intended for the addressee(s). It may also be ProMinds’

confidential, privileged and / or subject to copyright. Access to this presentation by anyone else is

unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action

taken or omitted to be taken in reliance on it, is prohibited that may be unlawful. If you have received this

in error, please notify the sender immediately by return and delete it from your computer. While all care

has been taken, ProMinds' management disclaims all liabilities for loss or damages to person(s) or

properties arising from misuse of any information provided or the message being infected by computer

virus or other contamination.

3

• What is Resilience Management?

• Why Resilience Management?

• Preamble to CERT® Resilience Management Model

• Features and Benefits of the CERT® - RMM

• CERT-RMM Appraisals

Take Away’s


• CERT-RMM Appraisals

• Roles You Could Play

• Summary

4

Resilience is a function of an organisation’s:

� situation awareness,

� management of keystone vulnerabilities and

� adaptive capacity

in a complex, dynamic and interconnected environment.

What is Resilience?


Mostly it refers to the operational part of the business

wherein challenges are many as against many of the

current standards and practices, which focuses on the

strategic part of business.

5

• A Resilient Organisation is one that is:

– able to achieve its business objectives and

– realise opportunities, even in the face of adversity.

• Resilience Management is the ability of an

Organisation to survive an unscheduled disruption

Defining “RESILIENCE”


Organisation to survive an unscheduled disruption

or major crisis from its ability to adapt using

proven and integrated Risk Management, Crisis

Management and Business Continuity

Management processes using a single line of sight.

6

Resilience Management Framework

Planning

Emergency Management

Business Continuity Management

Testing

Increasing situational awareness will providegreater understanding of vulnerabilities that cancritically undermine performance.

Testing ofplans andpeople


7

Planning

Business Continuity Management

Risk Management

Adaptive Capability

Testing

Decision makers learn about underlying valuessystems and key individuals - relying on the culture

peopleresponse isessential toensurerealism

Resilience Indicators

Situation Awareness

Roles & Responsibilities

Understanding Hazards& Consequences

Connectivity Awareness

Manage Key Threats

Planning Strategies

Participation in Exercises

Capability & capacity Of Internal Resources

Adaptive Capacity

Silo Mentality

Communications andRelationships

Strategic Vision and Outcome Expectancy


8

Awareness

Insurance Awareness

Recovery Priorities

Aware of total operating system, including threats, opportunities, connectivity and internal and external stakeholders

Of Internal Resources

Capability & capacity Of External Resources

Organizational Connectivity

Those components of an organization that have the potential to cause the greatest negative impact

Outcome Expectancy

Information & Knowledge

Leadership, Management & Governance Structures

The culture of the organization allowing it to make decisions in a timely and appropriate manner in a crisis.

• It brings together all the planning that an organisation may havedone under one umbrella;

• Increases its situation awareness;

• Have a greater understanding of the vulnerabilities that cancritically undermine its performance;

• Improve its adaptive capacity as decision makers;

• Make you learn more about the underlying value systems of the

Why Resilience Management (RM)?


• Make you learn more about the underlying value systems of theorganisation and of key individuals in the organisation;

• Highlights the expectations that decision makers have of theirenterprise and key stakeholders;

• Offers a way to test existing plans and create new ones.

Risk Management, Business Continuity and Emergency Managementare commonly viewed as closely related, but a practical means oflinking them is often not achieved.

9

Towards Resilience – Emerging Risks

GREEN IT

CARBON CONSTRAINED

WORLD

GEN Y NEW STANDARDS

&COMPLIANCE

SUSTAINABILITY


10

RESILIENCECHANGING

WORKFORCE

CULTURE& ETHICS

SYSTEMATICCYCLICAL

RISK

AVAILABILTY OF

CREDIT/LIQUIDITY

What is CERT® RMM?


11

CERT® RMM Background


12

CERT® RMM – Imperatives


13

Operational resilience management focuses on the deploy,

operate, and decommission phases, but reaches back to

development phase of lifecycle to ensure consideration of

security and continuity issues prior to placing assets in

production

CERT® - RMM in the Life Cycle


14

For Comparison: CERT® - RMM & CMMI


15

CERT-RMM brings several innovative and advantageous

concepts to the management of operational resilience.

• The convergence advantage:

Merging the disciplines of security, BC/DR, and IT operations

into a single model

• The process advantage:

Features of CERT® - RMM


• The process advantage:

Elevating these disciplines to a process view, useful as an

integration and measurement framework

• The maturity advantage:

Provides a foundation for practical institutionalization of

practices— critical for retaining these practices under times

of stress

16

CERT® - RMM at a glance


17

CERT® - RMM by numbers


18

Process Area Structure


19

CERT-RMM can be used as a

• Starting point for leveraging convergence across security, business

continuity, and IT operations activities

• Reference model for understanding the scope of managing

operational resiliency

• Taxonomy to enable internal and external communication

Benefits of CERT® - RMM


Taxonomy to enable internal and external communication

• Organizing construct for codes of practice, standards, and

regulations and a framework for compliance

• Process improvement model to catalyze improvement efforts

• Baseline for appraising an organization’s capability

• Guide for improvement in areas where an organization’s capability

does not equal its desired state

20

As an Organizing Principle


21

The Promise of Process Institutionalization


22

Process Institutionalization


23

Process Institutionalization in CERT® - RMM


24

Example: Asset Definition and Management


25

Institutionalizing Asset Definition and Management


26

Practice Example: ADM.SG1.SP1 – Inventory Assets


27

The Resilient Organization


28

Classes of Formal CERT® - RMM Appraisal Methods


29

CERT-RMM Check Points

• Capability Survey

• CERT-RMM Compass


30

CERT-RMM Professional Roles

• CERT-RMM Appraiser

• CERT-RMM Navigator

• CERT-RMM Coach


31

• CERT-RMM Coach

• CERT-RMM Appraisal Team Member

• Times have significantly changed and we are facing

increasing risks, uncertainty and unprecedented disasters

in peoples’ lives and businesses

• Now more about survival requiring simpler, practical, faster

and tested solutions towards the focus on resilience

• New challenges driving new ways of thinking

Summary


• New challenges driving new ways of thinking

• An embedded top down / bottom up Resilience

Management Program and culture is about “doing

business better” in managing opportunities,

mitigating risks and becoming more resilient in

a rapidly changing operating environment

32

Statistically 1 in 5 organisations will suffer a major incident every 5 years

1. Presentation on CERT® Resilience Management Model – A Maturity

Model Approach to Managing Operational Resilience by Rich Caralli

of CERT® RMM Team

2. Presentation on CERT® Resilience Management Model – Improving

and Sustaining Processes for Managing Operational Resiliency by

Rich Caralli of CERT® RMM Team

3. CERT® Resilience Management Model – A Maturity Model for

Managing Operational Resilience (CERT® RMM Ver 1.1) by Rich

References


Managing Operational Resilience (CERT® RMM Ver 1.1) by Rich

Caralli, Julia H. Allen and David W. White of Addison Wesley

Publications

4. Presentation on “Towards Resilience Management” by David Martin

33

ProMinds® do hereby acknowledge the copyright and trademarks of the above referenced materials and assure that, no modifications / alterations are made on their

CERT-RMM-Book & Contacts


34

Click to edit Master title style

Who We Are

• Founded in June 2005

• HQ in Hyderabad, India

• Served 250+ Clients

• Across 15+ Industries

• In Over 10 Countries

What Are We

• Empanelled with CERT-In,

Ministry of ICT, as an Info.

Security Auditing Org.

• Worldwide partner SEI-CMU,

for CMMI® & People CMM

• An ISO 27001:2005 certified

ProMinds Overview


• In Over 10 Countries

• 250+ Man-years of Experience

• 25+ Professionals



• A member of NASSCOM

• A member of DSCI

35

What Do We Do


IT Governance Risk and

Compliance

Capability & Maturity

Industrial Advisory

Technology, Performance & Transformation

36

Industries and SectorsSoftware & IT Services Business Process Outsourcing

Banking & Financial Services Healthcare & Insurance

Telecom Manufacturing

Whom We Serve


37

Telecom Manufacturing

Governments & Public Sector Mining & Metals

Defense Oil & Gas

Pharmaceuticals Energy

For more details, visit us at www.promindsglobal.com or


38

We would be happy to provide any further information

that you may require to assist in your corporate

transformation initiatives

Please contact us:

Corporate Office:

ProMinds® Consulting Pvt. Ltd.402, ABK Olbee Plaza,

Road No. 1, Banjara Hills,

Hyderabad - 500034

Regional Offices:

Bangalore | Chennai | Mumbai | New Delhi

Contact Us


39

Hyderabad - 500034

India

Tel: +91-40-40207383, 23113996

Mob: +91-9866673663

[email protected]

US Office

ProMinds Global Inc 614 Broadmoor Dr., APT C,

Saint Louis,

Missouri 63017 USA

Phone: +1-314-4713604, +1-314-8495264

E-Mail: [email protected]

HYDSPIN-ProMinds CERT-RMM Presentation (25Aug2011)

Business

Transcript of HYDSPIN-ProMinds CERT-RMM Presentation (25Aug2011)