HYDSPIN-ProMinds CERT-RMM Presentation (25Aug2011)
-
Upload
promindsbalaji -
Category
Business
-
view
882 -
download
4
description
Transcript of HYDSPIN-ProMinds CERT-RMM Presentation (25Aug2011)
Overview to ProMinds®
www.promindsglobal.com
Overview to ProMinds®
Engineering Business Transformations
CERT®-RMM : A Curtain Raiser
www.promindsglobal.com
ForHYDSPIN, Hyderabad, India
25th August 2011
By P M Shareef
Certified Lead Appraiser & Lead Auditor
NO WARRANTY
THIS MATERIAL OF PROMINDS CONSULTING IS FURNISHED ON AN ―AS-IS" BASIS FROM THE REFERENCE
MATERIALS AS STATED IN THE LAST WITHOUT ANY ALTERATIONS. PROMINDS CONSULTING MAKES NO
WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT
LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS
OBTAINED FROM USE OF THE MATERIAL. PROMINDS CONSULTING DOES NOT MAKE ANY WARRANTY OF
ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.
Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the
trademark holder.
Notice and Disclaimer
www.promindsglobal.com
DISCLAIMER
This message and any attachments are solely intended for the addressee(s). It may also be ProMinds’
confidential, privileged and / or subject to copyright. Access to this presentation by anyone else is
unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action
taken or omitted to be taken in reliance on it, is prohibited that may be unlawful. If you have received this
in error, please notify the sender immediately by return and delete it from your computer. While all care
has been taken, ProMinds' management disclaims all liabilities for loss or damages to person(s) or
properties arising from misuse of any information provided or the message being infected by computer
virus or other contamination.
3
• What is Resilience Management?
• Why Resilience Management?
• Preamble to CERT® Resilience Management Model
• Features and Benefits of the CERT® - RMM
• CERT-RMM Appraisals
Take Away’s
www.promindsglobal.com
• CERT-RMM Appraisals
• Roles You Could Play
• Summary
4
Resilience is a function of an organisation’s:
� situation awareness,
� management of keystone vulnerabilities and
� adaptive capacity
in a complex, dynamic and interconnected environment.
What is Resilience?
www.promindsglobal.com
Mostly it refers to the operational part of the business
wherein challenges are many as against many of the
current standards and practices, which focuses on the
strategic part of business.
5
• A Resilient Organisation is one that is:
– able to achieve its business objectives and
– realise opportunities, even in the face of adversity.
• Resilience Management is the ability of an
Organisation to survive an unscheduled disruption
Defining “RESILIENCE”
www.promindsglobal.com
Organisation to survive an unscheduled disruption
or major crisis from its ability to adapt using
proven and integrated Risk Management, Crisis
Management and Business Continuity
Management processes using a single line of sight.
6
Resilience Management Framework
Planning
Emergency Management
Business Continuity Management
Testing
Increasing situational awareness will providegreater understanding of vulnerabilities that cancritically undermine performance.
Testing ofplans andpeople
www.promindsglobal.com
7
Planning
Business Continuity Management
Risk Management
Adaptive Capability
Testing
Decision makers learn about underlying valuessystems and key individuals - relying on the culture
peopleresponse isessential toensurerealism
Resilience Indicators
Situation Awareness
Roles & Responsibilities
Understanding Hazards& Consequences
Connectivity Awareness
Manage Key Threats
Planning Strategies
Participation in Exercises
Capability & capacity Of Internal Resources
Adaptive Capacity
Silo Mentality
Communications andRelationships
Strategic Vision and Outcome Expectancy
www.promindsglobal.com
8
Awareness
Insurance Awareness
Recovery Priorities
Aware of total operating system, including threats, opportunities, connectivity and internal and external stakeholders
Of Internal Resources
Capability & capacity Of External Resources
Organizational Connectivity
Those components of an organization that have the potential to cause the greatest negative impact
Outcome Expectancy
Information & Knowledge
Leadership, Management & Governance Structures
The culture of the organization allowing it to make decisions in a timely and appropriate manner in a crisis.
• It brings together all the planning that an organisation may havedone under one umbrella;
• Increases its situation awareness;
• Have a greater understanding of the vulnerabilities that cancritically undermine its performance;
• Improve its adaptive capacity as decision makers;
• Make you learn more about the underlying value systems of the
Why Resilience Management (RM)?
www.promindsglobal.com
• Make you learn more about the underlying value systems of theorganisation and of key individuals in the organisation;
• Highlights the expectations that decision makers have of theirenterprise and key stakeholders;
• Offers a way to test existing plans and create new ones.
Risk Management, Business Continuity and Emergency Managementare commonly viewed as closely related, but a practical means oflinking them is often not achieved.
9
Towards Resilience – Emerging Risks
GREEN IT
CARBON CONSTRAINED
WORLD
GEN Y NEW STANDARDS
&COMPLIANCE
SUSTAINABILITY
www.promindsglobal.com
10
RESILIENCECHANGING
WORKFORCE
CULTURE& ETHICS
SYSTEMATICCYCLICAL
RISK
AVAILABILTY OF
CREDIT/LIQUIDITY
What is CERT® RMM?
www.promindsglobal.com
11
CERT® RMM Background
www.promindsglobal.com
12
CERT® RMM – Imperatives
www.promindsglobal.com
13
Operational resilience management focuses on the deploy,
operate, and decommission phases, but reaches back to
development phase of lifecycle to ensure consideration of
security and continuity issues prior to placing assets in
production
CERT® - RMM in the Life Cycle
www.promindsglobal.com
14
For Comparison: CERT® - RMM & CMMI
www.promindsglobal.com
15
CERT-RMM brings several innovative and advantageous
concepts to the management of operational resilience.
• The convergence advantage:
Merging the disciplines of security, BC/DR, and IT operations
into a single model
• The process advantage:
Features of CERT® - RMM
www.promindsglobal.com
• The process advantage:
Elevating these disciplines to a process view, useful as an
integration and measurement framework
• The maturity advantage:
Provides a foundation for practical institutionalization of
practices— critical for retaining these practices under times
of stress
16
CERT® - RMM at a glance
www.promindsglobal.com
17
CERT® - RMM by numbers
www.promindsglobal.com
18
Process Area Structure
www.promindsglobal.com
19
CERT-RMM can be used as a
• Starting point for leveraging convergence across security, business
continuity, and IT operations activities
• Reference model for understanding the scope of managing
operational resiliency
• Taxonomy to enable internal and external communication
Benefits of CERT® - RMM
www.promindsglobal.com
Taxonomy to enable internal and external communication
• Organizing construct for codes of practice, standards, and
regulations and a framework for compliance
• Process improvement model to catalyze improvement efforts
• Baseline for appraising an organization’s capability
• Guide for improvement in areas where an organization’s capability
does not equal its desired state
20
As an Organizing Principle
www.promindsglobal.com
21
The Promise of Process Institutionalization
www.promindsglobal.com
22
Process Institutionalization
www.promindsglobal.com
23
Process Institutionalization in CERT® - RMM
www.promindsglobal.com
24
Example: Asset Definition and Management
www.promindsglobal.com
25
Institutionalizing Asset Definition and Management
www.promindsglobal.com
26
Practice Example: ADM.SG1.SP1 – Inventory Assets
www.promindsglobal.com
27
The Resilient Organization
www.promindsglobal.com
28
Classes of Formal CERT® - RMM Appraisal Methods
www.promindsglobal.com
29
CERT-RMM Check Points
• Capability Survey
• CERT-RMM Compass
www.promindsglobal.com
30
CERT-RMM Professional Roles
• CERT-RMM Appraiser
• CERT-RMM Navigator
• CERT-RMM Coach
www.promindsglobal.com
31
• CERT-RMM Coach
• CERT-RMM Appraisal Team Member
• Times have significantly changed and we are facing
increasing risks, uncertainty and unprecedented disasters
in peoples’ lives and businesses
• Now more about survival requiring simpler, practical, faster
and tested solutions towards the focus on resilience
• New challenges driving new ways of thinking
Summary
www.promindsglobal.com
• New challenges driving new ways of thinking
• An embedded top down / bottom up Resilience
Management Program and culture is about “doing
business better” in managing opportunities,
mitigating risks and becoming more resilient in
a rapidly changing operating environment
32
Statistically 1 in 5 organisations will suffer a major incident every 5 years
1. Presentation on CERT® Resilience Management Model – A Maturity
Model Approach to Managing Operational Resilience by Rich Caralli
of CERT® RMM Team
2. Presentation on CERT® Resilience Management Model – Improving
and Sustaining Processes for Managing Operational Resiliency by
Rich Caralli of CERT® RMM Team
3. CERT® Resilience Management Model – A Maturity Model for
Managing Operational Resilience (CERT® RMM Ver 1.1) by Rich
References
www.promindsglobal.com
Managing Operational Resilience (CERT® RMM Ver 1.1) by Rich
Caralli, Julia H. Allen and David W. White of Addison Wesley
Publications
4. Presentation on “Towards Resilience Management” by David Martin
33
ProMinds® do hereby acknowledge the copyright and trademarks of the above referenced materials and assure that, no modifications / alterations are made on their
CERT-RMM-Book & Contacts
www.promindsglobal.com
34
Click to edit Master title style
Who We Are
• Founded in June 2005
• HQ in Hyderabad, India
• Served 250+ Clients
• Across 15+ Industries
• In Over 10 Countries
What Are We
• Empanelled with CERT-In,
Ministry of ICT, as an Info.
Security Auditing Org.
• Worldwide partner SEI-CMU,
for CMMI® & People CMM
• An ISO 27001:2005 certified
ProMinds Overview
www.promindsglobal.com
• In Over 10 Countries
• 250+ Man-years of Experience
• 25+ Professionals
• An ISO 27001:2005 certified
• An ISO 9001:2008 certified
• A member of NASSCOM
• A member of DSCI
35
What Do We Do
www.promindsglobal.com
IT Governance Risk and
Compliance
Capability & Maturity
Industrial Advisory
Technology, Performance & Transformation
36
Industries and SectorsSoftware & IT Services Business Process Outsourcing
Banking & Financial Services Healthcare & Insurance
Telecom Manufacturing
Whom We Serve
www.promindsglobal.com
37
Telecom Manufacturing
Governments & Public Sector Mining & Metals
Defense Oil & Gas
Pharmaceuticals Energy
For more details, visit us at www.promindsglobal.com or
www.promindsglobal.com
38
We would be happy to provide any further information
that you may require to assist in your corporate
transformation initiatives
Please contact us:
Corporate Office:
ProMinds® Consulting Pvt. Ltd.402, ABK Olbee Plaza,
Road No. 1, Banjara Hills,
Hyderabad - 500034
Regional Offices:
Bangalore | Chennai | Mumbai | New Delhi
Contact Us
www.promindsglobal.com
39
Hyderabad - 500034
India
Tel: +91-40-40207383, 23113996
Mob: +91-9866673663
US Office
ProMinds Global Inc 614 Broadmoor Dr., APT C,
Saint Louis,
Missouri 63017 USA
Phone: +1-314-4713604, +1-314-8495264
E-Mail: [email protected]