Click here to load reader

CBCP, CRISC, CISM - Secure360 CRISC, CISM Associations: ISACA, ISSA, FBI InfraGard, BCPA, ISC(2), ICBA, MBA, ICBM Services Comprehensive Information Security Risk / Governance

  • View
    214

  • Download
    0

Embed Size (px)

Text of CBCP, CRISC, CISM - Secure360 CRISC, CISM Associations: ISACA, ISSA, FBI InfraGard, BCPA, ISC(2),...

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    Background

    Minneapolis based

    Founded in 2002

    Team Certifications: CISSP, CISA, CBCP, CRISC, CISM

    Associations: ISACA, ISSA, FBI InfraGard, BCPA, ISC(2), ICBA, MBA, ICBM

    Services

    Comprehensive Information Security

    Risk / Governance / Compliance

    Incident Response

    Pen Testing / Vulnerability Assessment

    Security Training

    Business Continuity / Disaster Recovery

    Managed Security / Recovery Services

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    4

    CEO The board of directors

    wants to see our DR plan. Put it together!

    CIO: Boss says we need a DR plan. Get the cost together to

    make it happen!

    IT Guy: Awesome! Well need another SAN, 200 new servers, 100MB Fiber, 30 racks in a data center. Ill call my sales

    rep.

    Great! Ill get my engineers to work on configs, get pricing and schedule demos

    of the data center!

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    5

    Lets look at DR again in a couple

    years. You need to add $6M to the budget or we need to kill the SAP

    rollout!

    I need $6M added to the budget

    over the next 3 years and 4 FTEs.

    The cost to do what youve asked will be $2M in HW/SW and $100k per month.

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    6

    QUOTES FROM THE FIELD

    We recommend BCP every year and it always get put off. VP-IT Credit Union

    I dont want management to know we dont have a DR plan. Im too busy already. IT Manager

    Management has a bad taste in its mouth from the last consultant who was counting how many pencils we need in a disaster

    CIO Law firm

    Our insurance policy is our DR plan President Home Healthcare Provider

    Ive got my resume ready IT Director

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    7

    AGENDA

    Introduction of Sales Concepts

    Sale 1: DR/BC Initiative Buy-in

    Sale 2: DR/BC Strategy Buy-in

    Summary

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    8

    STRATEGIC SELLING MILLER-HEIMAN

    A Complex Sale is one in which several people must give their approval before the sale can take place.

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    9

    THE BUSINESS RECOVERY PLANNING

    PUZZLE

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    10

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    11

    BUYING INFLUENCES

    Economic Role: FINAL APPROVAL

    Focus: Bottom Line and

    Impact on Organization

    Asks: What is the ROI?

    User Role: JOB PERFORMANCE

    Focus: The job to be done

    Asks: How will this work for me?

    Technical Role: Evaluator

    Focus: Product/Service per se

    Asks: Does it meet the specifications?

    Coach Role: Guide the sale

    Focus: Your Success

    Asks: How can we pull this off?

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    12

    RESPONSE MODES

    Growth Perceived gap between

    reality and growth objective

    Wants: More, better, faster

    and improved

    Trouble Panic end of the Euphoria-

    Panic Continuum

    Wants: Quick resolution to

    the immediate problem.

    Even Keel No perceived gap between

    Reality and Results Needed

    Wants: Status Quo

    Overconfident Current situation exceeds

    expectations

    Wants: You to go away!

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    13

    SALE 1 INITIATIVE BUY-IN

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    14

    INITIATIVE BUY-IN UNDERSTAND APPLICABLE LAWS AND REGULATIONS

    Financial Services Gramm-Leach-Bliley Act (GLBA) NASD 3500 Guidance - www.ffiec.gov

    Health Insurance Portability and Protection Act (HIPAA) 164.308(a)(7)

    Sarbanes-Oxley Act (SOX) Section 404

    Government - FISMA: Federal Information Security Management Act of 2002

    http://www.ffiec.gov/

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    15

    LAWS AND REGULATIONS RESOURCE HTTP://WWW.DRJ.COM/RESOURCES/DR-RULES-REGULATIONS.HTML

    http://www.drj.com/resources/dr-rules-regulations.htmlhttp://www.drj.com/resources/dr-rules-regulations.htmlhttp://www.drj.com/resources/dr-rules-regulations.htmlhttp://www.drj.com/resources/dr-rules-regulations.htmlhttp://www.drj.com/resources/dr-rules-regulations.htmlhttp://www.drj.com/resources/dr-rules-regulations.html

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    16

    INITIATIVE BUY-IN FIND A COACH

    Ideally, accountable for operational risk or would be impacted the most by business interruption Understand big picture Has the ear of Sr. Management and Board Respected Internally Can get it done!!!

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    17

    INITIATIVE BUY-IN USER FEEDBACK UNDERSTAND OBLIGATIONS & CUSTOMER REQUIREMENTS

    Sales / Customer Service Service Level Agreements Warranties

    Finance / Accounting / Risk Mgmt Obligations Business Insurance and Exclusions

    Production Manufacturing commitments Inventory management

    Compliance Previous audit findings Vendor management

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    18

    INITIATIVE BUY-IN - USER

    Site Recent Incidents Area flooding Power outages Tornados Security Breaches Recent brush with

    disaster

    Look for Growth / Trouble Mode

    Ask Implication Questions 5 Whys

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    19

    5 WHYS

    1. We cannot have any downtime.

    2. My people need to access the network.

    3. Because they have to use ERP.

    4. Without accessing ERP, we cannot fulfill orders.

    5. Our brand / reputation would be irreparably damaged, missed deadlines, lose customers, fines/penalties, excessive downtime costs, etc.

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    20

    TECHNICAL BUYER UNDERSTAND BC CAPABILITIES UNDER VARIOUS

    SCENARIOS AND HAS IT BEEN TESTED?

    Under what circumstances have you had to actually execute your DR plan, either full or in part, excluding tests?

    7%

    26%

    26%

    33%

    34%

    36%

    37%

    39%

    41%

    45%

    53%

    54%

    59%

    0% 10% 20% 30% 40% 50% 60% 70%

    Never

    Configuration Issues (storage, database)

    Configuration Issues

    Man Made Disaster (war, terrorism)

    Configuration / Change Mgmt Issues

    Malicious Employee Behavior

    Data Leakage or Loss

    IT Problem Management

    User / Operator Error

    Power Outage

    Natural Disaster

    External Computer Threats (virus, hackers)

    Computer Systems Failure

    Source: Symantec Disaster Recovery Global

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    21

    THE BUSINESS RECOVERY PLANNING

    PUZZLE

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    22

    ECONOMIC BUYER SELL IT SPIN SELLING APPROACH (AUTHOR: NEIL RACKHAM)

    S Situation Revenue dependency on availability laws/regulations, client

    commitments

    P Problem Were at risk; capabilities unknown; untested

    I Implication Customer confidence, Shareholding loss, compliance

    violations, damaged reputation

    N Need / Payoff Identify requirements; evaluate alternatives

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    23

    DOWNTIME COSTS ARE EXPONENTIAL

    --NOT LINEAR

    $0 $200,000 $400,000 $600,000 $800,000 $1,000,000

    48

    24

    12

    8

    4

    1

    Impact Cost/Hour

    Ou

    tag

    e D

    ura

    tio

    n H

    ou

    rs

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    24

    TIP: REVIEW RISK FACTORS IN 10K

  • Copyright 2013, Assurity River Group All rights reserved. No duplication without written permission.

    25

    WE FACE RISKS RELATED TO SYSTEM INTERRUPTION

    AND LACK OF REDUNDANCY

    Our computer and communications systems and operations could be damaged or interrupted by fire, flood, power loss, telecommunications failure, earthquakes, acts of war or terrorism, acts of God, computer v

Search related