Breakout Track 5

Breakout Track 5 Tuesday, September 26: 9:30 a.m. - 10:30 a.m.

Breakout Track 5 – Session 1

CERT-RMM: Gateway To Enterprise Resiliency and Cybersecurity Maturity

Tuesday, September 25, 2018
9:30 a.m. – 10:30 a.m.

Jeffrey Pinckard, Carnegie Mellon University
Matthew Butkovic, Carnegie Mellon University

Jeffrey Pinckard Matthew Butkovic

The CERT® Resilience Management Model (CERT-RMM) addresses one of today’s leading business challenges, cybersecurity risk. This session provides a pragmatic approach to making improvements to cybersecurity capabilities and building efficient processes that help support organization-specific resilience management programs. Regardless of the size, age and maturity of cyber-risk management programs there are a few basic concepts that are essential to successful outcomes. The foundational activities and assumptions presented are the result of lessons-learned from hundreds of improvement efforts.

For those looking to align their programs to the NIST CSF, this session will introduce the DHS Cyber Resiliency Review (CRR) self-assessment which enables an organization to assess its capabilities relative to the CSF and provides a comprehensive gap analysis with options for consideration to implement cyber hygiene practices and advance cybersecurity program maturity.

Presented by the co-authors and custodians of CERT-RMM itself to provide you actionable steps to take your program to the next level of maturity.

About Jeffrey Pinckard
Jeffrey Pinckard is a Senior Member of the Technical Staff of the CERT Division of the Software Engineering Institute at Carnegie Mellon University.

About Matthew Butkovic
Matthew Butkovic is the Technical Manager – Cybersecurity Assurance in the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University.


Breakout Track 5 – Session 2

So you Have an Emergency Notification System...
Now What?

Tuesday, September 25, 2018
9:30 a.m. – 10:30 a.m.

Jenni Fortunato, Conoco Phillips

Jenni Fortunato

So many companies are implementing the wonderful emergency notification systems now available on the market, but not taking full advantage of all they have to offer. Installing a system is only the beginning. Most of the work that creates an effective corporate emergency communication program happens after implementation is over.

Jenni will share tips on what to do one installation is over to make sure that your organization is ready to use the system, how to customize your system for your needs, engage your employees, and how to incorporate your new technology capabilities into your business continuity and emergency response plans.

About Jenni Fortunato
Jenni Fortunato has worked in emergency response for ConocoPhillips for 6 years.


Breakout Track 5 – Session 3

Tighten Business Continuity and Risk Management Alignment…with a Bow Tie!

Tuesday, September 25, 2018
9:30 a.m. – 10:30 a.m.

Bob Sibik, Fusion Risk Management

Bob Sibik

While business continuity and risk management have traditionally been managed in separate siloes, modern programs are beginning to recognize the value of an integrated approach. Each discipline manages complementary information about their organization that, when combined, paints a complete picture about the business. This leads to increased risk mitigation and better, data-driven decision-making. This session outlines the problems with isolating business continuity and risk management from each other, explains how they’re naturally connected – as structured in the bow tie model - and offers success strategies to more effectively align and integrate the disciplines.

About Bob Sibik
Bob Sibik, Senior Vice President at Fusion Risk Management.

Breakout Track 5 – Session 4

Artificial Intelligence – What Roll Does Artificial Intelligence Play in Your BCM and Security Programs?

Tuesday, September 25, 2018
9:30 a.m. – 10:30 a.m.

Hart Brown, Firestorm Solutions, LLC

Hart Brown

Artificial Intelligence is best practices today for your BCM, IT/DR, Security, and Workplace Violence Prevention programs. Data driven businesses need artificial intelligence to automate big analysis and knowledge transfer with speed and accuracy. Context Artificial Intelligence delivers new levels of clarity revealing causation, central topics key events, and influential individuals – especially when there’s a high degree of data complexity. Learn how to support your programs to identify, respond, and manage events by leveraging real time predictive analytics.

About Hart Brown
Hart Brown is Chief Operating Officer at Firestorm Solutions, LLC. Hart brings to the executive team nearly 20 years’ experience in security, crisis management, emergency management and business continuity.

Breakout Track 5 – Session 5

A Case Study: How Leverage DR in the Cloud as a Cloud Migration Path

Tuesday, September 25, 2018
9:30 a.m. – 10:30 a.m.

Cary Jasgur, Mazars USA

Cary Jasgur

Over the years, the “cloud” has been gaining more traction in assisting organizations to become more resilient. Just look at what Office 365 has done for office automation and the availability of email. More and more organizations are moving to DR in the cloud as a viable solution to protect critical applications at the time of a disaster. And why not? Tools today make it easier, quicker, and more secure. The cloud has proven to be a successful, easy to use, and effective means for protecting critical applications. Yet organizations are still leery of moving production systems to the cloud. The main reason seems to be the fears and horror stories that surround the cloud. What about data protection? What if the cloud provider goes offline? What about security? What is it going to cost? Today, there are several platforms and tools to make the migration to the cloud almost full proof, well almost.

In this case study, Mazars USA will show how we helped one client pave the way to moving production to the cloud using their DR solution as a test bed.

About Cary Jasgur
Cary Jasgur is a Manager with the Mazars USA Organizational Resilience Practice. He has over 23 years of experience.

© Copyright 2018 Disaster Recovery Journal. All Rights Reserved.