DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Breakout Track Four

Tuesday 1:30 - 2:30 pm

Strategic Session 4

Creating and Implementing a Resiliency (DR/BC) Standards and Compliance Program


John Kotas, JP Morgan Chase

We will begin with building a simple recovery plan and then build a standards and compliance program to support the plan. Supporting documentation will be provided to all attendees. The audience will participate and learn that the business continuity standards that we will create will ensure that consistent and thorough plans are developed supporting a company’s critical business processes. Resiliency planning standards are established to meet a company’s strategies and goals relating to business continuity. Communicating status reports will be explored as well.

John F. Kotas, CBCP, has 23 years of DR and BC experience. He serves as the resiliency disaster recovery manager at JP Morgan Chase.

Managerial Session 4

Elevating BCP Value Through the Language of Governance


Leah Core, Cherry Creek Mortgage Company

Are you feeling stuck in your BCP role? Are you tired of ‘fighting the good fight’ and being called Chicken Little or the Grim Reaper? Explore several concepts you can leverage to elevate your role and perspective. We’ll start with governance and explore how the COBiT and ITIL frameworks not only complement business continuity planning but can help operationalize it. We’ll investigate and discuss areas from HR to racing to gain insight on how to expand our conversations about resilience, improve relevance of risk activities, present with clarity, and facilitate better decision making.

Leah Core, MBCP, MBCI, PMP, is business continuity manager for Cherry Creek Mortgage Company. She has served in a variety of roles within and symbiotic to business continuity for more than 15 years.

Technical Session 4

Compliance (HIPAA, FFIEC, etc.): What Keeps You Out of Jail?


Jack Orlove, MAXIMUS

Ingela Orlove, Cyber Communication Inc.

The goal of providing compliance to the regulators is not always the best avenue to control your risk in a disaster. Instead it’s the ability to show the regulators/auditors that you are aware of the regulations and have a project plan on how to become compliant … eventually. In the meantime, you are addressing the true risk of recovering from the most likely disaster, becoming resilient with the main production elements needed to satisfy your customer’s needs and showing the regulator/auditor a roadmap for the rest. Learn project planning and have the roadmap needed to keep you justified in your actions and not fined/penalized or worse.

Jack Orlove has designed and managed the implementation for a complex ATM infrastructure project and an implementation project for a 600 node frame relay/DSL interstate retail network).

Ms. Ingela Orlove is currently the president of Cyber Communication Inc., a boutique security consultancy firm in Sacramento California, and has over 20 years of experience in information security.

Emergency Response Session 4

Developing a Company Personal Information Breach Response Plan


Joyce Shroka, NiSource

Personal information is often compromised via the Internet, cyber attacks, hacking of accounts and more. While this can be complicated to tackle for an individual, it can also have further reaching impact to companies with the loss of of employee or customer personal information. In this session, we will explore the components of a personal information breach and form a response plan for a company.Discussion will include the definition of a breach; team member and individual team member roles and responsibilities; potential people/groups to notify; responsibility matrix; breach checklist and breach exercise.

Joyce Shroka, CBCP, CORS, is director of business continuity and records at NiSource Inc.

Advanced Session 4

Hazard Mitigation and Business Continuity


Dave Morgan, Delta Dental

In a complete business continuity program where a risk assessment is conducted to identify the hazards impacting a location, business, or employees, hazard mitigation can be a natural outcome and should be considered a standard of good practice. We need to recognize the value and practicality of prevention that underlies effective hazard mitigation. Hear an overview of the role of hazard mitigation in the risk assessment process and how it can enhance other planning steps. Referencing the 2013 California Multi-Hazard Mitigation Plan, the session will review the goals and objectives of a State hazard mitigation program and The National Preparedness System (Presidential Policy Directive 8: National Preparedness (2011)).

Dave Morgan is a senior BC Manager for Delta Dental.

Information Session 4

What if Your Auditor Really Understood BC/DR Planning?


Gerry Printz, AMSADOR Consulting

A good auditor can be our friend. They can help us identify problems before they occur and they can help us meet our goals by highlighting critical needs in their report.Unfortunately, they can also cause problems when they merely follow a checklist and don’t know the right questions to ask. Our audits may come out fine or we are written up on items that are not relevant. More importantly, a clean audit may look good, but does not help anyone if the plan must be activated. The more bureaucratic an organization is, the more likely the audit program is rigid and not really meeting the needs of the organization. A host of Federal and State regulations provide guidelines including FISMA, NIST Special Publication 800-34, PPD-8, HIPAA, OCC, etc. In addition, management may set risk priorities and ultimately, our ability to operate in a crisis and/or recover is affected. This session will take us through several common gaps you may have in your plans, give you some suggestions on how to correct them and excel if an audit was conducted by an auditor who really understood contingency planning – or, more importantly, before you had a REAL disaster.

Gerry Printz, president, AMSADOR Consulting, has over 30 years of experience in Information Risk Awareness. He has designed and prepared business continuity and disaster recovery plans, privacy and security assessments, and security programs. Printz is a Certified Business Continuity Planner (CBCP), Certified Information Systems Auditor (CISA) and is Certified in Risk and Information Systems Controls (CRISC).