Library

While many people have heard of the U.S. National Institute of Science and Technology (NIST) and some have even used some of their resources, most don’t know the full capacity and wealth of information and research available to them, for free. NIST resources include major continuity, resilience and emergency management topics and guidance, such as the Risk and Cybersecurity Risk Management Frameworks, Security and Privacy Controls, contingency and test, training and exercise planning, among others.

Peter Morris embarked on his journey with disaster recovery, business continuity and now operational resilience over twenty years ago. His “Distant Lands” presentation will offer his observations on crisis events and from his experience comment on what connects them, how their impact ripples across the world and their consequences. He will also share some new thinking which may change the resilience community’s strategic approach to disruptive events.

Are you aware of the various chokepoints that may be affecting your organization? During this session, we will look at physical and/or natural issues, as well as operational issues, that ultimately affect your day-to-day production capabilities. The discussion will involve topics global in nature, including technical threats to your supply chain or delivery chain. Don’t forget that delivery of your products may be just as important to your customers as supply chain issues are to you. You will leave this session with a better understanding of chokepoints or obstacles within your organization and how to address them. You will also gain a better understanding of the cyber issues that arise in operations today, as we look at some of the more well-known cyber threats including ransomware.

In this session, we will explore the supply chain landscape and boundaries in today’s world. How do these issues affect our risk and impacts, and most importantly how do we prepare, protect and recover? The presenter also will share the best options to test supply chain continuity plans and the benefits of this approach.

Year after year of unprecedented change has necessitated that organizations be prepared for a crisis situation. What can you expect to happen in 2022? Is your company ready for the next crisis? In this session, Experian provides five predictions from their 9th annual report of what disasters may lie ahead in 2022. They will also provide the latest insights to be released in the annual Ponemon Data Breach Preparedness study – letting you know how others in the industry are faring, the latest threat vectors, and pitfalls to avoid. This is a session you don’t want to miss.

What does 2022 hold for the resilience community? Find out with the DRI Future Vision Committee's 7th Annual Predictions Report - resilience predictions for the profession by the profession. This report looks at what to expect in the coming year, including the continuing pandemic response, climate change, global inflation, power grid attacks and much more.

BlackBerry's David Wiseman and Ramon Pinero discuss how AI and machine learning will completely transform the Critical Event Management landscape, what a next-gen critical event management system would look like with a use case to illustrate the dramatic impact AI/ML can have on a cyberattack disaster response. David and Ramon will also provide a visionary roadmap of how BlackBerry sees these capabilities evolving over the next few years to manage modern-day threats.

If there’s an issue bigger than the pandemic, it’s cyber resilience. Take note as our cyber resilience panelists cover current issues and challenges. Panelists: Wade Richmond, CEO, CISO ToGo

If there’s an issue bigger than the pandemic, it’s cyber resilience. Take note as our cyber resilience panelists cover current issues and challenges. Panelists: Lincoln Geode, Cyber Security Consultant, Xcel Energy

While organizations are overwhelmed meeting the challenges of a pandemic, cyber criminals have found a perfect opportunity to attack. On May 14 at 2pm ET, DRI welcomes Dr. Pano Yannakogeorgos of the NYU Center for Global Affairs for an up-to-the-minute look at cybersecurity in the age of COVID-19. The Faculty Lead of MS Global Security, Conflict & Cyber, Dr. Yannakogeorgos will cover recent examples of how hackers have taken advantage of the crisis, how governments and grassroots efforts have responded, and the risks of shifting to remote work without cybersecurity procedures in place, before addressing questions from attendees.

This hands-on, interactive workshop promotes preparedness among public and private entities when faced with a long-term power outage caused by a cyber-attack. The National Preparedness goal describes what it means for the U.S. to be prepared for all types of disasters and emergencies, including the possibility of a cyber-attack aimed at our Nation’s infrastructure. In May, the President signed an executive order on cybersecurity designed to protect critical infrastructure, including the national power grid. Large-scale power outages are not a new concern for emergency managers. A December 2016 power outage in Ukraine linked to a cyber-attack. An organization’s ability to perform its essential functions is based on key elements of leadership, staff, communications, and facilities. When faced with a prolonged power outage, lasting several weeks, will public and private continuity plans allow organizations to continue to provide these essential functions? This workshop will present participants with the opportunity to examine plans and procedures to discover the ability to sustain operations.

We have fire drills in school and in the work place to prepare: we know who the class monitor is, we know the “safe” place we are supposed to go, and we know with whom we have to check in with … Given that a fire is very disruptive to business operations, businesses prepare. So, why aren’t businesses doing the same BEFORE a cyber incident – or worse yet – breach? Even if you put numbers on paper for your local FBI office, your insurance agent and your cyber attorney, have you sat down with them and ran drills to prepare for the “when” or are you waiting for when your business is already in turmoil? Having established lines of communication before, during and after any crisis is critical for a business to weather the storm and to successfully emerge from the settling dust. Hear from legal experts, law enforcement officials and business executives on how to establish these relationships and how to manage your response and your messaging internally and externally to ensure ongoing operations despite threat actors’ best efforts.

Cyberattacks focused on business disruption are a reality. Traditional recovery solutions protect businesses from physical disasters, but often fall short in the face of a digital disaster. In this session, participants will explore lessons learned from recent cyberattacks and be provided with a risk-based approach to protecting critical services through a cyber recovery capability.

Imagine a railroad track, a solid structure used to guide trains to their destination safely and securely. This track incorporates switches, to move trains from one track to another, controlling the flow of traffic, and mitigating risk. Now apply this same analogy with cybersecurity and business continuity. Two trains carrying precious cargo of tools and techniques which can fortify and build resiliency within the organization. Whether the dinner car has a cybersecurity menu of identify, protect, detect, respond and recover, or a BC menu of prepare, assess, remediate or sustain, the end result is a great meal. How then, can we utilize the structure, cargo and menus from both, to create a superliner or Eurostar type of train that will get us to safety in style! During this session, we will take a look at the framework and methodology for both cybersecurity and business continuity, the challenges requiring a “flip of the switch,” and how these two trains, not colliding, but merging, can create a ride like no other.

Security breaches are an almost daily occurrence. As business resilience professionals, we have a seat at the table. It is becoming commonplace for security groups to include BC professionals in their planning. Now we need to have an active part in the conversation. This session is designed to familiarize you with a few security trends for 2020 and their impacts on our work as business continuity professionals. Topics covered will include passwords and passphrases, browser isolation, security automation, artificial intelligence and machine learning, awareness training, and insider threats.

Introducción a la Resiliencia Cibernética, como una figura que integra soluciones dentro de la organización y se plantea cómo la gestión de riesgos bajo la premisa de la resiliencia cibernética, permite innovar y aumentar la competitividad empresarial, brindándole conceptos y casos reales de aprendizaje.

Listen to an impressive panel of MBCPs answer your questions from various industries and with a wide range of expertise during our “Ask the MBCPs” webinar.

Cyber-resilience can be thought of as the ability of an enterprise to anticipate, withstand, recover from and evolve to improve capabilities it needs to function brought about as the result of cyber threats and/or attacks. This enhances both the cybersecurity function and the BCM function (e.g. the whole is greater than the sum of its parts). To be resilient, a holistic approach to understand and prioritize entity risk, and implement risk management activities needs to be integrated into day-to-day operations (across all entity functions). But what does all this mean to the CISO? Attend this session to find out as you take a look at t day in the life of a CISO from a cyber-resilience perspective.

Financial institutions are facing challenges that test their ability to protect the assets of their customers by securing records and one which may threaten the very existence of these institutions.; In addition, government regulations at the international, national and state levels are demanding that the individual be able to have protection of their information, its use and its distribution. This session will discuss the challenges (cyberattacks, data protection, blockchain, etc.) and how financial institutions are preparing to cope with these issues.

In March of 2018, the City of Atlanta, GA was the subject of a massive cyberattack. Many city services and programs were affected by the ransomware attack, including online services for citizens to pay bills and request utility service. The attack was notable for the extent of services affected and the duration of service outages, as well as the importance of Atlanta as a major American economic and transportation hub. Attend this session to hear lessons learned from the attack and learn how you can transform and strengthen your organizations cyber-resilience through operational effectiveness, change management, and business continuity.

Join Future Vision Committee members Lyndon Bird, Richard Knowlton, and Patrick Alcantara, along with DRI President Chloe Demrovsky, for highlights from the Fourth Annual Global Risk and Resilience Trends and Predictions reports. Discover how your job will be impacted by world events - including sustainability, cyberthreats, and more - and what you can do about them.

Join cybersecurity expert Wade Richmond for an information-packed hour of important information on one of the profession’s hottest topics. Explore aspects of cybersecurity and business continuity, with the goal of integrating the two and achieving the ultimate goal -- cyber resilience. Learn how to talk to top management about these issues and sell them on the concept of cyber resilience.

Organizations today are confronted by a wide range of cyberattacks, so it comes as no surprise that cyberattacks and data breaches have consistently ranked high on the list of key issues identified for the resilience community according to the DRI International Global Risk and Resilience Trends Reports, issued annually by DRI’s Future Vision Committee. This year’s report revealed that although the top issues remain the same, there appears to be an even greater focus on technological risk. Given the development of technologies and the growth of business data, this is likely to remain the case moving forward … which may provide new opportunities for hackers to cause such massive disruptions.

Part of the 2018 Global Risk and Resilience Trends Report, a worldwide survey of business continuity professionals revealed the following top 10 risks depicted in this infographic.

Business Continuity Coordinator Claire Mechan, ABCP, and David Melanson, BSc, discuss continuity and cyber security at NorQuest College.

Columbia University Doctoral Candidate Elizabeth Watkins presents on innovative emergency preparedness and cyber security strategies for a tech-obsessed world.

Please join us as we welcome Linda Conrad, Principal of corporate and information security risk management at Exelon Corporation, to kick off our Technology Track with a discussion on how cybersecurity trends will affect BC/DR in 2018. At Exelon, a Fortune 100 Energy company, Conrad is responsible for driving strategic risk activities and engagement with the Chief Security Officer team, Information Technology, and Enterprise Risk Management. She oversees cyber and physical security Key Risk Indicators and mitigation. Conrad is partnering with the National Institute of Standards and Technology (NIST) and Robert H. Smith School of Business on development and predictive analytics of the cyber supply chain risk portal, which received the 2017 Cybersecurity Award for Practice from Institute of Electrical and Electronics Engineers.

Newsflash! Hackers are attempting to damage or destroy the computer network at one of the world’s biggest global banks, and your job is to manage the response. This is anything but routine! Join this session to experience the cyberattack simulation. Do your teams have what it takes to lead in a crisis? In this session, you will experience a learning simulation that depicts crises – and assess your team’s predisposition to succeed. The session shares research that confirms that having the right people with the right attributes is far more effective than investing in training those who do not.

The threat of ransomware has risen with the increased existence of sensitive digital information. Businesses and individuals have experienced their computers and servers being seized by variations of ransomware that encrypt their data and hinder their computer accessibility, which can only be resolved with a decryption key upon payment of a ransom. Through any method of data hijacking, criminals are able to access privately held information through various intrusion techniques for financial gain. Ransomware tactics have evolved, with the introduction of software that instead of requiring payment to free a compromised computer provides victims with the opportunity to obtain a key in exchange for compromising others. As the threat of ransomware has risen, so has the sophistication of the attacks, to include the use of social engineering techniques. This presentation will explore the future of ransomware, the likely evolution of tactics, techniques and procedures over the next three to five years; better understand how these intrusions occur, how social engineering techniques are used to facilitate, perpetuate, and manage ransomware operations, strategies to prevent such exploitation, and appropriate responses and mitigation efforts in the event of an attack.

Current cyber response frameworks are incomplete and cyber programs in a silo are a major vulnerability. Lost business is the number one component of cyber breach cost because of customer turnover, brand reputation loss and diminished goodwill. Cyber threat and breach are business problems and business continuity professionals have the expertise that can be leveraged to reduce both the time and money associated with a cyber breach. Join Tejas Katwala to build your business case.

Information security is, without a doubt, on the minds of every executive! Identifying and reducing risks, and responding to any information security incident, is a top priority that pulls resources from all areas together. Whether your role involves business continuity or disaster recovery or crisis communications, our responsibilities are converging with our information security counterparts about these challenges. Join industry expert Cheryl Carmel (CISSP) as she defines the coordination and collaboration between information security professionals and business continuity professionals that must be present for comprehensive risk mitigation and incident response plans within the information security program.

This webinar presentation tackles the much-requested subject of cybersecurity and the Internet of Things (IoT)! We all know that the risk is real – everyday objects are increasingly able to send and receive data. But do you know what compromised “smart” devices – like baby monitors or printers – could mean for your organization? Hear from both cybersecurity and business continuity executives as they discuss IoT from a corporate perspective and share their perspectives on this timely and compelling topic.

The BCP risk impact landscape has changed significantly over the past decade. The continuous availability of systems and data have never been more in demand. Your next business interruption may not come from the usual risk factors of losing a building or IT hardware component. Today’s challenges include BCP managers considering systems downtime due to design flaws, coding issues, or a cyber event to name a few. This session will walk you through the questions you should consider when reviewing these potential impacts for your organization, your vendors, and supply chain.

Kick off DRI017’s technology track with this session, exploring headline-making risks to continuity programs everywhere, and then continue on with the topic by attending the Technology Track panel discussion and working group sessions for a better understanding of the threats your organizations faces and how to meet them.

Lyndon Bird, Chairman of DRI International’s Future Vision Committee, discusses the findings of two recent reports (also available in the Resource Library): Trends in 2016 and Predictions for 2017. Discover how your job will be impacted by world events – including cyber threats, supply chain, and the environment – and what you can do about them.

Al Berman will cover the realities and trends in supply chain, as well as other issues facing risk managers and business continuity management. In addition, he will discuss issues surrounding supply and the rash of recent cyber security events. Finally, he will talk about the field of business continuity from a career perspective.

Al Berman will cover the realities and trends in supply chain, as well as other issues facing risk managers and business continuity management. In addition, he will discuss issues surrounding supply and the rash of recent cyber security events. Finally, he will talk about the field of business continuity from a career perspective.

During a disaster, the security requirements for our people and data have not changed. How do we ensure a rapid recovery and adequate security during a disruption to normal processes? As technology changes both business continuity and cyber security have to adapt these advances. It is essential as we adopt new technology to consider the impact on both of these key functions or we will end up with a "Resume generating event" as in the case of Target and numerous other companies and organizations. We will consider some of these technology changes and the affect both pro and con on cyber security and recovery capability.

Through military and commercial cyber incident experiences, this session will reveal how a cyber incident unfolds, introduce new business continuity challenges presented by extended cyber outages, and explore how the application of military readiness techniques can help build Cyber Resilience.

This session will look at how to immerse participants in best practices for crisis leadership - challenging them to develop the critical thinking and judgment skills required to respond to, and lead, during a crisis. The Cyber Attack Simulation Experience gathers user data to gauge effectiveness and deliver personalized coaching feedback.

Members of DRI's prestigious Future Vision Committee discuss major resilience trends expected in 2016. Topics include risk management and business continuity, cyber security, supply chain, and global recovery.

The State of Business Resilience: 2016 Forecasts and Predictions - A White Paper by the DRI International Future Vision Committee

Al Berman covers the realities and trends in supply chain, including strategies currently being implemented by Japanese manufacturers, as well as other issues facing risk managers and business continuity management. In addition, he discusses issues surrounding supply and the rash of recent cyber security events. Finally, he talks about the field of business continuity from a career perspective.

DRI President Al Berman covers the realities and trends in supply chain, including strategies currently being implemented by Japanese manufacturers, as well as other issues facing risk managers and business continuity management. In addition, he discusses issues surrounding supply and the rash of recent cyber security events. Finally, he talks about the field of business continuity from a career perspective.

Cyber supply chain risk management (CSCRM) is a new discipline designed to help business continuity executives address the challenges of the rapid globalization and outsourcing of IT systems. CSCRM combines elements of cybersecurity, supply chain management, and enterprise risk management into a new and powerful concept to exert strategic control over the end-to-end processes of a focal organization and its extended enterprise partners. This seminar will provide a survey of the field, as well as the results of a five-year research project on CSCRM, conducted by the Robert H. Smith School of Business Supply Chain Management Center for the National Institute of Standards and Technology.

Kick off DRI2015's Technology Track with Dr. Gregory White, who serves as the Director of the Center for Infrastructure Assurance and Security and is a Professor of Computer Science at the University of Texas at San Antonio.

An insider threat is not just an HR or security problem but rather an operational risk that can compromise the actual survivability of an organization and cause irreparable damage to your organization's reputation and trustworthiness. This presentation presents exemples of information assets at risk by vertical market and how BCP tools can be used to identify and protect the information assets that are most critical to your organization.

Confused about "the cloud"? You're not alone. This session will help clear up cloud confusion and shed light on key issues around cloud technology.

Business continuity for a global company could be complex, intricate; almost insurmountable. Yet the enterprise was definable with a boundary that delineated what was inside the enterprise, and wath was outside. Today, we now think "outside in" when it comes to IT. The boundaries for disaster recovery are now more porous than ever, and every business continuity planner needs to devise strategies for cloud and big data within the business continuity management framework.

This presentation will give resilience leaders a guide for integrating incident response and continuity. It will describe how an organization should build security, vigilance and resilience into their support processes. The discussion will go describe the anatomy of a cyber-incident. We will touch on: - alignment with forensic incident response - data breach management - effective tools for threat management - ability to use cyber insurance

It is overwhelming to consider a combination of physical event impact and technology failure that could result from a cyber-attack. There are practical activities that are being put in place to respond to this emerging threat. This session discusses how BC managers can strengthen the contingency plans of their organizations to increase the speed and capability with which their companies respond to a cyber-risk event.

This case study reviews the lessons learned from working on the support of the critical infrastructure for an NSSE (National Special Security Event), the Republican National Convention, while simultaneously preparing for the impact of a tropical storm (Isaac). The presenter will share lessons learned and feedback from departmental, enterprise-wide, and community-wide perspectives.