If you have any questions about editing this template, please call us at (866) 457-2582.
SAVE THE DATE
October 21, 2019
Contingency Planning Exchange and Continuity Insights
Fall 2019 Conference Partnership
11 Madison Avenue
New York, NY 10001
8:00AM - 5:00PM
FREE for CPE Members
$695 for Non Members or Join Now
Attend for Free as an Individual OR Display for Half Off
Contact Continuity Insights for more information and for a discount code for registration as an exhibitor.
The Contingency Planning Exchange (CPE) and Continuity Insights are pleased to announce that they will again combine their respective Fall 2019 conferences into one comprehensive, single-day educational event. Based on each organizations’ rich legacy of hosting annual conferences in New York, the new partnership will leverage their individual strengths in content creation, subject matter expertise, networking, and connection to distinct communities of resilience professionals. In addition, the conference will give these professionals access to an expanded showcase of cutting-edge products, services, technologies, and solutions.
The attendees will benefit from keynote and breakout sessions discussing a wide range of topics in resilience, continuity, disaster recovery, crisis management, and more to expand their horizons and realize their full potential as they strive to build the ultimate resilient organization.
8:00AM - 8:30AM
Registration, Networking, Vendor Exhibits
8:30AM - 9:15AM: Keynote Session
P1: Keynote Session: Foremost Ransomware Expert
Bill Siegel, Founder/CEO, Coveware
This presentation will focus on explaining how enterprises are a cog in the global cyber crime marketplace. Rather than focusing on tactical security advice, this presentation will educate the audience on how the ransomware supply chain/marketplace works and how they can make their organizations a harder target to hit.
How much does a ransomware attack cost? The total cost can be divided into two main costs. First, the recovery cost. These expenses cover forensic reviews and assistance in rebuilding servers and work stations. If a ransom is paid, then that is also a recovery expense. The second, and often more expensive cost of a ransomware attack is the total cost of downtime. Downtime costs are typically five-to-10-times the actual ransom amount and are measured in lost productivity (slack labor and lost revenue opportunities).
9:30AM - 10:30AM: Breakout Sessions
B1: Breaking the Mold: Innovative Perspectives on Leadership
Tracey Rice, Fusion Risk Management
Cheyene Marling, BC Management
This inspirational group shares the stories of how four of the industry’s most successful members shaped their careers and pushed our profession in new directions. A mix of humor, struggle, success, and lessons learned, this session offers advice on how to stay energized and smash the glass ceiling, through hard work, positivity, and never accepting “good enough” as an answer.
B2: Active Shooter Preparedness
Barry Morgeson, Southern Glazer’s Wine & Spirits
Active shooter situations seem to be in the forefront of every organization’s mind. Keeping your people safe is your number one priority in this type of crisis. You may have a plan in place, but have you tested and trained on it? Tabletop exercises are the best way to walk through a real-time incident while openly discussing which response plans come into play during certain circumstances. They also expose gaps and vulnerabilities within these response plans. This interactive session will mix training and exercising together to provide valuable insight on:
--The importance of Public/Private sector partnerships and how to leverage these relationships to better prepare your organization for an active shooter
--Live run-through of an active shooter tabletop exercise and suggested layout/outline of the exercise
--Interactive discussion and resource share
B3: Building a Culture of Resiliency
Lisa Orloff, World Cares Center
Research shows that training can reduce the impact that disasters, disaster and continuity work and high stress environments have on those that seek to help. Fortunately, Resiliency is not a trait that is inherited, we have the ability to build our own resiliency. This workshop is the first step on you and your teams road to resilience and building resilient teams. In this session you will understand the emotional risks related to disaster and continuity work and its impact on your team including absenteeism. You’ll learn to recognize the signs and symptoms of disaster and continuity work related stress in your team. Learn techniques to address emotional stress within your team and outline next steps to develop a team resiliency plan.
10:45AM - 11:45AM: Breakout Sessions
B4: Ensuring a Smarter, More Resilient Building
Robert Fucito, Fannie Mae
How confident are you that your building has been built with resiliency in mind? This presentation, from truly a practitioner’s perspective, will highlight a discussion about our most common disruption – Power – and focus on those critical elements such as emergency generators, Uninterruptible Power Supply (UPS) configurations to Computer Room HVAC, and network connections to the desktop. Eliminating single points of failure for critical business users and strengthening the resilience of your facility will minimize the time you spend responding to internal and external threats. Let’s eliminate poor design and not overlook opportunities to improve.
B5: How to Develop Your BC/DR Program to Maximize the Use of Mobile Devices & Control
John Allen, BC in the Cloud
The continuing shift in the traditional workforce means fewer people in the office and more people working from home. It also means that instant access to work-related applications and data must be reliably available anytime, anywhere. In the BC/DR field, many software applications offer mobile app options. Are you using them? Many organizations focus on developing well-built plans for their programs, but have we all explored and implemented well developed and cohesive use of mobile devices? This session will explore the use of mobile devices in BC/DR at a program level, some best practices and risks to avoid in doing so.
B6: Buying Resilience As A Service? An Overview of Key Opportunities and Challenges
Glenn A. Siriano, KPMG LLP
Franco Cordeiro, KPMG LLP
Organizations are increasingly seeking to leverage ‘resilience dividends’ associated with As A Service models. This presentation will provide examples of organizations seeking resilience enhancements, often as a by-product of, improving:
--Speed to market
--IT spend reduction (IT and Business aligned spend)
--Scalability of IT
--Legacy IT reliance
--Re-focus on core activities
--Physical and virtual security
After outlining the potential resilience benefits, the final part of our presentation will focus on some of the preparatory activities / capabilities that we consider key to ensuring As A Service resilience benefits are realized.
1:30PM - 2:30PM: Breakout Sessions
B7: Business Continuity and the Human Factor – Why We Behave the Way We Do and How Do We Plan For The Unexpected?
Robbie Larocca, Protinue
Tracy Gkonos, Protinue
This session will underscore the importance of business resilience professionals understanding human behavior in disasters when designing plans. A traditional business continuity planner looks at four areas for recovery: Data, Facility, 3rd Party Suppliers, and the HUMAN FACTOR… which the presenters assert that none of the other areas matter if you haven’t locked down this piece. The way individuals respond and their thinking in and to a disaster is critical to understand as it differs from normal behavior. Perception before, during and after event can be critical to business survival.
Human Capital is the combination of ability, behavior, skills and tenure that people bring to an organization. Managing and developing human capital includes all people-related issues that impact a business’s strategic and operational objectives. The session will stress the critical nature of communicating and exercising plans, timely Communications, and the involvement of Human Resources.
B8: Vendor/Supplier Contingency Planning: Pulling it All Together
Sherri Flynn, Recovery Planner
Vendors today are a regular part of your business, intermingled with daily operations of almost every department and process. Because of regulations, industry standards and recommendations from agencies like the FFIEC (Appendix J), ISO 22301, and ISACA, companies are paying more attention to assessing the risk of vendors (and your vendor’s vendors). But is assessing the risk enough? Who in your organization is responsible for pulling it all together? Conducting a BIA and identifying where the functions and vendors are the most critical, identifying who and what exactly is impacted and coming up with a documented plan to continue operations without the service/product they provide? Businesses today typically have Business Continuity Plans, Disaster Recovery Plans and Crisis Management Plans, but do you have specific plans in place for a critical vendor outage?
B9: Cyber Security – Planning to be Prepared
Ramesh Warrier, eBRP Solutions
Cyber Security Incident Response Planning (CSIRP) gets the biggest piece of the risk planning budget, but any amount of protection devices reduces only the ‘attack’ surface. It’s not a matter of IF, but WHEN an incident will impact you. This session will discuss the:
--Basics of Cyber Security Incident Response Planning
--Enhancing the planning process for functional outages
--Actionable plans to create a credible BC/DR Program
--Addressing the informational needs of all stakeholders
We’ll review CSIRP concepts and explain the enhancements in the data collection, BIA and the Plan development process to enable you to build an Effective Incident Response program.
2:45PM - 3:45PM: Breakout Sessions
B10: The Path to Operational Resiliency – the First Steps
Megan Epperson, IHS Markit
Doug Weldon, IHS Markit
There is limited detail describing how to design a multidisciplinary resiliency program that addresses the lifecycle of incident management, and the recovery demands from data corruption, ransomware, infrastructure and third-party failures. This session will discuss the critical enhancements to the Business Impact Analysis (BIA) and Risk Assessment (RA) across the various risk disciplines; supporting fundamental business intelligence and requirement contributions from Information Security, Physical Security, Incident Management, Risk Management, Operational Risk, and related disciplines. It will showcase practical ideas and provide examples of how to launch your organization into the next generation of resiliency planning by “breaking down the silos.”
B11: Disaster Planning: Expectations vs. Reality
Tim Mathews, Educational Testing Service (ETS)
You may spend your entire career in BC/DR and never face an actual disaster. Or you may find yourself hit with an outage tomorrow caused by something you did not prepare for. We’ll discuss real world lessons discovered from outages of all types – whether nature or inadvertently human-caused – and how you can capitalize on others’ experience to make sure you are not caught off guard. Learn some of the gotchas and more common items which can easily be overlooked until they come up in the heat of the moment. We’ll discuss how you can use testing and tabletop exercises to better prepare your leadership and organization, tips and checklists to better prepare for the worst, and how to use testing to learn your plan’s weaknesses and reinforce strengths.
B12: Five Imperatives to Ensure the Resiliency of Voice Communications
John Gifford, Teleira
Chris Poulson, Teleira
Don’t get caught without the ability to communicate. Far too often, creating a plan for the resiliency or recovery of our voice communications is an after-thought. In this session we will discuss areas of your voice communications network that can be potential failure points. Several case studies will be shared to demonstrate some best practices, valuable lessons learned, and the critical need for voice communication. The attendees will leave this session with insights on what to look for and how to mitigate outages… from the most common fiber cut to ice storms and hurricanes.
4:00PM - 5:00PM
B13: Future Risk: The Future is Not What It Used to Be! How to Manage the Unpredictable!
Howard Mannella, Alternative Resiliency Services Corp
Are you ready for the next evolution in Risk? Geopolitical shifts, technological advances, new players both good and bad. Cutting-edge developments such as Blockchain, ‘deep-fakes’ and increasingly sophisticated hacking techniques. FinTech! RegTech! Crypto platforms! Artificial intelligence! Machine learning! Innovative terror tactics! All this means that Risk is getting more complicated, and that threats can come from unpredictable directions. We are constantly surprised. How can we manage and mitigate tomorrow’s Risk if we can’t even see it coming?
Participants will walk away from this innovative and engaging dialog with a better understanding of the current and changing state of Risk. They will learn about some of the more innovative ways that systems can be breached, and goods hijacked. They will elevate their perspective of Risk to focus less on specific threats and adapt to threats from any direction. They will gain valuable methods and practices that they can start implementing the next morning to better mitigate and respond to risks of any type.
B14: More than just a trend: Why cyber resilience should be your organization's top concern
Harvey Betan, DRI International
It seems like every day, high profile cyber breaches are dominating the headlines. As we watch, the dangers and costs associated with cyber threats continue to grow. In this session, we will explore the new dominant role that cyber resilience plays in the risk landscape and the way it interacts with other industry trends and top concerns. By exploring global data and case studies, we will outline the steps to turn cyber resilience from a trendy talking point into an integral part of your organization's DNA.
B15: Fighting the Unknown Enemy- Cyber Security Issues and Mitigation Techniques
Asad Khokhar, Continuity Centers
Cosmo Gazzani, Continuity Centers
Knowing your enemy is an important virtue especially when it comes to cybercrime. Unfortunately, cyber criminals are evolving daily making it almost impossible to design a viable fortress to protect your most valuable asset “data”. The endpoint is still the largest attack vector for hackers today. This session will explore how hackers and malicious organizations are using phishing techniques to exploit sensitive data. Join us as we look at how an actual attack can be recorded and mitigated via a Security Monitoring System. We will also discuss how to best protect against the propagation and infiltration of malicious actors. The goal of this session is to explore mitigation techniques such as security information and event management (SIEM) platforms and enpoint security giving the attendees ideas on how to formulate a cyber defense specifically around the end point.