In Partnership with:

The International Leader in Audit and Information Security Training

EARN 37 CPE CREDITS

BUSINESS CONTINUITY & RISK MANAGEMENT

A Guide to Disaster Recovery, Partial Outage, and Business Resumption Planning 27th - 31st October 2007 InterContinental Hotel, Muscat

OMAN
Course Director Ken Jaworski, CISSP

Complete and very useful overview, which is ready to use immediately Volkswagen Group Services

During this 5 day course you will:

Very comprehensive. Excellent step by step guide A.I.B Bank

Focus on the 3 Levels of planning: disaster recovery, partial outage and business resilience Cover the full cycle of the planning process from building your business case through to developing and testing your continuity plans Put emphasis on the importance o f maintaining constant readiness for plan implementation and how to create a team environment when putting your plan into action Explore a tested business impact methodology for measuring loss and identifying critical business processes to mitigate risk and resume business at a competitive level Drill down to the essential plan: strategy selection, communication processes, data storage and much more

WWW.MISTIEUROPE.COM

SEMINAR FOCUS AND FEATURES

Information Risk Management and continuing accessibility to important information assets and services in the event of a disaster is critical to the survival of any organisation. A current and frequently tested business continuity plan is an essential insurance policy to mitigate the risks associated with partial or total information systems loss or the use of offices and other work facilities. The catastrophic events of 9/11 and the Northeast Blackout only underline the need for such planning. However, Continuity Standard PAS 56 and legislation such as the new SarbanesOxley (S-OX), Basel II, UK Turnball Review and the Civil Contingencies Act demand it. You will also go through the guidelines of ISO-17799 to be used as security best practice. In this practical and interactive, five-day seminar you will focus on all levels of planning: disaster recovery, partial outage, business resilience as well as looking at your risk analysis and business impact analysis as tested methodologies for measuring security risk. You will cover the full cycle of a comprehensive planning process, from building your business case all the way through to developing and testing your business continuity plans. You will place special emphasis on maintaining constant readiness for plan implementation on short notice, and you will learn how to create a team environment when preparing and reacting to catastrophic events. You will explore a tested business impact methodology for measuring loss criteria that identify the critical business processes and timeframes necessary to mitigate disruption and/or loss of data and bring services back to a competitive level. You will drill down to essential plan details, including strategy selection, external communication processes, data storage techniques, securing print capabilities, the importance of the configuration management database and much more. At the end of this seminar you will have built information risk analysis and BIA action plans. This will allow you to better prepared to develop new or more make effective changes to your business continuity plans. The results of the Risk Analysis process will form the cornerstone of your Data Security program allowing you to prioritise and cost justify the implementation of updated or missing controls

Business Continuity & Risk Management 27th - 31st October 2007 InterContinental Hotel, Muscat

COURSE DIRECTOR KEN JAWORSKI CISSP

Ken Jaworski is a Project Manager for Compuware Corporation, where he is presently on assignment with American Community Mutual Insurance Company. Ken s assignment includes Business Resumption Planning, Email Security, Data Classification and other security issues related to the Health Insurance Portability and Accountability Act (HIPAA). Ken prior engagement was a 3 year assignment with Detroit Public Schools (DPS). Overall responsibilities at DPS were the managing all data security initiatives. Ken completed building a disaster recovery plan for the District Data Centre and other IT infrastructures, drafted policies for protecting information assets, and coordinating a newly developed awareness programme. Prior to joining Compuware, Mr. Jaworski had a 31-year career with Detroit Edison. While at Detroit Edison, he supervised a team of analysts responsible for implementing an automated change management process and creating a disaster recovery plan for the corporate data Centre. Mr. Jaworski s other responsibilities included developing departmental policies and procedures for handling confidential information; organising and leading the Detroit Edison Virus Response Team (DEVRT); developing and managing a risk management process and corporate security awareness programme; and executing the corporate information classification process. Mr. Jaworski served as chairman of the copyright compliance committee and as a liaison between Detroit Edison, the Physical Security Department, and law officials dealing with computer crime. Mr. Jaworski is the past President of the Southeastern Michigan Computer Security Special Interest Group, fostering interaction between security professionals in the Detroit area. MIS Training 2007

Prerequisites
None

Learning Level
Intermediate

Who Should Attend

Audit Managers and IT and External Auditors, Disaster Recovery Planners, Quality Assurance personnel, Data Security Specialists, Security Administrators, Information Security Managers, Systems Programmers and Systems Analysts

Fee
$3,895.00

EARN 37 CPEs

AGENDA DAY ONE

Contingency Planning
Defining disaster recovery, partial outage and business continuity planning Taking a proactive rather than reactive approach to addressing availability Justifying the cost of your plans to management Supporting contingency planning via corporate policy Convincing other departments that they must implement and support the plan Developing follow-up, plan review and modification Evacuation and safety drills

Implementing Your Plan

Implementing disaster recovery in the change management process Instituting disaster recovery into the application development life cycle

enterprisewide process Partners in the information risk management process and the roles of each one Moving from centralised to decentralised information processing

Information Risk Analysis

The risk analysis cycle and its components Management's concerns and perception of the information risk analysis process Types of information risk analysis: quantitative vs. qualitative approach Software tools for performing the information risk analysis process Identifying asset categories: IT, business processes, or business functions Defining information risk analysis targets and scope Statements that create boundaries for the information risk analysis process The information owner's role in the information risk analysis process

Partial Outage Planning

Developing of the configuration management database Steps necessary to execute your partial outage plan Synergies between full disaster recovery plan and partial outage plan

Developing Your Disaster Recovery Plan

Business Impact Analysis (BIA) as the foundation of recovery planning Creating the BIA action report Identifying impact criteria and their importance to the organisation Pinpointing key business processes and peak activity periods Determining recovery time objective (RTO) Determining recovery point objective (RPO) Creating the prioritised applications list

DAY THREE
Disaster Avoidance
Procedures that must to be in place to assist in disaster prevention Prevention training Offsite storage and recovery

Developing an Action Plan You Can Implement

Administrative information required in the action plan Logging risk and control information Creating action items in response to identified controls Using the action plan for an approval process How the information risk analysis action plan is distributed and protected

Business Continuity Planning

Determining survival without local data processing components Planning for loss of personnel and/or hardcopy documents Planning for physical relocation Developing communications plan for the outside world and your employees Determining interim processing and timeframes Planning for data processing component replacement Planning for return to primary site

Disaster Recovery Solutions

Developing strategies based on impact loss value, RTO, and RPO Weighing the pros and cons of different recovery strategies Data replication strategies Telecommunications strategies Determining both internal and external communications requirements Creating necessary documentation, including key suppliers, external business contacts, application recovery procedures, operation documentation and many others.

DAY FIVE

When Disaster Strikes

The human element: taking care of your employees Handling the press Evaluating your plan post-event

Assets, Risks, Threats, and Vulnerabilities

Identifying assets in an information risk analysis Determining asset values Prioritising, categorising, and documenting information risks Uncovering information vulnerabilities

DAY TWO

Disaster Recovery Planning and the Team Concept

Determining required teams for plan execution Identifying team responsibilities Creating team checklist and process for their use

Auditing Your Plan to Keep It Current

Working in conjunction with internal and external auditors Audits that will reflect significant technology and personnel changes Developing a questionnaire to support a DRP or BCP audit Who to interview and when in conducting a DRP or BCP audit Documenting and acting upon audit results

Management Decisions
Arriving at an "acceptable level of risk" Identifying controls in an information risk analysis Determining the cost of control Categorising and documenting information controls for a total programme

Plan Training and Testing

Selecting team members and obtaining functional and senior management approval Developing and conducting training for all team members Analysing test types: tabletop, internal recovery, external recovery, full simulation Developing testing objectives and goals Scheduling initial and periodic on-going testing Authoring the test plan and success indicators to measure its effectiveness

Control Implementation
Using the action plan to create assignments, schedules, and approvals Involving auditing in the process

DAY FOUR

Information Risk Management

Four phases of information risk management How the information risk management process fits into the information protection programme Integrating risk management into an

Follow Up
Tracking the information risk analysis process: start to finish Enforcing the use of the information risk analysis process

REGISTRATION FORM

IN-HOUSE TRAINING
Save up to 50% on training
Tailored Training for your team and Save up to 50% If you have to comply with Sarbanes-Oxley, just installed a new ERP system, recruited new staff - or maybe you are keen to secure your network, take preventative measures to counteract fraud or comply with the latest legislation. Either way if you have 5 or more people who require training on the same topic, MIS can tailor training courses to meet your exact needs and budget, saving you up to 50%. We charge per day and NOT per participant so the cost remains the same regardless of how many people you have in your team.

When registering for this course please quote reference WEB

I would like to receive information about running this course in-house

With In-House Training You Will:

Save money over public seminar fees in addition to savings on travel and accommodation costs. Save time on travel as the instructor will travel to you. Furthermore, the training can be held at the most convenient time for you. Ensure the relevance of the seminar for your organisation and industry. You may wish to tailor the structure and methodology of your seminar or customise the seminar to meet the expertise levels of your attending employees. EMAIL: gcooper@mistieurope.com for more information Please send me information on:
In House Training Audit College, 13th - 17th August 2007, London IT Audit School, 8th - 12th December 2007, Riyadh

Business Continuity & Risk Management

(please photocopy form for additional delegates) (MT2196) 27th - 31st October 2007, InterContinental Hotel, Muscat $3,895

5 easy ways to register

Tel: +44 (0)20 7779 8944 Fax completed form to: +44 (0)20 7779 8293 Email: mis@mistieurope.com Web: www.mistieurope.com Post completed form to: Carlos Doughty, MIS Training, Nestor House, Playhouse Yard, London, EC4V 5EX UK Organisation

FEES MUST BE PAID IN ADVANCE OF THE EVENT

Customer Information
Title Surname Title/Position E-Mail Address (Required) Address Country Telephone VAT Number (if you have one) First name

Postcode Fax

The information you provide will be safeguarded by the Euromoney Institutional Investor PLC group whose subsidiaries may use it to keep you informed of relevant products and services. We occasionally allow reputable companies outside the Euromoney Institutional Investor PLC group to contact you with details of products that may be of interest to you. As an international group we may transfer your data on a global basis for the purposes indicated above. If you object to contact by telephone , fax , or email please tick the relevant box. If you do not want us to share your information with other reputable companies please tick this box .

Registration Information
(fees must be paid in advance of the event) Accommodation InterContinental hotel Muscat P.O. Box 398, Muttrah Postal Code 114, Sultanate of Oman Tel: +968 24680630 Fax: +968 24605608 talal.alhabsi@icmuscathotel.com www.intercontinental.com

Payment Information
YOU CAN NOW PAY ON-LINE AT WWW.MISTIEUROPE.COM

Cheque enclosed (payable to MIS Training) Please debit my credit card Card Number Cardholders name AMEX VISA

Please invoice my company PO# MasterCard Expiry Verification Code

Cancellation Policy Should a delegate be unable to attend, a substitute may attend in his or her place. Cancellations received within 21 working days of the event are liable for the full seminar fee. If full payment has been received you are eligible for a 75% reduction on the next run of the seminar. This discount will be valid for one year only. MIS reserves the right to change or cancel programmes due to unforeseen circumstances. High Yield/No-Risk Guarantee Attend these workshops and receive tools and techniques that will help you do your job better. If you do not, simply tell us why on your company letterhead and we will give you a full credit toward another programme.

Please include billing address if different from address given

Please note that in completing this booking you undertake to adhere to the cancellation and payment terms listed below Signature Approving Manager Date Position