Expert Panel, The blurred lines between ITDR, BCP & Cyber Security - managing the aftermath of a Cyber Attack
Frank Slater - Retired Continuity and Recovery Expert, President of DRIE Ottawa
BIO - After retiring as a full time Director of BCP/Cybersecurity Professional Services and Practice Leader for a large multinational consulting company, Frank continues to dabble in the profession. In addition to being a BCP/ITDR SME, Frank is a qualified ITIL Service Manager, with Data Centre Operations experience, an accredited Disaster Recovery Institute of Canada Certified Business Continuity Professional (CBCP), a licensed Business Continuity Maturity Model ® assessor, and a certified Business Continuity Management Program internal auditor. Frank has always preached an integrated, holistic approach to incident responses and crisis management and firmly believes that within a risk management framework, no one risk management pillar operates efficiently in isolation and it is time to tear down the silos within our respective disciplines.
Cyber Security Expert
Ken Kuehni - Security Architect, City of Ottawa
BIO - Ken Kuehni, Security Architect, City of Ottawa
Ken spent 14 plus years working for Nortel Networks as a Senior Security Architect and lead multiple global initiatives across the many lines of businesses. During his tenure at Nortel he acquired international experience in Incident Response starting off in the days of Code Red, Nimda, and SQL Slammer. Over the years Ken honed his Incident Command skills managing events as they spread from Asia Pac, across to the UK and then over to North America. Ken further established his abilities as a security professional by attaining his CISSP, CISM, and CRISC certifications. In 2011, the time came to move when Nortel ceased operations and Ken set his sights in the direction of the City of Ottawa. Now 6 plus years later, working with the City as a Security Architect, Ken is also a Computer Incident Commander and co-author of the City’s new Computer Emergency Response Plan..
BIO - Mark Cunningham - Senior Security Analyst, City of Ottawa
Mark has over 20 years with the City of Ottawa in the information technology field, the last 13 focused primarily on information security. He is an honours graduate of the Algonquin College Information Security Program. Mark is an Incident Commander at the City of Ottawa and lead the well-publicized response to the Dancing Banana incident. He is a co-author of the City’s Computer Incident Response Plan (CIRP), lead facilitator for cyber incident response and incident commander training, and author of the City’s CIRP exercises. Mark has extensive experience in Threat Risk Assessments (TRA’s), in which DR mitigation approaches are identified, as well as his experience leading Business Continuity efforts related to information technology for the City. He understands the pluses and minuses of DR as a mitigation strategy for risk related to Information Systems.
Presentation Title - The blurred lines between ITDR, BCP & Cyber Security - Managing the aftermath of a Cyber attack
Synopsis - Outcomes of a cybersecurity event can be just as damaging to an organization as a more traditional business continuity/disaster recovery event. A cyberattack affects the entire business, not just the servers, networks, data, firewalls or other IT assets. The panel discussion addresses the consequences of a security breach that affects or compromises information systems and or data as it is also both a business continuity (BCP) and disaster recovery (DR) event. The panel brings their own unique security, continuity of operations, and incident management backgrounds and perspectives to cyber response, which they will leverage to explore why an integrated approach is required.
Key Points that an Attendee will take away from the panel discussion:
- How should an organization structure their cyber response ‘playbook’?
- Where should decisions be made during a cyber-attack?
- What role should physical security and security management practitioners play during a cyber-attack?
- How do the Cybersecurity/BCP and ITDR disciplines shape an organizations response?