Business Continuity Management
Prepare for the Unexpected
A plan around continuity should not be a lower priority until it is needed. It shouldn’t be based upon a unilateral technology view but rather an in-depth understanding on how your business thrives and what key processes are essential to sustain during long-term business disruptions. VerSprite’s Business Continuity Management (BCM) services prepare you for the unexpected in order to ensure that key service components of your business remain operational.
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
Business Mapping:
As part of VerSprite’s business continuity planning engagements, we’ll map out your business processes and underlying sub-processes, technology, and third party relationships that help support the more mission critical areas of the business. Our process expands from this core understanding in order to create a plan that is actionable and realistically operational.
Third Party Vendor Dependencies:
In building a plan around readiness or continuity, many organizations focus less on 3rd party vendor dependencies. If your vendor(s) are pivotal to your business workflows, data processing, or technology management, VerSprite assists by applying our contextual vendor risk assessment methodology to quickly identify where dependencies lie amongst vendors and our client’s processses and sub-processes. This mapping clearly identifies how alternative considerations should be factored into your tailored BCP from our team.
Tabletop Exercises, Simulations, Training:
Realistic tabletop exercises also help to validate a plan’s comprehensive coverage and ability to address both major and minor scenarios that run in parallel during a business-halting event. Our tabletop exercises reflect an accurate threat model of cyber-related attacks, environmental hazards, internal threats, catastrophic human errors, corporate sabotage, security breaches, and more. As part of this training, you can elect to have training for your BCP Coordinator (BCPC) so they can execute fundamental tasks during incidents that require plan invocation, managing internal and external resources, communication and leadership, interaction with the press and external authorities, and more.
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
Business Impact Analysis
Unlike many other security firms, VerSprite understands financial implications associated with business disruption. Our vast industry experience allows us to consider direct and indirect costs to breaks in service and allows us to assist clients consider mitigation strategies as part of their planning. The business impact analysis (BIA) falls into a broader process as demonstrated below:
1. Risk Assessment
2. Business Impact Analysis
3. Strategy Development
4. Plan Development
5. Maintaining the Plan
Many security firms do not know how to quantify business impact outside of a qualitative descriptor (e.g. High, Medium, Low). VerSprite has long seen this as an opportunity to quantify the risks of security in real and measurable business terms. Our examination stems from regressive financial analysis of internal cost structures and other costs not clear to those unfamiliar with operational dependencies across varying industries.
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
- /
Financial Analysis
Mitigating risk must include an understanding of the financial impact associated with identified gaps. Whether those risks are cyber, physical, or environmental threats, ensure that your business impact analysis is substantiated by financial evidence. Security plans, devoid of a true understanding of financial consequences, can dilute security messaging to other security leaders. Qualify your risks with a solid financial analysis of impact areas in order to know that your security mitigation is proportionate to the impact of your security risk. VerSprite’s BIA process will put the cost of inherent security risks in perspective for your internal customers. This valuable information ties into other security initiatives such as risk and remediation management, providing greater value in engagements beyond the BCM domain.
Data/Asset Classification:
Many organizations today do not know their data flows or how their data should be classified. VerSprite helps to demonstrate a more responsible view as part of a BIA engagement. Static data discovery, mapping, and classification can provide clear qualifications as to the type of data being managed by identified data stores. VerSprite correlates this understanding with data flows that we identify as part of your Cloud, OnPrem, or hosted environments. Revisiting these data flows are performed by our team on a periodic basis that is consistent with the cadence of change within your environment and the company’s threat model. Our data classification techniques help identify the impact of data to key business processes/sub-processes, as well as regulatory factors around data privacy (e.g. GDPR, HIPAA, GLBA, etc.) or compliance (e.g. FFIEC, NCUA, FINRA, etc.)
