Podcasts about operational resilience

  • 98PODCASTS
  • 184EPISODES
  • 31mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Apr 3, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about operational resilience

Latest podcast episodes about operational resilience

IBS Intelligence Podcasts
EP850: The biggest rollout of Banking-as-a-Service so far in the UK

IBS Intelligence Podcasts

Play Episode Listen Later Apr 3, 2025 11:40


George Toumbev, Chief Commercial Officer, NatWest Boxed BaaS provider NatWest Boxed has gone live with its first customer, the AA, which will use Boxed's embedded finance platform to offer financial products to millions of personal breakdown members and insurance customers as well as the broader market. The venture marks the first time 2 leading UK brands have agreed a strategic partnership to embed financial services into the customer journey. Robin Amlôt of IBS Intelligence discusses the new offering with NatWest Boxed's CCO George Toumbev.

@BEERISAC: CPS/ICS Security Podcast Playlist
Safeguarding Operations: The Role of Cybersecurity in IT and OT Environments

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Mar 26, 2025 84:02


Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Safeguarding Operations: The Role of Cybersecurity in IT and OT EnvironmentsPub date: 2025-03-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by Peter Jackson, a seasoned expert from New Zealand with a robust background in industrial automation and cybersecurity. Together, they unravel the intricacies of balancing security with reliable operations and explore the evolving landscape of OT cybersecurity in critical infrastructure. Listen in as they discuss everything from the importance of safe operations and risk management to the nuances of vulnerability management in diverse industrial environments.  Whether you're an OT professional or an IT practitioner, this episode is packed with insights that cater to both ends of the spectrum, all shared with a passion for protecting the future of our interconnected systems.    Key Moments:  05:22 Bridging IT and OT Silos 14:53 Business Risk Beyond Cyber Concerns 17:46 "OT Security Risks in Business" 25:46 Simplifying Complex OT Management 30:10 Cybersecurity Misunderstandings in Safety Systems 36:58 Prioritizing Systems and Security Integration 39:51 Improving Business Trust Tolerance Journey 44:42 Hesitancy and Future of OT Cloud 52:07 Operational Resilience and Risk Reduction 55:26 "Assessing System Security Strategies" 58:59 Network Security Maturity Strategies 01:05:00 "Improving IT Resilience and Preparedness" 01:13:43 "Towards Improved System Security Awareness" 01:15:03 Continuous Security Improvement Basics 01:20:00 Safety First: A Unique Culture About the guest :  Peter Jackson is a passionate and dedicated professional in the field of Operational Technology (OT) security. As a long-time admirer of the work done by Tails, Peter has cultivated a deep connection with fellow enthusiasts, sharing a common bond and commitment to the industry. Emphasizing the importance of collaboration and personal interaction, he has valued opportunities to gather around the table, exchange ideas, and strengthen the sense of community among peers. Despite the challenges posed by the pandemic, Peter adapted to remote work but now relishes the return to in-person engagements, where he can once again partake in the vibrant exchange of knowledge and camaraderie that is integral to his professional identity. Feel free to follow Peter on LinkedIn: https://www.linkedin.com/in/peterjnz/ If you're interested in the NZ ICS/OT cyber community: https://icscyber.org.nz If you're interested in the work that he does with the SGS team: https://www.sgs.com/en/services/operational-technology-cyber-safety  or email global.otcyber@sgs.com Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Risk & Regulation Rundown
Operational resilience in a dynamic world - responding to evolving threats and the impact of AI - S6E10

Risk & Regulation Rundown

Play Episode Listen Later Mar 20, 2025 32:08


In this episode, host Tessa Norman is joined by Duncan Scott and Rory Spedding-Jones from PwC's Technology, Data and Resilience practice, to delve into the topic of operational resilience. Our expert guests reflect on financial services firms' ongoing operational resilience journeys, how these are likely to evolve beyond the March 2025 UK implementation deadline, and how regulatory expectations are changing. Our guests also explore the evolving resilience landscape in response to changing threats and market expectations, as well as the transformative potential for AI and other technologies to enhance firms' resilience capabilities, drive efficiencies and add value in the short and long term.You can contact our PwC speakers if you'd like to discuss any of the topics covered, at tessa.norman@pwc.com, duncan.j.scott@pwc.com and rory.spedding-jones@pwc.com.  To hear more from us on financial services risk & regulation, you can access all our regular publications at this site: https://www.pwc.co.uk/industries/financial-services/understanding-regulatory-developments.html. 

The Tech Blog Writer Podcast
3212: From Log4J to MOVEit: What Cyber Crises Teach Us About Leadership

The Tech Blog Writer Podcast

Play Episode Listen Later Mar 18, 2025 33:00


When a cyber crisis strikes, leaders face intense pressure to make rapid decisions that can determine the fate of their organizations.  In this episode, I sit down with Dan Potter, Senior Director of Operational Resilience at Immersive, to explore how leaders can effectively manage high-stakes cyber incidents. From major crises like MOVEit and Log4J to the evolving landscape of AI-driven threats, Dan shares practical insights on what businesses can learn from past events to strengthen their response strategies. We discuss the key components of a well-structured decision-making framework, how to maintain strategic focus under pressure, and why trust and psychological safety within teams are essential during a crisis. Dan also walks us through a checklist for effective leadership before, during, and after a cyber event, emphasizing the importance of continuous, hands-on training to build organizational resilience. With cyber threats becoming more sophisticated and unavoidable, organizations need more than just technical defenses—they need leaders who can navigate uncertainty and execute decisive action. Tune in to learn how to transform crisis management from a reactive scramble into a well-prepared, strategic response. Are today's business leaders truly ready for the next cyber crisis? Let's find out.  

IBS Intelligence Podcasts
EP838: Monument Technology's foray into the bank-in-a-box business

IBS Intelligence Podcasts

Play Episode Listen Later Mar 13, 2025 11:36


Steve Britain, CEO, Monument TechnologyMonument Technology's Banking-Platform-as-a-Service model is a tribute to Monument Bank, which has scaled from £1 billion in assets to £5 billion in the last 12 months. The bank created its tech stack through a combination of best-in-class solutions together with its own tech where the latter could act as a differentiator. Steve Britain, now CEO of Monument Technology was previously COO of the bank. He speaks to Robin Amlôt of IBS Intelligence about the decision to go into the bank-in-a-box business.

IBS Intelligence Podcasts
EP834: What are the key trends that will define scenario testing in the coming year?

IBS Intelligence Podcasts

Play Episode Listen Later Mar 11, 2025 11:24


Davis DeRodes, Lead Data Scientist, Fusion Risk ManagementLast year's CrowdStrike failure firmly put the need for robust scenario testing under the global spotlight. Online and app outages at some of the UK's biggest banks in early 2025 have only served to underline the need to ensure operational resilience. Davis DeRodes, Lead Data Scientist at Fusion Risk Management speaks to Robin Amlôt of IBS Intelligence about current trends in scenario testing and says 2025 will be the year of the AI agent.

Telecom Reseller
The Future of Telecom: Why Operational Resilience is Mission Critical – A Spirent Perspective, Podcast

Telecom Reseller

Play Episode Listen Later Mar 3, 2025


Anil Kollipara "You shouldn't wait around. You should be out there trying to break it, to fix it in advance," says Anil Kollipara, Vice President, Product Management, Spirent. In this edition of Technology Reseller News, publisher Doug Green sits down with Anil Kollipara, Vice President, Product Management at Spirent, to discuss a critical theme in modern telecom: operational resilience. As Mobile World Congress (MWC) approaches, the industry faces growing demands for always-on, secure, and reliable networks. Kollipara explains why continuous testing, security validation, and AI-driven automation are now essential for maintaining uptime and mitigating risk. The New Reality: Why Telecoms Must Build Resilience Now With telcos under pressure to launch new services, comply with increasing regulations, and secure networks against evolving threats, operational resilience has become a business imperative. Kollipara highlights key challenges: Rising Complexity – With 5G, cloud-native architectures, Open RAN, and AI, networks are more complex than ever, spanning multiple vendors and increasing risks. Security Threats & Compliance – As attack surfaces expand, regulators are enforcing stricter security and uptime requirements, making compliance failures costly. Customer Expectations – Downtime isn't an option. Even a short service disruption can lead to frustration, revenue loss, and customer churn. Why Traditional Testing Fails Kollipara explains that traditional telecom testing models are outdated. Many operators still assume their vendors will handle testing, which is no longer a viable approach. Recent real-world incidents, such as supply chain vulnerabilities, have cost companies hundreds of millions in losses. He emphasizes that telcos must own their testing process and adopt a zero-trust change management approach: Proactive vs. Reactive Testing – Instead of waiting for failures, operators should continuously test, stress, and break their networks in controlled environments before customers feel the impact. Continuous Testing Pipeline – A lab-to-live methodology ensures that networks are resilient at every stage—from pre-launch simulations to real-time service monitoring. Security & AI-Driven Automation – AI-powered fault detection, remediation, and security testing can predict and prevent outages before they occur. The ROI of Continuous Testing While continuous testing may seem costly, the return on investment (ROI) is undeniable. Kollipara outlines key benefits: Massive Cost Avoidance – Avoid fines, legal costs, and customer losses from regulatory non-compliance or service disruptions. Operational Efficiency – AI and automation reduce reliance on manual testing, cutting costs while increasing accuracy and speed. Customer Retention & Revenue Growth – A more reliable network leads to higher customer satisfaction, reduced churn, and new monetization opportunities. Trends to Watch at Mobile World Congress As MWC 2025 kicks off, AI-driven testing, cloud-native resilience, and next-gen security strategies will be major talking points. Kollipara teases some of the latest innovations Spirent will showcase: AI Agents for Network Operations – Accelerating root cause analysis and remediation of issues in real-time. SCNF Resiliency Testing – A new test category focused on validating how telecom applications behave in cloud-native failures. 5G & Edge Security Strategies – How operators can harden security as networks expand beyond traditional data centers. Learn More & Meet Spirent at MWC For a deeper dive into operational resilience, continuous testing, and AI-driven automation, visit Spirent's website. If you're attending Mobile World Congress, be sure to connect with Anil Kollipara and the Spirent team for expert insights into the future of telecom resilience. Description of Spirent: Spirent Communications plc.

Legacy
Harnessing the Power of Modern Communication

Legacy

Play Episode Listen Later Mar 3, 2025 26:17


Want the secrets to building a resilient business and learn how to future-proof your entrepreneurial journey with insights from our guest, Phil Portman. Listen as Phil shares his inspiring transformation from a difficult upbringing to becoming a successful entrepreneur, motivated by the desire to secure a stable future for his autistic son. Discover the importance of moving from micromanaging to empowering your team and creating systems that ensure your business can thrive independently, even in your unexpected absence. Phil's personal anecdotes shed light on crucial strategies, including estate planning and key person life insurance, that safeguard your business legacy. Stay ahead of the curve in communication technology with our exploration of the rising trend of text messaging in the U.S., particularly among those under 50. Phil and I discuss the immediacy and convenience of text messaging in urgent scenarios, illustrated by personal stories. We also tackle the challenges posed by spam and phishing, unveiling how the industry, alongside Phil's company Textdrip, is innovating solutions like delivery tracking and spam prevention. This episode is a compelling blend of business wisdom and tech insights, designed to equip you with the knowledge to both secure your business operations and enhance your communication strategies.   Timestamps 00:00:00 - Introduction and Welcome to Business Legacy Podcast 00:00:37 - Phil Portman's Early Life and Motivation for Entrepreneurship 00:02:15 - Transition from Micromanaging to Empowering the Team 00:04:00 - The Importance of Estate Planning and Key Person Life Insurance 00:05:30 - Personal Anecdote: Business Associate's Health Crisis and Lessons Learned 00:07:00 - Strategies for Operational Resilience and Testing Systems 00:09:00 - Introduction to Text Messaging as a Preferred Communication Method 00:10:15 - Personal Experiences with the Convenience of Text Messaging 00:11:30 - Industry Challenges: Spam and Phishing in Text Messaging 00:12:51 - Textdrip's Innovative Solutions for Delivery Tracking and Spam Prevention 00:15:00 - Early Development and Challenges in Creating Textdrip 00:17:00 - Success in Targeting the Insurance Industry with Textdrip 00:18:45 - Advantages of Text Messaging Over Traditional Communication Methods 00:20:15 - Threats and Solutions for Future Text Messaging Security 00:22:30 - Ensuring High Deliverability and Accurate Reporting with Textdrip 00:24:00 - Case Study: Overwhelming Success of a Text Campaign 00:26:00 - The Importance of Personalized Customer Service at Textdrip 00:27:30 - Closing Remarks and Information on Trying Textdrip and Following Phil Portman   Episode Resources: Check out what Phil is up to at Textdrip here: https://textdrip.com/ Legacy Podcast: For more information about the Legacy Podcast and its co-hosts, visit businesslegacypodcast.com. Leave a Review: If you enjoyed the episode, leave a review and rating on your preferred podcast platform. For more information: Visit businesslegacypodcast.com to access the shownotes and additional resources on the episode.

Service Management Leadership Podcast with Jeffrey Tefertiller
Service Management Leadership - Operational Resilience, Part 4

Service Management Leadership Podcast with Jeffrey Tefertiller

Play Episode Listen Later Feb 24, 2025 7:15


In this episode, Jeffrey discusses the State of Resilience Report from Cockroach Labs. This is Part 4 of 4. Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.   Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Service Management Leadership Podcast with Jeffrey Tefertiller
Service Management Leadership - Operational Resilience, Part 3

Service Management Leadership Podcast with Jeffrey Tefertiller

Play Episode Listen Later Feb 17, 2025 4:43


In this episode, Jeffrey discusses the State of Resilience Report from Cockroach Labs. This is Part 3 of 4. Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.   Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

UPGRADE 100 by Dragos Stanca
DIGITALINATION | Digital Operational Resilience Act: Plăți online mai sigure sau Încurcă-Inovație?

UPGRADE 100 by Dragos Stanca

Play Episode Listen Later Feb 17, 2025 74:05


Trăim într-o lume a schimbării continue: de la primele monede, la cardurile bancare și, în ziua de azi, la asset-uri digitale, modul în care efectuăm plăți a evoluat constant.Nu e, însă, singurul lucru în schimbare. Riscurile informatice din prezent sunt un pericol constant, iar instituțiile financiar-bancare sunt printre cele mai des vizate ținte. Îmbinând digitalizarea cu protecția informatică, Uniunea Europeană a conceput DORA, sau Digital Operational Resilience Act, ale cărui aspecte, fie ele reușite sau nu, le-am dezbătut în această ediție.Invitata lui Marian Hurducaș și a colegului său de Upgrade 100 Live Talks în ediție Digitalination, Radu Puchiu, expertul în e-guvernare al Upgrade 100: Raluca Micu, economistă și Șefa Serviciului Monitorizarea plăților și instrumentelor de plată, BNR.

Risky Women Radio
2025 Top Compliance Priorities

Risky Women Radio

Play Episode Listen Later Feb 11, 2025 35:56 Transcription Available


Kimberley Cole hosts Risky Women Radio with guests Carol Beaumier and Bernadine Reese to discuss the top compliance issues in 2025. They reflect on 2024, highlighting the impact of US Supreme Court decisions on regulatory authority and a UK court ruling on discretionary commissions. They discuss the importance of AI in compliance, the need for dynamic risk assessments, and the challenges of global alignment on regulations. Key priorities for 2025 include AI, financial crime, operational resilience, and third-party risk management. They emphasize the importance of leveraging technology, ongoing training, and focusing on outcomes to improve compliance effectiveness. SHOW NOTES 04:42 Review of 2024 Compliance Developments 11:17 2025 Compliance Priorities and Regional Views 17:12 Unique Considerations for Compliance Organizations 24:21 Regional Challenges and Horizon Scanning 29:20 Final Recommendations for Compliance Departments

Service Management Leadership Podcast with Jeffrey Tefertiller
Service Management Leadership - Operational Resilience, Part 2

Service Management Leadership Podcast with Jeffrey Tefertiller

Play Episode Listen Later Feb 10, 2025 7:41


In this episode, Jeffrey discusses the State of Resilience Report from Cockroach Labs. This is Part 2 of 4. Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.   Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Paul's Security Weekly
Enforcement of the Digital Operational Resilience Act (DORA) - Madelein van der Hout - BSW #381

Paul's Security Weekly

Play Episode Listen Later Feb 5, 2025 62:04


From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption — whether due to cyberattacks, system failures, or operational incidents— can have severe consequences.    The Digital Operational Resilience Act (DORA) provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole. Madelein van der Hout, Senior Analyst at Forrester, joins Business Security Weekly to discuss why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU, including fines up to 2% of global annual turnover or €10 million—whichever is higher. In the leadership and communications segment, Cybersecurity Responsibilities Across the C-Suite: A Breakdown for Every Executive, Humble Leaders Inspire Others to Step Up, Effective Communication in the Workplace, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-381

Paul's Security Weekly TV
Enforcement of the Digital Operational Resilience Act (DORA) - Madelein van der Hout - BSW #381

Paul's Security Weekly TV

Play Episode Listen Later Feb 5, 2025 32:37


From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption — whether due to cyberattacks, system failures, or operational incidents— can have severe consequences.    The Digital Operational Resilience Act (DORA) provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole. Madelein van der Hout, Senior Analyst at Forrester, joins Business Security Weekly to discuss why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU, including fines up to 2% of global annual turnover or €10 million—whichever is higher. Show Notes: https://securityweekly.com/bsw-381

Business Security Weekly (Audio)
Enforcement of the Digital Operational Resilience Act (DORA) - Madelein van der Hout - BSW #381

Business Security Weekly (Audio)

Play Episode Listen Later Feb 5, 2025 62:04


From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption — whether due to cyberattacks, system failures, or operational incidents— can have severe consequences.    The Digital Operational Resilience Act (DORA) provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole. Madelein van der Hout, Senior Analyst at Forrester, joins Business Security Weekly to discuss why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU, including fines up to 2% of global annual turnover or €10 million—whichever is higher. In the leadership and communications segment, Cybersecurity Responsibilities Across the C-Suite: A Breakdown for Every Executive, Humble Leaders Inspire Others to Step Up, Effective Communication in the Workplace, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-381

Business Security Weekly (Video)
Enforcement of the Digital Operational Resilience Act (DORA) - Madelein van der Hout - BSW #381

Business Security Weekly (Video)

Play Episode Listen Later Feb 5, 2025 32:37


From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption — whether due to cyberattacks, system failures, or operational incidents— can have severe consequences.    The Digital Operational Resilience Act (DORA) provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole. Madelein van der Hout, Senior Analyst at Forrester, joins Business Security Weekly to discuss why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU, including fines up to 2% of global annual turnover or €10 million—whichever is higher. Show Notes: https://securityweekly.com/bsw-381

Service Management Leadership Podcast with Jeffrey Tefertiller
Service Management Leadership - Operational Resilience, Part 1

Service Management Leadership Podcast with Jeffrey Tefertiller

Play Episode Listen Later Feb 3, 2025 8:46


In this episode, Jeffrey discusses the State of Resilience Report from Cockroach Labs. This is Part 1 of 4. Each week, Jeffrey will be sharing his knowledge on Service Delivery (Mondays) and Service Management (Thursdays). Jeffrey is the founder of Service Management Leadership, an IT consulting firm specializing in Service Management, Asset Management, CIO Advisory, and Business Continuity services.  The firm's website is www.servicemanagement.us.   Jeffrey has been in the industry for 30 years and brings a practical perspective to the discussions. He is an accomplished author with seven acclaimed books in the subject area and a popular YouTube channel with approximately 1,500 videos on various topics.  Also, please follow the Service Management Leadership LinkedIn page.

Tech Law Talks
Navigating the Digital Operational Resilience Act

Tech Law Talks

Play Episode Listen Later Jan 28, 2025 15:17 Transcription Available


Catherine Castaldo, Christian Leuthner and Asélle Ibraimova  break down DORA, the Digital Operational Resilience Act, which is new legislation that aims to enhance the cybersecurity and resilience of the financial sector in the European Union. DORA sets out common standards and requirements for these entities so they can identify, prevent, mitigate and respond to cyber threats and incidents as well as ensure business continuity and operational resilience. The team discusses the implications of DORA and offers insights on applicability, obligations and potential liability for noncompliance. This episode was recorded on 17 January 2025. ----more---- Transcript:  Intro: Hello, and welcome to Tech Law Talks, a podcast brought to you by Reed Smith's Emerging Technologies Group. In each episode of this podcast, we will discuss cutting-edge issues on technology, data, and the law. We will provide practical observations on a wide variety of technology and data topics to give you quick and actionable tips to address the issues you are dealing with every day.  Catherine: Hi, everyone. I'm Catherine Castaldo, a partner in the New York office of Reed Smith, and I'm in the EmTech Group. And I'm here today with my colleagues, Christian and Asélle, who I'll introduce themselves. And we're going to talk to you about DORA. Go ahead, Christian. Christian: Hi, I'm Christian Leuthner. I'm a Reed Smith partner in the Frankfurt office, focusing on IT and data protection law.  Asélle: And I'm Asélle Ibraimova. I am a council based in London. And I'm also part of the EmTech group, focusing on tech, data, and cybersecurity.  Catherine: Great. Thanks, Asélle and Christian. Today, when we're recording this, January 17th, 2025, is the effective date of this new regulation, commonly referred to as DORA. For those less familiar, would you tell us what DORA stands for and who is subject to it? Christian: Yeah, sure. So DORA stands for the Digital Operational Resilience Act, which is a new regulation that aims to enhance the cybersecurity and resilience of the financial sector in the European Union. It applies to a wide range of financial entities, such as banks, insurance companies, investment firms, payment service providers, crypto asset service providers, and even to critical third-party providers that offer services to the financial sector. DORA sets out common standards and requirements for these entities to identify, prevent, mitigate, and respond to cyber threats and incidents as well, as to ensure business continuity and operational resilience.  Catherine: Oh, that's comprehensive. Is there any entity who needs to be more concerned about it than others, or is it equally applicable to all of the ones you listed?  Asélle: I can jump in here. So DORA is a piece of legislation that wants to respect proportionality and allow organizations to deal with DORA requirements that will be proportionate to their size, to the nature of the cybersecurity risks. So, for example, micro-enterprises or certain financial entities that have only a small number of members will have a simplified ICT risk management framework under DORA. I also wanted to mention that DORA applies to financial entities that are outside of the EU, but provide services in the EU so they will be caught. And maybe just to also add in terms of the risks. It's not only the size of the financial entities that matter in terms of how they comply with the requirements of DORA, but also the cybersecurity risk. So let's say an ICT third-party service provider, the risk of that entity will depend on the nature of that service, on the complexity, on whether that service supports critical or important function of the financial entity, generally dependence on ICT service provider and ultimately on its potential to disrupt the services of that financial entity.  Catherine: So some of our friends might just be learning about this by listening to the podcast. So what does ICT stand for, Asélle?  Asélle: It is informational communication technology. So in other words, it's anything that a financial entity receives as a service or a product digitally. It also covers ICT services provided by a financial entity. So, for example, if a financial entity offers a platform for fund or investment management or a piece of software or its custodian services are provided digitally, those services will also be considered an ICT service. And those financial entities will need to cover their customer-facing contracts as well and make sure DORA requirements are covered in the contracts.  Catherine: Thank you for that. What are some of the risks for noncompliance? Christian: The risks for noncompliance with DORA are significant and could entail both financial and reputational consequences. First of all, DORA empowers the authorities to impose administrative sanctions and corrective measures on entities that breach its provisions. Which could range from warnings and reprimands to fines and penalties to withdrawals of authorization and licenses, which could have significant impact on the business of all the entities. The level of sanctions and measures will depend on the nature, gravity and duration of the breach, as well as on the entity's cooperation and remediation efforts. So better be positive to help the authority in case they identify the breach. Second, non-compliance with DORA could also expose entities to legal actions and claims from the customers, investors, or other parties that might suffer losses or damages as a result of cyber incident or disruption of service. And third, non-compliance with DORA could also damage the entity's reputation and trustworthiness in the market and affect its competitive advantage and customer loyalty. Therefore, entities should take DORA seriously and ensure that they comply with its requirements and expectations.  Catherine: If I haven't been able to start considering DORA, and I think it might be applicable to me, where should I start?  Asélle: It's actually a very interesting question. So from our experience. We see large financial entities such as banks, etc. Look at this comprehensively. Comprehensively, obviously, all financial entities had quite a long time to prepare, but large organizations seem to look at it more comprehensively and have done the proper assessment of whether or not their services are caught. But we are still getting quite a few questions in terms of whether or not DORA applies to a certain financial entity type. So I think there are quite a few organizations out there who are still trying to determine that. But once that's clear although DORA itself is quite a long kind of piece of legislation, in actual fact, it is further clarified in various regulatory technical standards and implementing technical standards, and they clarify all of the cybersecurity requirements that actually appear quite generic in DORA itself. So those RTS and ITS are quite lengthy documents and are all together around 1,000 pages. So that's where kind of the devil is in the detail there and organizations will find it may appear quite overwhelming. So I would start by assessing whether DORA applies, which services, which entities, which geographies. Once that's determined, it's important to identify whether financial entities' own services may be deemed ICT services, as I just explained earlier. The next step in my mind would be to check whether the services that are caught also support critical or important functions, and also when kind of making registries of third party ICT service providers, also making sure, kind of identifying those separately. And the reason is quite a few of the requirements, additional requirements applied to critical and important functions. For example, the incident reporting obligations and requirements in terms of contractual agreements. And then I would look at updating contracts, first of all, with important ICT service providers, then also checking if customer-facing contracts need to be updated if the financial entity is providing ICT services itself. And also not forgetting the intra-group ICT agreements where, for example, a parent company is providing data storage or word processing services to its affiliates in Europe. So they should be covered as well.  Catherine: If we were a smaller company or a company that interacts in the financial services sector, can we think of an example that might be helpful for people listening on how I could start? Maybe what's the example of a smaller or middle-sized company that would be subject to this? And then who would they be interacting with on the ICT side?  Asélle: Maybe an example of that could be an investment fund or a pensions provider. I think most of this compliance effort when it comes to DORA will be driven by in-house cybersecurity teams. So they will be updating their risk management and risk frameworks. But any updates to policies, whenever they have to be looked at, I think will need to be reviewed by legal and incident reporting policies, contract management policies, I don't think they depend on size. If there are ICT service providers supporting critical or important functions, additional requirements will apply regardless of whether you're a small or a large organization. It's just the measures will depend on what level of risk, say, certain ICT service provider presents. So if this internal cybersecurity team has kind of put, you know, all the risk, all the IST assets in buckets and all the third-party IST services in various buckets based on criticality, then that would make the job of legal and generally compliance much easier. However, what we're seeing right now is that all of that work is happening all at the same time in parallel as people are rushing to get compliance. So that will mean that there may be gaps and inconsistencies and I'm sure they can be patched later.  Catherine: Thank you for that. So just another follow-up question, maybe Christian can respond, would my data center contract be subject to DORA regulations if I was a financial services entity? Christian: It's worth to look into that and see if it's an ICT provider that you use to provide your services. So I'm pretty sure you need to look into that and see if you can implement at least the contractual requirements that arise from DORA.  Asélle: I would just add to support Christian's response and say that the definition of ICT services is quite broad and covers digital and data services provided through ICT systems. So, I mean, as you can see, it's just so generic and I'm pretty sure it would cover data centers, but I guess not directly because say a financial entity was receiving a service of a cloud service provider, then data centers are probably a second or third kind of level subcontractor. And unfortunately, or fortunately, DORA has very detailed requirements in terms of subcontracting and the obligations don't stop at a certain level. Therefore, data centers are likely to be caught somehow and will be receiving DORA addenda to their contracts.  Catherine: Thank you for that clarification. I was, like probably many people have tried to digest this regulation, a little confused on how broad the coverage for information and communication technology went. But that's very helpful then, I'm sure. Any final thoughts?  Asélle: We are helping a few organizations and learning a lot as we work with them. And the legislation is pretty complex and requires in-house teams to work together as well. And Christian and I would be very happy to assist and navigate this complex framework. Christian: And if you haven't started yet, of course, it's a huge regulation. There's so many requirements to tackle, but there's one day you have to start. So then start today, look into it, and implement the requirements that arise from DORA.  Catherine: Well, thank you so much, Christian and Asélle, and everybody, as we said before, we're talking about DORA today, because today, January 17th, is the day that it becomes effective. So if, like Christian said, you haven't started, today's a good day to start. And I'm sure you can reach out to one of my colleagues to get some assistance. Thanks for joining. Christian: Thanks for having us, Catherine.  Asélle: It was a pleasure. Thank you.  Outro: Tech Law Talks is a Reed Smith production. Our producers are Ali McCardell and Shannon Ryan. For more information about Reed Smith's emerging technologies practice, please email techlawtalks@reedsmith.com. You can find our podcasts on Spotify, Apple Podcasts, Google Podcasts, reedsmith.com, and our social media accounts.  Disclaimer: This podcast is provided for educational purposes. It does not constitute legal advice and is not intended to establish an attorney-client relationship, nor is it intended to suggest or establish standards of care applicable to particular lawyers in any given situation. Prior results do not guarantee a similar outcome. Any views, opinions, or comments made by any external guest speaker are not to be attributed to Reed Smith LLP or its individual lawyers.  All rights reserved.  Transcript is auto-generated.

Connected With Latham
Episode 93 – EU's Digital Operational Resilience Act: What You Should Know and How to Stay Compliant

Connected With Latham

Play Episode Listen Later Jan 16, 2025 19:34


The deadline for the EU's Digital Operational Resilience Act (DORA) has arrived. This regulation applies to most financial entities operating in the EU market and impacts a broad range of third-party providers of technology-related services. In this episode of Connected with Latham, Christian McDermott and Alain Traill explore the key changes introduced by DORA, its broad territorial scope, the types of entities that will be impacted, and what compliance is likely to involve for each of them.   This podcast is provided as a service of Latham & Watkins LLP. Listening to this podcast does not create an attorney client relationship between you and Latham & Watkins LLP, and you should not send confidential information to Latham & Watkins LLP. While we make every effort to assure that the content of this podcast is accurate, comprehensive, and current, we do not warrant or guarantee any of those things and you may not rely on this podcast as a substitute for legal research and/or consulting a qualified attorney. Listening to this podcast is not a substitute for engaging a lawyer to advise on your individual needs. Should you require legal advice on the issues covered in this podcast, please consult a qualified attorney. Under New York's Code of Professional Responsibility, portions of this communication contain attorney advertising. Prior results do not guarantee a similar outcome. Results depend upon a variety of factors unique to each representation. Please direct all inquiries regarding the conduct of Latham and Watkins attorneys under New York's Disciplinary Rules to Latham & Watkins LLP, 1271 Avenue of the Americas, New York, NY 10020, Phone: 1.212.906.1200

Eversheds Sutherland – Legal Insights (audio)
Operational resilience for Financial Services: Senior Managers and Certification Regime

Eversheds Sutherland – Legal Insights (audio)

Play Episode Listen Later Dec 18, 2024 15:21


We're delighted to share the first episode in this short legal insights podcast series where we explore some of the legal risks that operational disruptions pose to financial services in this evolving, technology-driven, global enterprise landscape.   In this episode, our speakers discuss the operational risks associated with the UK's Senior Managers and Certification Regime (SMCR).

Die Presse 18'48''
Digital Operational Resilience Act: Stellt DORA die Finanzindustrie auf die Probe?

Die Presse 18'48''

Play Episode Listen Later Dec 14, 2024 12:26


**Anzeige** Cyberangriffe sind in der heutigen Wirtschaftswelt allgegenwärtig und besonders die Finanzindustrie mit ihren wertvollen Daten gerät zunehmend ins Visier. Der von der EU verabschiedete Digital Operational Resilience Act (DORA) soll die digitale Widerstandsfähigkeit der Branche stärken. Die Umsetzungsfrist bis zum 17. Januar 2025 stellt für Finanzunternehmen und ihre IT-Drittanbieter eine erhebliche Herausforderung dar. Wie gut sind sie darauf vorbereitet?

GARP Risk Podcast
Operational Resilience: Current Challenges and the Road Ahead

GARP Risk Podcast

Play Episode Listen Later Dec 13, 2024 26:50


Hear from Pedro Morales, the Director and Global Head of AML/Sanctions Compliance at Google, about AI, cyber threats, fraud, third-party risk, regulation and other complex operational resilience obstacles, trends and risks. The Federal Reserve defines operational resilience as the ability to deliver operations, including critical operations and core business lines, through a disruption from any hazard. In an interconnected world rife with volatility and uncertainty, there are certainly a plethora of hazards that can disrupt a business, and managing operational resilience is therefore a daunting task. At financial institutions, the operational resilience umbrella covers everything from AI, geopolitical threats and cyber risk to fraud, money laundering, IT outrages, third-party risk and disaster recovery. Indeed, on any given day, an operational resilience leader could have to contend with, for example, a cyberattack, an AI threat, a money-laundering scheme, or the fallout from a natural disaster or from wars in Eastern Europe and the Middle East. Governance and regulatory obstacles, moreover, also come with the job. With so many different problems to contend with, there's not necessarily a one-size-fits-all approach for operational resilience. But a manager must stay on top of trends and be aware of all potential risks, while also following best practices – all as part of an effort to withstand, adapt and recover from disruptive events. *The views expressed by our guest speaker, Pedro Morales, are his alone and do not necessarily reflect those of his employer. Relevant Links: GARP Benchmarking Initiative Risk Intelligence: Operational Risk   Speaker's Bio Pedro Morales is the Director and Global Head of AML/Sanctions Compliance for Google. He previously served as Google's Global Head of Enterprise Risk Management for Payments, and has also worked in various leadership roles at the Federal Reserve Bank of New York, where he supervised large banks.

Talking Logistics Podcasts
[Video] Operational Resilience in Action: A Practical Guide for Supply Chain Leaders

Talking Logistics Podcasts

Play Episode Listen Later Dec 1, 2024


So, how resilient is your supply chain? The honest answer for many companies, which they learned the hard way during the Covid pandemic, is that their supply chains are not very resilient — that is, not able to adapt and recover from disruptions very quickly and effectively. That is why, over the past few years, ... Read more The post [Video] Operational Resilience in Action: A Practical Guide for Supply Chain Leaders appeared first on Talking Logistics with Adrian Gonzalez.

healthsystemCIO.com
Examining Cyber’s Role in the Development of Business Continuity Plans that Strengthen Operational Resilience

healthsystemCIO.com

Play Episode Listen Later Nov 21, 2024 60:36


In addition to working towards preventing breaches, cybersecurity leaders and their teams must devote significant resources to planning for an efficient recovery when one happens. That's because for every day, the organization's IT systems are down, operational resilience is impacted, and the financial drain worsens. So just what should cyber leaders be doing to prepare? What steps can be taken inside cybersecurity, within IT, and then in collaboration with operational units and emergency management to ensure all affected by an outage will be on the same page until the applications come back on? In this timely webinar, we'll speak to leaders who are building an understanding of operations and key relationships that will be required to weather a cyber-outage storm. Source: Examining Cyber’s Role in the Development of Business Continuity Plans that Strengthen Operational Resilience on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

Preparing for the Unexpected
Operational Resilience / Women in Resilience w/ Ratna Pawan

Preparing for the Unexpected

Play Episode Listen Later Nov 7, 2024 60:00


Join me as I talk with respected globally recognized operational risk, business continuity, and risk expert, and chair of the BCI's Women in Resilience Interest Group, Ratna Pawan. During our discussion we touch on two topics: Operational Resilience and Women in Resilience. 1. Operational Resilience (OpR) a. Defining operational resilience, b. OpR is BCM done well (neither of us like this comment), c. Risk awareness, d. OpR ownership, e. Understanding the inter-relationships, f. BCM as an OpR professional, g. Why other areas need to pay attention to OpR...and more! 2. Women in Resilience (WiR) a. What WiR? b. WiR initiatives, c. The challenges being faced, d. Allies and equality, e. Contacting and being part of the WiR interest group...and more! Ratna share some great insights into Operational Resilience and talks candidly about the BCI's Women in Resilience group - the successes and the challenges. Don't miss what Ratna has to share. Enjoy!

Preparing for the Unexpected
PART 2 - Personal Resilience w/ Jason Hoss

Preparing for the Unexpected

Play Episode Listen Later Oct 24, 2024 60:00


It's part 2 of my talk with resilience specialist, Jason Hoss, as we continue out discussion on personal resilience and how it helps establish strong organizational and operational resilience within our businesses. We use our own stories of resilience to help understand how the personal side of resilience will help build and influence Organizational and Operational Resilience. You don't want to miss these stories - both personal and professional. Perhaps they'll help you on your organization's path of resilience. Enjoy!

Preparing for the Unexpected
PART 1: Personal Resilience w/ Jason Hoss

Preparing for the Unexpected

Play Episode Listen Later Oct 17, 2024 60:00


To help establish strong organizational and operational information within our businesses, one first must start with personal resilience; the foundation upon which you can build and influence Organizational and Operational Resilience. I speak with resilience specialist and friend, Jason Hoss, as we share our own stories - the good, the bad, and the ugly - about our own journeys of resilience. You don't want to miss these stories - both personal and professional. Perhaps they'll help you on your organization's path of resilience. Enjoy!

Risky Women Radio
Digitizing Enterprise & Governance Programs: Anna Mazzone

Risky Women Radio

Play Episode Listen Later Oct 3, 2024 46:52 Transcription Available


Kimberley Cole interviews Anna Mazzone, VP of Risk Security and ESG at ServiceNow, about her career and the digitization of enterprise and governance programs. Mazzone discusses her journey from Bank of America to Reuters, SuperDerivatives, and Markit, highlighting her role in building the KYC managed service. She explains ServiceNow's platform, which integrates data from various enterprise functions to enhance decision-making. Mazzone emphasizes the importance of digitizing enterprise processes, understanding third-party risks, and implementing AI governance. She advises focusing on people, quick wins, and strategic partnerships to drive successful change and improve operational resilience. SHOW NOTES03:09 Career journey 10:08 What is ServiceNow 14:19 Creating Impact 21:38 Digitizing the Enterprise and Governance Programs 33:30 Opportunities and Challenges in GRC 40:48 Final Thoughts and Recommendations More great risk content and transcript: https://www.riskywomen.org/2024/10/podcast-s7e7-digitizing-enterprise-governance-programs-anna-mazzone/

Cybercrime Magazine Podcast
Hidden Risk. The Digital Operational Resilience Act (DORA). Jeffrey Wheatman, Black Kite.

Cybercrime Magazine Podcast

Play Episode Listen Later Sep 3, 2024 11:09


Jeffrey Wheatman is the SVP, Cyber Risk Evangelist at Black Kite. In this episode of Hidden Risk, he joins host Scott Schober to discuss the Digital Operational Resilience Act, or DORA, a European Union (EU) regulation that aims to improve the cybersecurity and operational resilience of financial institutions. and how it builds on existing laws, such as the NIS Directive and GDPR, to close gaps in digital risk management. An award-winning intelligence platform, Black Kite is disrupting traditional third-party risk management practices worldwide by providing cybersecurity experts with full visibility they've never experienced before. Learn more about our sponsor at https://blackkite.com.

Preparing for the Unexpected
Encore Security & Operational Resilience w/ Steve Hindle

Preparing for the Unexpected

Play Episode Listen Later Aug 29, 2024 60:00


Operational Resilience is a key area of focus of many organizations. I'm joined my seasoned security strategist and specialist Steve ‘Stitch' Hindle, as we talk about Security & Operational Resilience in terms and perspectives different from the usual run-of-the-mill chatter. During our chat we touch on: 1. Disruptive events, 2. It's OK to fail, 3. People empowerment, 4. Driven by the top, 5. Operational Resilience (Defined), 6. Bringing people together, 7. Experiencing resistance, 8. Feedback (it flows in both directions), 9. 3 Pillars of Cyber Security (People, Technology, Process), 10. Testing it all, 11. Embedded assumptions, 12. Using technology the right way, 13. Making lives better...and more. Don't miss Steve's take on these topics, as they will provide you and your organization some amazing insights into Security & Operational Resilience. Enjoy!

Paul's Security Weekly TV
Operational Resilience in Healthcare & Zscaler Uncovers Record-Breaking Ransom - Marty Momdjian, Brett Stone-Gross - ESW #372

Paul's Security Weekly TV

Play Episode Listen Later Aug 17, 2024 32:10


Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them! Show Notes: https://securityweekly.com/esw-372

Enterprise Security Weekly (Video)
Operational Resilience in Healthcare & Zscaler Uncovers Record-Breaking Ransom - Marty Momdjian, Brett Stone-Gross - ESW #372

Enterprise Security Weekly (Video)

Play Episode Listen Later Aug 17, 2024 32:10


Many cybersecurity experts are calling recent attacks on healthcare more sophisticated than ever. One attack disrupted prescription drug orders for over a third of the U.S. and has cost $1.5 billion in incident response and recovery services. Separately, an operator of over 140 hospitals and senior care facilities in the U.S. was also victimized. These attacks are becoming all too common. Disruptions can lead to life-and-death situations with massive impacts on patient care. All industries, especially healthcare, have to better prepare for ransomware attacks. Are you ready to turn the tables on threat actors? Marty Momdjian, Semperis EVP and General Manager provides advice on how hospitals can regain the upper hand. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! The annual report details the latest ransomware attack trends and targets, ransomware families, and effective defense strategies. Findings in the report uncovered an 18% overall increase in ransomware attacks year-over-year, as well as a record-breaking ransom payment of US$75 million – nearly double the highest publicly known ransomware payout – to the Dark Angels ransomware group. Segment Resources: For a deeper dive into best practices for protecting your organization and the full findings, download the Zscaler ThreatLabz 2024 Ransomware Report Link below - https://zscaler.com/campaign/threatlabz-ransomware-report This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them! Show Notes: https://securityweekly.com/esw-372

Preparing for the Unexpected
Operational Resilience, Vendor & Enterprise Risk Mgmt w Terry Lee

Preparing for the Unexpected

Play Episode Listen Later Aug 8, 2024 60:00


Join me as I with with leading resilience and risk expert, Terry Lee. During today's discussion we touch on 3 key important topics: Operational Resilience, Vendor Risk Management, and Enterprise Risk Management. 1. Operational Risk ( Defining OpR, Leadership confidence, Risk as an opportunity, Who 'owns' OpR, Where OpR resides in an organization...and more!) 2. Vendor Risk Mgmt. (The difference between supply chain mgmt. and vendor risk mgmt., Regulatory standards, Vendor assessments, NDAs and obtaining necessary information, Testing with vendors...and more!) 3. Enterprise Risk Mgmt. (BCM and ERM, Changing Cultures, risk registry, Risk in motion, Model risks...and more!) Terry shares a wealth of great information and insights that all business leaders and contingency/resilience professionals can benefit from. Don't miss what Terry has to share. Enjoy!

Preparing for the Unexpected
Starting a BCM Program from Scratch w/ Yusus Ukaye

Preparing for the Unexpected

Play Episode Listen Later Jul 18, 2024 60:00


Join me as I talk with experienced Operational Resilience and Business Continuity professional, Yusuf Ukaye, as we talk on the topic of Starting a BCM Program from Scratch. During our discussion we talk about: 1. Asking the right questions (What are we protecting? and more), 2. Impacts of not doing what you do, 3. Feeling about risk, 4. Good governance, 5. RACI, 6. It's NOT a project, 7. Everyday BC usage, 8. Building roadmaps, 9. Articulating needs, 10. Standards and guidelines, 11. Stakeholders, 12. Soft Skills, 13. Escalate and communicate w/ leaders, 14. Looking for support, 15. Listen more, 16. Be aware of the human element, 17. Validating you're on the right track, 18. Understanding assumptions and dependencies, 19. Communications...and more! Yusuf provides lots of great insights for those new to the field to help them get started, but also some insights to those that might be wondering why their program isn't as effective as it could be. Don't miss what Yusuf has to share. Enjoy!

ServiceNow Podcasts
Operational Resilience: Beyond the Checkbox

ServiceNow Podcasts

Play Episode Listen Later Jun 25, 2024 21:43


In this episode of the Innovation Today podcast, host Jim Van Over welcomes Andrew VanWagoner, EMA ServiceNow Platform Lead and a ServiceNow Certified Master Architect at KPMG and a ServiceNow certified master architect, to discuss the critical importance of operational resilience in today's dynamic business environment.See omnystudio.com/listener for privacy information.

ServiceNow Podcasts
Navigating Operational Resilience and AI in Modern Risk Management

ServiceNow Podcasts

Play Episode Listen Later Jun 25, 2024 28:33


In this episode, host Jim Van Over, Field Innovation Officer at ServiceNow, interviews Dan Prior, Partner, Risk Technology at EY. Together, they discuss the challenges and opportunities in operational resilience and the transformative impact of AI on risk management and business operations.See omnystudio.com/listener for privacy information.

VMware Communities Roundtable
#692 - Navigating AI Security Compliance and Operational Resilience w/ Bob Plankers

VMware Communities Roundtable

Play Episode Listen Later Jun 5, 2024


The Payments Podcast
Operational Resilience Rules for Organizations: What You Need to Know

The Payments Podcast

Play Episode Listen Later May 28, 2024 20:33


To ensure financial stability in the UK, banks and other financial service firms operating in the UK must be ready to handle unexpected disruptions to their services. Our guest, Richard Ransom, discusses the UK's new legislation (SS1/21) and the responsibility firms have to mitigate any risk, minimize impact, and continue providing essential services regardless of the cause of the disruption.

ITSPmagazine | Technology. Cybersecurity. Society
From Data to Defense. Behind the Scenes of the DirectDefense's Threat Report Insights | A Brand Story Conversation From RSA Conference 2024 | A DirectDefense Story with Jim Broome | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 8, 2024 21:19


In cybersecurity, understanding the constantly evolving landscape of threats is key to safeguarding digital assets and sensitive information. DirectDefense, a leading security services provider, offers valuable insights into the world of threat intelligence through a candid conversation with Jim Broome, the Director of DirectDefense. In a recent discussion with Sean Martin, they delved into the nuances of IT and OT convergence, network separation, and the critical significance of threat reports.Uncovering Threat Intelligence TrendsThe dialogue between Sean Martin and Jim Broome sheds light on the intricate details of threat intelligence gathered by DirectDefense. Jim Broome's extensive experience in the industry, coupled with DirectDefense's commitment to cybersecurity excellence, unveils compelling narratives of threat actors, attack methodologies, and strategic responses to mitigate risks effectively.From Penetration Testing to Managed Services: DirectDefense's EvolutionJim Broome narrates DirectDefense's journey from its inception, focusing on core services like penetration testing and managed services. The shift towards leveraging threat reports to provide actionable insights to clients showcases DirectDefense's proactive approach in addressing emerging cyber threats effectively.The Impact of Threat Actor Behavior on Security PostureThrough real-world examples like the Scattered Spider threat group's activities, Jim Broome highlights the direct impact of threat actor behavior on organizations. By dissecting attack vectors and lessons learned from engagements with threat actors, DirectDefense empowers clients with the knowledge to strengthen their security postures.Collaboration and Customized SolutionsJim Broome emphasizes the value of collaboration and customization in cybersecurity services. By tailoring alerts, response strategies, and monitoring solutions to suit each client's unique environment, DirectDefense fosters a culture of resilience and preparedness against potential cyber threats.Empowering Organizations with Actionable InsightsThe blog post underscores the importance of utilizing threat reports to gain actionable insights and establish robust security protocols. DirectDefense's approach to presenting information in a tangible and practical manner resonates with organizations seeking to enhance their cybersecurity frameworks.Looking Towards the Future of CybersecurityAs cybersecurity landscapes continue to evolve, organizations face the challenge of adapting to new threats and vulnerabilities. DirectDefense's proactive stance on integrating cybersecurity solutions with core IT disciplines signals a strategic approach towards ensuring operational resilience and uptime in critical infrastructure sectors.The Essence of Collaboration and Expert GuidanceDirectDefense's emphasis on collaboration, expert guidance, and responsiveness to evolving threats underscores their commitment to ensuring clients are equipped with the necessary tools and insights to navigate the complex cybersecurity landscape successfully.DirectDefense's conversation with Jim Broome offers a glimpse into the intricate world of threat intelligence, showcasing a blend of experience, expertise, and foresight in safeguarding organizations against cyber threats. By leveraging actionable insights and strategic responses, DirectDefense paves the way for a more secure and resilient digital environment.Learn more about DirectDefense: https://itspm.ag/directdef-gs7Note: This story contains promotional content. Learn more.Guest: Jim Broome, President and CTO, DirectDefense [@Direct_Defense]On LinkedIn | https://www.linkedin.com/in/jim-broome-88a0a02/ResourcesLearn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefenseView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Redefining CyberSecurity
From Data to Defense. Behind the Scenes of the DirectDefense's Threat Report Insights | A Brand Story Conversation From RSA Conference 2024 | A DirectDefense Story with Jim Broome | On Location Coverage with Sean Martin and Marco Ciappelli

Redefining CyberSecurity

Play Episode Listen Later May 8, 2024 21:19


In cybersecurity, understanding the constantly evolving landscape of threats is key to safeguarding digital assets and sensitive information. DirectDefense, a leading security services provider, offers valuable insights into the world of threat intelligence through a candid conversation with Jim Broome, the Director of DirectDefense. In a recent discussion with Sean Martin, they delved into the nuances of IT and OT convergence, network separation, and the critical significance of threat reports.Uncovering Threat Intelligence TrendsThe dialogue between Sean Martin and Jim Broome sheds light on the intricate details of threat intelligence gathered by DirectDefense. Jim Broome's extensive experience in the industry, coupled with DirectDefense's commitment to cybersecurity excellence, unveils compelling narratives of threat actors, attack methodologies, and strategic responses to mitigate risks effectively.From Penetration Testing to Managed Services: DirectDefense's EvolutionJim Broome narrates DirectDefense's journey from its inception, focusing on core services like penetration testing and managed services. The shift towards leveraging threat reports to provide actionable insights to clients showcases DirectDefense's proactive approach in addressing emerging cyber threats effectively.The Impact of Threat Actor Behavior on Security PostureThrough real-world examples like the Scattered Spider threat group's activities, Jim Broome highlights the direct impact of threat actor behavior on organizations. By dissecting attack vectors and lessons learned from engagements with threat actors, DirectDefense empowers clients with the knowledge to strengthen their security postures.Collaboration and Customized SolutionsJim Broome emphasizes the value of collaboration and customization in cybersecurity services. By tailoring alerts, response strategies, and monitoring solutions to suit each client's unique environment, DirectDefense fosters a culture of resilience and preparedness against potential cyber threats.Empowering Organizations with Actionable InsightsThe blog post underscores the importance of utilizing threat reports to gain actionable insights and establish robust security protocols. DirectDefense's approach to presenting information in a tangible and practical manner resonates with organizations seeking to enhance their cybersecurity frameworks.Looking Towards the Future of CybersecurityAs cybersecurity landscapes continue to evolve, organizations face the challenge of adapting to new threats and vulnerabilities. DirectDefense's proactive stance on integrating cybersecurity solutions with core IT disciplines signals a strategic approach towards ensuring operational resilience and uptime in critical infrastructure sectors.The Essence of Collaboration and Expert GuidanceDirectDefense's emphasis on collaboration, expert guidance, and responsiveness to evolving threats underscores their commitment to ensuring clients are equipped with the necessary tools and insights to navigate the complex cybersecurity landscape successfully.DirectDefense's conversation with Jim Broome offers a glimpse into the intricate world of threat intelligence, showcasing a blend of experience, expertise, and foresight in safeguarding organizations against cyber threats. By leveraging actionable insights and strategic responses, DirectDefense paves the way for a more secure and resilient digital environment.Learn more about DirectDefense: https://itspm.ag/directdef-gs7Note: This story contains promotional content. Learn more.Guest: Jim Broome, President and CTO, DirectDefense [@Direct_Defense]On LinkedIn | https://www.linkedin.com/in/jim-broome-88a0a02/ResourcesLearn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefenseView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

ITSPmagazine | Technology. Cybersecurity. Society
Global Collaboration for Financial Security: The Role of FS-ISAC in Safeguarding Financial Stability | A Conversation with Cameron Dicker | Redefining CyberSecurity with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 17, 2024 35:46


Guest: Cameron Dicker, Director of Global Business Resilience at FS-ISAC [@FSISAC]On LinkedIn | https://www.linkedin.com/in/cameron-dicker-74804959/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Cameron Dicker, the Director of Global Business Resilience at FS-ISAC (Financial Services Information Sharing and Analysis Center). The discussion delves into the critical role of FS-ISAC in enhancing business resilience within the financial services sector.Cameron Dicker provides insights into the extensive global program he oversees at FS-ISAC, focusing on conducting exercises for members and fostering a community of practitioners in risk, resilience, crisis management, and business continuity. The organization serves as a platform for members to share experiences, assess risks, and collaborate on addressing operational challenges collectively.The conversation expands to highlight the unique positioning of FS-ISAC as a global node network, comprising over 5,000 member organizations across 75 countries. The organization's pillars of intelligence, resilience, and security work in unison to collect, analyze, and disseminate valuable information to bolster members' resilience and security measures.Furthermore, Sean and Cameron discuss the increasing challenges posed by third-party services in the financial sector, emphasizing the need for standardized reporting practices among multinational banks. The episode underscores the importance of continuous learning and adaptation in response to evolving cybersecurity threats.The episode includes a call to action for increased engagement within the FS-ISAC community, encouraging members to actively participate in discussions and initiatives aimed at strengthening the sector's resilience to cybersecurity challenges. Through a blend of real-world insights and strategic foresight, the episode offers a comprehensive overview of the vital role played by FS-ISAC in safeguarding the financial services industry against emerging cyber threats.Top Questions AddressedWhat are the challenges posed by third-party services in the financial sector?How does FS-ISAC foster global collaboration among members?What role does intelligence sharing play in bolstering business resilience within the financial services sector?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Redefining CyberSecurity
Global Collaboration for Financial Security: The Role of FS-ISAC in Safeguarding Financial Stability | A Conversation with Cameron Dicker | Redefining CyberSecurity with Sean Martin

Redefining CyberSecurity

Play Episode Listen Later Apr 17, 2024 35:46


Guest: Cameron Dicker, Director of Global Business Resilience at FS-ISAC [@FSISAC]On LinkedIn | https://www.linkedin.com/in/cameron-dicker-74804959/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in a conversation with Cameron Dicker, the Director of Global Business Resilience at FS-ISAC (Financial Services Information Sharing and Analysis Center). The discussion delves into the critical role of FS-ISAC in enhancing business resilience within the financial services sector.Cameron Dicker provides insights into the extensive global program he oversees at FS-ISAC, focusing on conducting exercises for members and fostering a community of practitioners in risk, resilience, crisis management, and business continuity. The organization serves as a platform for members to share experiences, assess risks, and collaborate on addressing operational challenges collectively.The conversation expands to highlight the unique positioning of FS-ISAC as a global node network, comprising over 5,000 member organizations across 75 countries. The organization's pillars of intelligence, resilience, and security work in unison to collect, analyze, and disseminate valuable information to bolster members' resilience and security measures.Furthermore, Sean and Cameron discuss the increasing challenges posed by third-party services in the financial sector, emphasizing the need for standardized reporting practices among multinational banks. The episode underscores the importance of continuous learning and adaptation in response to evolving cybersecurity threats.The episode includes a call to action for increased engagement within the FS-ISAC community, encouraging members to actively participate in discussions and initiatives aimed at strengthening the sector's resilience to cybersecurity challenges. Through a blend of real-world insights and strategic foresight, the episode offers a comprehensive overview of the vital role played by FS-ISAC in safeguarding the financial services industry against emerging cyber threats.Top Questions AddressedWhat are the challenges posed by third-party services in the financial sector?How does FS-ISAC foster global collaboration among members?What role does intelligence sharing play in bolstering business resilience within the financial services sector?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Futurum Tech Podcast
Fortifying Mainframe Operational Resilience through a CI/CD Pipeline Approach - Infrastructure Matters

Futurum Tech Podcast

Play Episode Listen Later Mar 27, 2024 13:03


On this episode of Infrastructure Matters, host Steven Dickens is joined by Anthony Anter, Technology Solutions Director and Tim Ceradsky, Director of Software Consulting for BMC Software. The discussion focuses on the strategic importance of weaving operational resilience into the fabric of the mainframe development lifecycle through the CI/CD pipeline. Their discussion covers: Key steps in the CI/CD pipeline to enhance mainframe system resilience Tailoring automated testing suites for mainframe environments within the CI/CD pipeline Optimized deployment strategies for mainframe operations resilienceImplementing rigorous monitoring protocols to bolster mainframe operational resilience The crucial role of collaboration between development and operations teams in integrating resilience measures  

Futurum Tech Podcast
Leveraging the Hybrid Cloud for Operational Resilience of Mainframe Data - Infrastructure Matters

Futurum Tech Podcast

Play Episode Listen Later Mar 25, 2024 9:16


On this episode of Infrastructure Matters, host Steven Dickens is joined by BMC's Chad Reiber, Solution Engineer, and Tim Ceradsky, Director of Software Consulting, for a conversation on how modern enterprises can ensure operational resilience in the hybrid cloud environment, especially when dealing with mainframe data. Our discussion covers: The concept of operational resilience in the context of mainframe data within a hybrid cloud environment. The importance of immutable copies of mainframe data for ensuring operational resilience, and how they differ from traditional backup methods. The key benefits of strategically placing immutable copies of mainframe data across the hybrid cloud infrastructure to mitigate risks. Common challenges organizations face when implementing and managing immutable copies of mainframe data in the hybrid cloud. Strategies for leveraging immutable copies of mainframe data to enhance data availability and expedite recovery processes in hybrid cloud environments. Learn more at BMC.

Risk Management Show
Transforming Your Company with Operational Resilience with Rachel Riley

Risk Management Show

Play Episode Listen Later Feb 27, 2024 36:37


Our guest, Rachel Riley, co-founder and head of GRC ESG at Ansarada, shares her profound insights on the significance of operational resilience in today's fast-paced and unpredictable business landscape. With a rich background in risk management, compliance, and sustainability, Rachel's journey from a promising career in accounting to pioneering in GRC and operational resilience offers invaluable lessons for professionals across sectors. We discussed the challenges companies face in implementing a formal resilience framework, the impact of regulatory landscapes on resilience efforts, and the innovative strategies businesses can adopt to navigate emerging operational risks, including cybersecurity threats and climate change implications. Rachel also sheds light on common misconceptions about operational resilience and provides practical advice for organizations looking to bolster their defensive capabilities against disruptions. If you're a Chief Risk Officer, involved in cyber security, or interested in sustainability and risk management strategies that can transform your company, this episode is packed with actionable insights. If you want to be our guest or suggest someone with unique insights into risk management, cyber security, or sustainability, send your email to info@globalriskconsult.com with the subject line "Podcast Guest Suggestion." Join us in expanding the conversation on the Global Risk Community platform, where experts share and shape the future of risk management.   

CISO Tradecraft
#163 - Operational Resilience

CISO Tradecraft

Play Episode Listen Later Jan 8, 2024 23:09


Join G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen as a cost center by most organizations, but stresses how it can become a protector of business profits. Concepts like Operational Resilience Framework (ORF) Version 2 by the Global Resilience Federation are discussed in depth. Hardy also outlines seven steps from ORF to operational resilience including implementing industry-recognized frameworks, understanding the organization's role in the ecosystem, defining viable service levels, and more.    Link to the ORF - https://www.grf.org/orf Transcripts - https://docs.google.com/document/d/1ckYj-UKDa-wlOVbalWvXOdEO4OYgjO0i Chapters 00:12 Introduction 01:47 Introduction to Operational Resilience Framework 02:38 Understanding Resilience and Antifragility 03:32 Common Cybersecurity Attacks and How to Anticipate Them 06:22 Building Resilience in Cybersecurity 09:43 Operational Resilience Framework: Steps and Principles 17:50 Preserving Datasets and Implementing Recovery Processes 20:18 Evaluating and Testing Your Disaster Recovery Plan 21:11 Recap of Operational Resilience Framework Steps 22:04 CISO Tradecraft Services and Closing Remarks

Unsolicited Response Podcast
CISA Attack Surface Scanning Service

Unsolicited Response Podcast

Play Episode Listen Later Dec 6, 2023 30:01


Dale is joined by Steve Pozza, CISA Section Chief of Operational Resilience, and Tom Millar, CISA Branch Chief of Resilience, to discuss some of CISA's security services for asset owners. They discuss: The Internet accessible attack surface enumeration and vulnerability scanning surface. Asset owners can buy products or services to do this. Why is the government doing this? What CISA is doing with this attack surface data? How is CISA measuring the success of this service offering? Other broadly available services and tools, the cybersecurity performance goals (CPG assessment) ~500 done in 2023 (and their thinking about self-assessments), Malcom traffic analysis tool, and a couple of other tools. Links CISA Vulnerability Scanning Services Malcolm Tool

5 Minutes to Chaos
Episode 31 - Crisis Manager, Blogger, and Podcast Host Ashley Goosman Brings us Her Unique 9/11 and Hurricane Katrina Experience in Massachusetts Based Emergency Mass Care and Human Services

5 Minutes to Chaos

Play Episode Listen Later Nov 16, 2023 59:47


Introduction Ashley Goosman is an experienced professional with twenty years of experience in the public and private sectors. She founded the Disaster Empire blog in 2019 to educate and engage fellow practitioners and added the podcast in 2022 to showcase thought leaders and innovators in the industry. In 2021, she co-founded Resilience Think Tank, an independent guidance and research provider for risk and resilience. She has managed numerous high-profile crisis incidents, including pandemics, natural disasters, white powder, network & power outages, and terrorist incidents. Ashley began her career as a member of the American Red Cross' September 11 Recovery Program in NYC and served as the Director of Emergency Services for the MA Dept. of Mental Health. She was an adjunct Sr. Instructure-Disaster & Terrorism for healthcare administrators and specialized in Crisis Management, BC, and Operational Resilience for a Fortune 100 company. Contact Information https://www.linkedin.com/in/ashley-goosman/

What's the Problem?
WtP: Tristan Fletcher, CEO and founder of ChAi Predict, joins the show to share insights on supply chain risks and operational resilience.

What's the Problem?

Play Episode Listen Later Oct 24, 2023 25:11


Here, Amrit chats with the CEO and founder of ChAi Predict, Tristan Fletcher. ChAi helps companies use AI and insurance to manage better supply chain risk. Amrit discusses the importance of supply chain resilience, going after the tail of customers, and the reality of AI. Keep up to date with ChAi predict here: https://chaipredict.com/ LinkedIn: https://www.linkedin.com/company/chaipredict/ Twitter: @chaipredict