Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Risk ForumBusting the Top Myths that Expose your Bank to Risk
W E L C O M E
Welcome
• Introductions– Tammy Bangs JHA
– Scott Whisman JHA
– Tom Williams JHA Centurion
– Allen Eaves JHA Gladiator
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
2
Welcome
• Table Arrangement– Peer Discussion and Handouts
• Agenda review– Areas of Focus
• Housekeeping Items– Restrooms, Refreshments and Breaks
• Follow up Items– Slide Deck Provided
– Follow Up Survey
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
3
An Overview
• What today is not:
– A product demonstration
– A lecture
– A test or contest
• What today is:
– A conference that will challenge your bank’s idea
of risk mitigation and preparedness, and help you
identify and strategize ways to improve risk
avoidance at your FI.
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
4
Special Guest Speaker
• Scott Whisman
General Manager – Corporate Services
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
5
Peer Discussion
• Introduce yourself
– Name
– Title
– Bank Name and Location
– Asset Size, Core Processor, In house or Out Sourced
– In your opinion, what is your top Risk Concern for your FI?
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
6
Myth Busting
1. Internal Fraud: Not at our Bank
2. On Premises: Safe and Sound
3. Social Engineering: We’re not susceptible
4. Cyber Threats: We’re covered
5. Customers are Patient: Our BRP is Sufficient
6. BCP Passed Exam: It’s all good
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
7
Myths 1 & 2
Tammy Bangs – Jack Henry Banking
My bank doesn’t have any
Myth 1: Internal Fraud
9
MYTH #1
Assumptions associated with Myth #1:
• Statistically untrue
• Malicious or unintentional exposure of data risks
• Is it a gamble you are willing to take
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
10
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
11
Insider Fraud Statistics
Insider vs External Fraud in Banks
Internal Fraud
External Fraud 60%
40%
www.celent.com/internal-fraud
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
12
Insider Fraud Statistics
• Insider fraud accounts for approximately 60% of bank fraud cases where a data breach or theft of funds has occurred.
www.celent.com/reports/internal-fraud-big-brother-needs-new-glasses
• Insider fraud has accounted for over one-half of all bank fraud and embezzlement cases closed by the FBI during the past several years.
FDIC Bank Fraud and Insider abuse
• "Insider fraud is still not getting the attention it needs. Banking institutions are aware of the risks, but less than half are well prepared to detect it.”
Tom Wills, Javelin Strategy
• One-in-five internally perpetrated frauds involve senior management.
www.pwc.com Global Economic Crime Survey
Bank Insider/Employee Fraud
• Low and Slow Approach
• Data Modification
• Low Tech – Relying on Knowledge and Access
• Management vs. Non-Management– Management – average length of 33 months and over
$200,000 in average total fraud
– Non-Management – average length of 18 months and $100,000 in average total fraud
Randy Trzeciak
CERT Insider Threat Research Team
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
14
Insider Linked Data Breaches
• According to Jason Clark, a researcher at the CERT Insider Threat Center at the Carnegie Mellon University Software Engineering Institute, Insider linked data breaches, while increasingly common are grossly under-reported, due to the lack of evidence to prosecute or the fact that the damage level is insufficient to warrant prosecution.
• 53% of survey participants indicated they had experienced an insider data breach incident;
• 75% of cases do not involve law enforcementwww.bankinfosecurity.com/interview/how-to-fight-insider-fraud
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
15
Reputational Risk: Is it worth the gamble?
If I can touch it – I feel more
secure
Myth 2: On Premises = Safe/Secure
16
MYTH #2
Assumptions associated with Myth #2:
• Creates the illusion of safety
• Statistically unfounded
• Regulatory pressure
• How much risk does this pose for your bank?
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
17
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
18
www.glassdoor.com
Jack Henry & Associates Reviews
3.7 Rating Trends
75% Recommend to a friend
94% Approve of CEO Jack Prim161 RatingsFeatured Review Helpful (2)
“Good company with a great culture ”Current Employee Anonymous
Employee in Birmingham, AL
I have been working at Jack Henry & Associates fulltime
(More than a year)
Pros
I have been with JHA over a year, and I can honestly say this is a very good
company. One's personal experience may vary depending on the department in
which you work and the person who is supervising said department... But that is
the struggle of any large company. From a corporate viewpoint, I feel like I am
valued and respected. I don't feel like upper management is out for their own….
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
19
Jack Henry & Associates Awards & Accolades
• 2015• 100 Best Places to Work in IT - Large , Computerworld
Magazine, 2015• Top Workplaces , The Tennessean, 2015
• 2014• 100 Best Places to Work in IT , Computerworld, 2014• Best Companies to Work for in Alabama (Large
Companies) , Business Alabama Magazine, 2014• Best Places to Work in Kentucky (Large) , Best Places to
Work in Kentucky, 2014• Best Places to Work in San Diego (Symitar-Mega Employer
Category) , San Diego Business Journal,2014• Top Workplaces (Information Technology) , Houston
Chronicle, 2014
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
20
Creates the Illusion of Safety
• Public vs. Private Cloud• Recovery Concerns
• Replication vs Tape Backup
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
21
Regulatory Pressure
• Are you prepared for the regulatory scrutiny?• Vendor due diligence
Myths 3 & 4
Allen Eaves – Gladiator
My employees know better
Myth 3: Social Engineering
23
“In my mind social engineering is the
biggest issue today.”
- Sparky Blaze, former member of Anonymous
Information Gathering
High-tech
Low-tech
No-tech
No-tech Information Gathering
Dumpster diving
Shoulder surfing
The trust of a badge and uniform
Attack Vectors
Phone Elicitation
Physical
Phishing
Removable Drives
Low and High-Tech Information Gathering
Company Details --- Employee Interests – Latest News
Internet browsing -- WIFI listening to find personal
information
How to Reduce Risk
Social engineering assessment
Education
Policies
Defense in depth approach
My firewall has my back
Myth 4: We are Protected Against
Cyber Threats
33
January 7th 2015
Dark Comet defeats Common Security
443 TCP Outbound
How the Infection Takes Place
Malicious Site
67
Questions?
Myths 3 & 4
Myths Associated with
Disasters
Tom Williams – Centurion Disaster Recovery
We’re prepared since we passed
our BCP Exam
Myth 5: BCP Passed – It’s All Good
69
We passed our Business Continuity Plan Exam so we’re prepared
Assumptions associated with Myth # 5
• The examiner was thorough in reviewing the plan.
• The examiner was knowledgeable on the FFIEC Guidelines on
BCP.
• The exam was based on the review of the enterprise wide plan and
not just the I/T plan.
• The examiner assumed that plan was tested at multiple levels, i.e.
Technical, executive, business units, with multiple scenarios.
• The Board signed off on the plan with knowledge of the plan’s true
ability to recover.
We’ll back be up and running in time
Myth 6: In the Event of Disaster, Our
Customers will be Patient
71
When a disaster strikes, we will be able to meet customer needs
Assumptions associated with Myth # 6
• Our customers are loyal so they will be understanding and patient
until we recover, no matter how long it takes.
• Our I/T team has a plan to get the systems and applications up and
that is all the bank needs to recover operations.
• We have a veteran staff and we can handle whatever comes up on
the fly.
• All of our critical personnel will be available to assist in the
recovery efforts.
• Our core processing is outsourced so we will not be impacted.
FFIEC Guidelines for Business Continuity Planning
Business Impact
Analysis (BIA)
Risk Assessment
Risk Management
Risk Monitoring
• Business Functions• Disaster Impacts• Prioritization• Recovery Windows• Recovery Strategies• Resources
• Threats– Natural– Human– Technical
• Enterprise-wide BCP• Emergency Plans• Crisis Management
Plans• IT & Business Unit
Plans• Family Disaster Plan
• Plan Updates• Disaster Recovery
Testing• Tabletop Exercises• Mock Drills
Business Impact Analysis (BIA) Process
1
Identify Function
2
Identify Impact
3 Identify
Recovery Time4
Identify Recovery Strategy
5
Identify Resources
6 Contingency Procedures
7 Alternate Recovery Location
Note: Perform for each function
Business Impact Analysis Impact Categories
Lost Income / Financial
Regulatory / Legal
Other Business
Units
Public / Customer
Image
• Lost Revenue
• Fines and Penalties
• Funds for Investing
• Cost of Recovery
Efforts
Work Flow - Quality
Life & Safety – Vendor
Relations
• Reputation
• Customer Service
• Employee Morale
• Employee Stress
Fines
Law Suits
Compliance
Categorizing Business Functions – FFIEC Examination Handbook
Source: FFIEC IT Examination Handbook, Business Continuity Planning, March 2008,
Appendix F, p. F-3
System / Application Recovery – Recovery Time Objective (RTO) & Recovery Point Objective (RPO)
TIME
Last Backup of usable data
RTORecovery Time Objective
Time to recover systems fromthe time the systems went down
RPORecovery Point
Objective
How far back do we have to go for a
copy of good data
SystemRestored
DisasterStrikes
Disaster
Data Loss System Loss
Process Flow for the Cash Check FunctionBusiness Impact Analysis
Process 1
Receive Check from customer
Process 2
Verify ID
Process 3 Pull up account on core system
Process 4 - Six point check verification
Process 5
Verify funds and check holds
Process 6
Process transaction on
system
Process 7Distribute funds
Process 8 – Print cash out ticket
Process 9 - Bundle check & cash out ticket for Proof
Business Impact Analysis Rating Scale – Bank A
• Within 24 Hours1
• With 48 Hours2
• Within 1 Week3
• Within 2 Weeks4
• Greater than 2 Weeks5
Recovery Time Objective (RTO)
• No Data Loss AcceptableA
• 12 HoursB
• 24 HoursC
• 48 HoursD
• 1 Week or MoreE
Recovery Point Objective (RPO)
Business Impact Analysis Process
1
Identify Function
2
Identify Impact
3 Identify RTO & RPO4
Identify Recovery Strategy
5
Identify Resources
6 Contingency Procedures
7 Alternate Recovery Location
Business Impact Analysis – Cash Checks Function – Bank A
1
Identify Function
2
Identify Impact
3 Identify RTO & RPO4
Identify Recovery Strategy
5
Identify Resources
6 Contingency Procedures
7 Alternate Recovery Location
Function - Cash Checks
BIA Impact RatingsFinancial 3 – 1 WeekPublic Image 1 – 24 HoursRegulatory 2 – 48 HoursOther BU 4 – 2 Weeks
RTO – 1 (24 Hours)RPO – C (24 Hours)
Hot Site RecoveryUsing TapeVitalization – Self Provision
Core SystemDomain ControllerTerminal - PrinterNetworkEmployeeFED PC
Perform Manually with Restrictions
DR Mobile UnitAlternate Branch
System / Application Recovery Timeline Bank A (Tape Recovery)
TIME
Last EOD Backup of
usable dataFriday 8:00 pm
DisasterStrikes
Monday 3:47 pm
Disaster
Data - How far Back
67.47 Hours of Data Loss
RPO RTO
7Hours
Data Re-entry
Catch up
System Restore
6Hours
Time to Recover
31 Hours
13Hours
Travel toRecovery
Center
5Hours
Business Impact Analysis Rating Scale - Bank B
• Within 4 Hours1
• With 8 – 12 Hours2
• Within 12 – 24 Hours3
• Within 24 – 48 Hours4
• Greater than 48 Hours5
• No Data Loss AcceptableA
• 4 HoursB
• 12 HoursC
• 24 HoursD
• Greater than 24 HoursE
Recovery Time Objective (RTO) Recovery Point Objective (RPO)
Business Impact Analysis – ACH (Incoming) Function –Bank B
1
Identify Function
2
Identify Impact
3 Identify RTO & RPO4
Identify Recovery Strategy
5
Identify Resources
6 Contingency Procedures
7 Alternate Recovery Location
Function – ACH (Incoming)
BIA Impact RatingsFinancial 1 - 4 HoursPublic Image 1 – 4 HoursRegulatory 1 – 4 HoursOther Business Units 1 – 4 Hours
RTO – 1 (4 Hours)RPO – A (No Acceptable Data Loss)
Hosted High AvailabilityVirtual Storage Recovery
Core SystemWorkstationPrinter
DR Mobile UnitAlternate Branches
Core System
Business Function Technology Requirements
Department or Business
UnitBusiness Function/Activity
Corporate
Impact
System
Required
Application
Required
Manual
Process
Recovery
Time
Objective
(RTO)
Recovery Point
Objective
(RPO)
Branch Operations Cash checks High iSeries Silverlake Yes 8 Hours 3
Telephone Express Center Do loan payments High iSeries Silverlake Yes 8-24 Hours 4
Telephone Express Center Do wire transfers High iSeries Silverlake No 8 Hours 3
Member Services Statuing of accounts Hibh iSeries Silverlake No 0-8 Hours 1
Information Technology
Administer and administer
backups High Client/Server ProcessPro Yes 4-8 Hours 2
Depost Services
Set up close day, close month
process High Client/Server ProcessPro Yes 3+ Days 4
Electronic Banking Prepare VRU report High Client/Server ProcessPro Yes 3+ Days 4
Electronic Banking Hot card entry Low Client/Server InTouch Yes 3+ Days 4
Electronic Banking Set up new Internet accounts Medium Client/Server PinPoint No 3+ Days 4
Item Processing Set up new Internet accounts Medium Workstation NetTeller No 8-24 Hours 2
Branch Cash checks High Workstation CIF 20/20 Yes 8-24 Hours 2
Electronic Banking Hot card entry High Workstation Internet No 8-24 Hours 2
Mortgage Origination Pull credit report High Workstation ProcessPro Yes 3+ Days 4
Trust Operations Buy/Sell securities High Workstation Trust Rite Yes 3+ Days 4
Commercial Lending Send decline letters Low Workstation Word Yes 3+ Days 4
Deposit Services Local rate survey Low Workstation Excel Yes 3+ Days 4
Depost Services Process overdraft items Medium Workstation CIF 20/20 Yes 8-24 Hours 2
Electronic Banking Set up new Internet accounts Medium Workstation NetTeller No 8-24 Hours 2
Technology Recovery Strategy EvolutionBusiness Impact Analysis
• Self Provisioned
• DRaaS
Hosted High Availability
• Self Provisioned
• Vendor ManagedElectronic Vaulting
• On-site
• Off-siteVirtualization
• Tape
• USB
• CD - Hard Drive
Media Device Backup
Technology Recovery StrategiesC
riti
ca
lity
Le
ve
l
72 HRSMin HRS
RECOVERY TIME OBJECTIVE
8 HRS4 HRS
Tape
Recovery
San
Replication
Full
HA
Business Impact Analysis
Virtualization
48 HRS24 HRS
Critical
Urgent
Important
Normal
System / Application Recovery TimelineBank B - High Availability
TIME
Last Data Snapshot3:32 pm
DisasterStrikes
Monday 3:47pm
Disaster
RPO15
Minutes
7Hours
Data Re-entry
Catch up
System Restore
6Hours
Time to Recover
30 Minutes
RTO
13Hours
Travel toRecover Center
5Hours
Disaster Avoidance Concept – Bank B
TIME
Recovery of Business still
Required
Disaster Avoidance Decision
Disaster Avoidance
Period
Recovery of TechnologyAvoided
(RTO)
PotentialDisaster
Event
Disaster
Switch to Secondary
System
We’ll back be up and running in time
Myth 6: In the Event of Disaster, Our
Customers will be Patient
90
For our discussion today: The bank after the Disaster
Customer Expectations – As Told by Actual Customers
• “I expect the same level of service immediately following a disaster
as I had before the disaster.”
• “I want immediate access to my accounts via mobile, internet and
telephone banking immediately following a disaster.”
• “I expect expedited, or a higher level of service if the disaster
impacted me and my family and I needed emergency monies.”
• “I want the ability to do cash withdrawals immediately following a
disaster with no restrictions on the amount I can withdraw.”
• “If the disaster is serious enough like a Katrina, I want my family
and friends to have the ability to wire monies into my account for
support.”
• “I want to be able to increase my line of credit, or apply for a loan
to help me rebuild if the disaster impacts my family.”
No
Service
Same as
Normal
Service
Customer Expectations of Service after a Disaster
Customer
Expectations
Delayed
Service
RECOVERY TIME LINE
1
Hour24
Hours
48
Hours
12
Hours
36
Hours
Severely
Delayed
Service
Slightly
Delayed
Service
Actual
Recovery
Level
Recovery
Gap
Analysis
Bank’s
Perceived
Recovery
Level
Service Level after Disaster
Recovery Gap Analysis Results
• Recovery strategy for Core / Server environment needs
improvement.
• No prioritization on which functions and applications to
recover.
• Lack of an Enterprise Wide Business Continuity Plan
that has been tested at multiple levels.
• No Alternate Work Locations identified, or if identified
they have not been equipped to support relocated
employees.
• Lack of personnel training.
• Lack of communications with highly dependent vendors.
• Assumption that outsourcing provider will address
components that the bank is responsible for.October 11, 2015
©2015 Jack Henry & Associates. All Rights Reserved.
94
Step 4 - Draft Plans Generated
95
Emergency Management Plan (Per Facility)
Crisis Management Plans
Information Systems Recovery Plan
Business Unit Recovery Plans
Executive Summary
Plan Testing & Exercise Guide
Business Continuity Plan Documentation
Business Continuity Teams
Business Unit Recovery Teams
FinanceTeam Leader
Alt. Team Leader
AdministrationTeam Leader
Alt. Team Leader
Information SystemsTeam Leader
Alt. Team Leader
Loan OperationsTeam Leader
Alt. Team Leader
Deposit OperationsTeam Leader
Alt. Team Leader
Bookkeeping Finance Accounting eBanking
AuditComplianceHRTraining
Marketing InvestmentsMaintenance
Information Systems
Loan AnalystLoan ProcessingCommercial Lending RE Mortgage
Deposit OperationsRetail Banking/Consumer Lending
ManagementTeam Leader
Alt. Team Leader
Crisis Management Team
Communicating with Employees / CustomersEmergency Notification System
97
Plan Execution - Recovery Timeline
Crisis Management Phase
Relocate & Restore Phase
Recover Business
Functions Phase
Rebuild & Return Phase
Risk Managem
ent
Disaster
Crisis Management Phase
Relocate & Restore Phase
Recover Business
Functions Phase
Rebuild & Return Phase
Family Disaster PlanEvacuation & SafetyDamage AssessmentCommunicationsDisaster Declaration
Plan Execution - Recovery TimelineRisk
Management
Disaster
Crisis Management Phase
Relocate & Restore Phase
Recover Business
Functions Phase
Rebuild & Return Phase
Evacuation & SafetyDamage AssessmentCommunicationsDisaster Declaration
NotificationsMobilizationRelocationRestore
Plan Execution - Recovery TimelineRisk
Management
Disaster
Recover Business Functions
• Customer Inquiries via phones• Handle deposits & withdrawals• Accept loan payments• Account transfers• Balance cash drawers• Handle security issues• Handle stop payments• Issue cashier’s checks• Post drop box transactions
15 minutes – 4 Hours
4 – 8 Hours
8 – 24 Hours
24 – 48 Hours
Recover Business Functions
• Order ATM cards/debit card• Calculate Payments using projection screens• Loan status calls• Do cash advance• Fund home equity loans• Fund second trustee loans• Issue onsite ATM cards• Issue temporary checks
15 minutes – 4 Hours
4 – 8 Hours
8 – 24 Hours
24 – 48 Hours
Physical Recovery Considerations
• Branch Offices
• Work from Home
• Vendor Recovery Site
• Internal Recovery Site
• Mobile Recovery Unit
• Office/Remote Workspace
• Temporary Lease Facility
Equipment Recovery Considerations
• Store in advance
• Purchase when needed
• Drop Ship Service– Mainframe
– Servers
– Workstations
– Printers / Fax Machines
– Phones
– Routers / Switches
• Vendor provided at Recovery Site
Recovery Strategy Considerations - Satellite Communications
Mobile to Client Hot Site to Mobile
Out-Sourced Processing Considerations
• Responsible for the restoration of the following:
– Connectivity to the Core Processing Site
• (jConnect Backup Router)
– System Recovery of Core System
– Server / Network Recovery
• Exchange Servers - Domain Controllers
• JHA & 3rd Party Applications
– Telecommunications - Voice Recovery
– Equipment setup & Reconfiguration
– Facilities
• A plan to deal with a disaster that strikes the processing
center
• Can we recover?
– Who will be available to assist in the recovery?
– Will our critical vendors be able to deliver the required
services / products?
– What systems / applications will be recovered?
– How long will it take us to recover systems /
applications?
– Will we have the proper data available to support the
business units?
– Does our recovery strategies meet our customers'
demand?
BCP / DR Question Drill Down Questions
• Managed Recovery solutions will become the industry
standard due to:
– Cost
– High data requirements
– Skills
– Personnel requirements
– Geographic separation
• Electronic vaulting will replace tape backup for Disaster
Recovery
• RPO’s will be measured in minutes
108
Top DR Trends for 2015
• DRaaS
– The replication and hosting of physical or virtual servers by a
third-party to provide failover in the event of a man-made or
natural disaster.
• DRaaS Considerations
– Requires a strong contract indicating service-level agreement
(SLA) requirements and obligations by both parties regarding
failover times and responsibilities.
– Useful for businesses that lack the expertise to provision,
configure, test and execute a similar DR environment if it were
self provisioned in-house.
– The bank does not have to make a large capital investment to
implement and maintain their own off-site DR environment for
replication and failover.
– DRaaS can be flexible to meet the organization’s needs.
109
Top DR Trends for 2015
As a company, we cannot prevent a natural disaster.
We can, however, greatly reduce the impact felt by our
customers and our Associates if a disaster does occur.
We increasingly utilize technology to reduce the level of
human involvement within our data systems management.
We continue to look at new technologies to further reduce
human involvement and increase automation should a
disaster occur.
We realize this is a topic that we always have to focus
upon to deliver the best possible solution to our customers.
110
Disaster Avoidance Concepts – A CEO’s Perspective
• Secure underground facility nestled in the Ozark Mountains in
Branson, MO.
• 175 feet below ground; enclosed under dome and two layers of
granite-like shale
• Impervious to most natural disasters – hurricane/flood/tornado-
proof – rated to withstand up to 1000 mph winds
• Two separate electrical transmission lines from different states
• Multiple levels of telecommunications resiliency
111
Branson Business Recovery Facility
Branson Hot Site
Data Replication
Outlink Processing Center Disaster Avoidance Strategy
DP DR
DP 1
DP 2
DP DA
DP 1
Branson
Core Director
DP 3
DP 2 CIF 20/20 DP 3 SilverLake
113
In-House Processing Considerations
• Responsible for the restoration of the following:
– System Recovery of Core System
– Server / Network Recovery
• Exchange Servers - Domain Controllers
• JHA & 3rd Party Applications
– Telecommunications - Voice Recovery
– Equipment setup & Reconfiguration
– Facilities
Next Steps
1. Ensure you have Executive support for the BCP.
2. Have your BCP reviewed by BCP Experts.
3. Conduct a Mock Disaster Drill using your BCP.
4. Determine if outside expertise is required to improve your
plan, or if the work will be done internally.
5. Ensure that your BCP is structured at the department level.
6. Build / improve your plan and test it regularly
Thank you for your participation!
Questions?
Tom WilliamsBusiness Continuity Strategy Manager
Event Occurs
Declare Disaster
Assess and
Report Damage
Safe Zone
Crisis Mgmt Team Leader
Escalation Process
Begin Salvage
Mobilize Recovery TeamsBegin Media
Relations /
Press Release
Activate Alt
Workspace(s)
Relocate Staff To
Alt Workspace
Begin
Restoration
Of Affected Site
Prepare to
Re-occupy Primary
Site
Activate Command
Center
Conduct Crisis
Mgmt Status Meetings
Setup Alt
Workspace(s)
(Crisis Mgmt Team)
Conduct Bus Unit
Status Meeting
(I/S Team)
Activate Recreation
Procedures - WIP
Activate
Manual
Procedures
Activate Administrative Team
Activate Damage Assessment Team
Activate Management Team
Activate I/S Team
Plan Execution Process
Stabilize
Environment
Switch to
Secondary
System
Switch Back to Primary
System
The Recovery Process – Replication Environment
Myth Busting
1. Internal Fraud: Not at our Bank
2. On Premises: Safe and Sound
3. Social Engineering: We’re not susceptible
4. Cyber Threats: We’re covered
5. Customers are Patient: Our BRP is Sufficient
6. BCP Passed Exam: It’s all good
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
118
Thank you for your time today!
October 11, 2015©2015 Jack Henry & Associates. All Rights Reserved.
119