Business Continuity & Disaster Recovery Planning, 23 - 25 February 2016 Kuala Lumpur, Malaysia

BUSINESS CONTINUITY & DISASTER RECOVERY PLANNINGIT 23 - 25 FEBRUARY 2016 FFRoErEwe1aitYr(h*ley*EatbrhXreiefArCedBfrLfubtiUolsoiaSipontIakeeVgisnmeEsg3CeTsfmoAobnrKebftfeuEionrrArstuehhWiet3irpyA0dI-(YneDwtsaEotiCirltst-u)h2t0e£1755)SERIES GRAND MILLENNIUM KUALA LUMPUR MALAYSIA COURSE OVERVIEW YOUR INTERNATIONAL COURSE FACILITATOR Disasters could cripple your organization, suspending mission-critical processes and disrupting service to your customers. These disasters could be man-made or natural Dr Mark T. Edmead in nature. CISSP, CISA, COBIT, Lean IT, DevOpsB The Business Continuity Plan addresses an organization’s ability to continue functioning when normal operations are disrupted. IT Transformational Consultant A Disaster Recovery Plan is used to define the resources, action, tasks, and data MTE Advisors required to manage the business recovery process in the event of a disaster. In this workshop you learn to identify vulnerabilities and implement appropriate Mark T. Edmead is a successful technology entrepreneur countermeasures to prevent and mitigate threats to your mission-critical processes. with over 28 years of practical experience in computer systems architecture, information security, and project You will learn techniques for creating a business continuity plan (BCP) and the management. methodology for building an infrastructure that supports its effective implementation. Mark excels in managing the tight-deadlines and ever changing tasks related to mission-critical project BENEFITS OF ATTENDING schedules. He has extensive knowledge in IT security, IT and application audits, Internal Audit, IT governance, Using a carefully selected case study, course participants will: including Sarbanes-Oxley, FDIC/FFIEC, and GLBA compliance auditing. • Create, document and test continuity arrangements for an organization • Perform a risk assessment and Business Impact Assessment (BIA) to identify Dr. Edmead understands all aspects of information security and protection including access controls, vulnerabilities cryptography, security management practices, network and Internet security, computer security law and • Select and deploy an alternate site for continuity of mission-critical activities investigations, and physical security. • Identify appropriate strategies to recover the infrastructure and processes • Organize and manage recovery teams He has trained Fortune 500 and Fortune 1000 companies • Test and maintain an effective recovery plan in a rapidly changing technology in the areas of information, system, and Internet security. He has worked with many international firms, and has the environment unique ability to explain very technical concepts in simple-to-understand terms. Mr. Edmead is a sought after Sample Case Studies: author and lecturer for information security and information technology topics.• A major Middle Eastern bank has been experiencing tremendous growth and management feels that Mark works as an information security and regulatory their current BCP and DRP plans outdated. In this case study the delegates with perform a business compliance consultant. He has: impact analysis, based on interviews with key company stakeholders and subject matter experts, and outline which business areas are the most critical and in need of improved continuity and recovery • Conducted internal IT audits in the areas of critical plans. infrastructure/ systems and applications,• A manufacturing company is considering implementing a disaster recovery plan but does not know • Assessed and tested internal controls of critical which disaster recovery approach they should implement. In this case study the delegates with study the business enterprise, perform a risk analysis, and determine if a hot site, cold site, warm site, or infrastructure platform systems (Windows, UNIX, IIS, SQL, another disaster recovery method is the best approach. Oracle)EXCLUSIVE: TEMPLATES & TAKEAWAYS • Assessed and tested internal controls of various critical 1. Bring your Business Continuity Plan/Disaster Recovery Plan (BCP/DRP) for financial applications. private consultation review • Prepared risk assessments and determined risks to 2. BCP/DRP Step-by-step Guide 3. BCP/DRP templates and worksheets to aid you in applying and putting into critical financial data systems and infrastructure components. practice what you have learned from this workshop 4. FREE copy of the course material, case studies, and other related items of the • Created test plans & processes and executed test plans. training workshop • Conducted reviews of existing systems and applications, ensuring appropriate security, management and data integrity via control processes. • Prepared written reports to all levels of management • Participated in audit review panel sessions to address results, conclusions and follow-up actions required.Tel: +6016 3326360 Fax: +603 9205 7788 [email protected] 1

COURSECONTENTDAY1 BCP/DRP - CONCEPTS & PRINCIPLES WHY THIS EVENT Introduction to Business Continuity and Disaster Recovery Planning The aim of this interactive workshop is to provide - The difference between business continuity and disaster recovery you with the skills critical to business continuity, - Why a recovery plan is an integral part of an organization’s operational disaster recovery & risk management. strategy Understanding where the threats come from After attending this workshop, you will leave - Understanding codes of practice and legal/regulatory compliance fully armed with the knowledge needed to requirements create a business continuity plan (BCP) and the - The step-by-step process for BCP/DRP methodology for building an infrastructure that supports its effective implementation. Protecting our assets - What are we protecting? The combination of interactive presentations, - What are our mission-critical processes? hands-on exercises and open discussion groups - How to prioritize what is important to protect along with real case studies, ensures you will obtain maximum value from attending. What is risk and how do we deal with it? - Understanding risk assessment methodologies - Matching the response to the threat based on the risk - Enterprise vs. local risk management - Top business continuity planning mistakes The need for business continuation – a case study - Introduction of fictitious business case - Understand business continuity/disaster recovery needs - Documenting the continuity requirementsDAY2 RISK ASSESSMENT & RECOVERY WHO SHOULD ATTEND The Business Impact Assessment (BIA) Vice Presidents, Directors, General Managers - What is a Business Impact Assessment? Chief Information Officers - Assessing the risk to the enterprise Chief Information Security Officers - How to identify business critical activities Chief Technology Officers - Impact versus likelihood of occurrence Business Continuity Officers Heads of Departments in Information Security Establishing the Recovery Options Management Information Systems, IT - Choosing a recovery site Infrastructure, IT Architecture, Network - Specifying equipment Operations, IT Operations, IT Data Center, - Choosing suppliers DataBase Management, IT Deployment - How to select backup and restore strategies IT Business Enterprise, IT Risk Management, IT Quality Assurance, IT Audit, Risk Management, Where is the data? Internal Audit, Disaster Recovery - Why you need to classify levels of information - Managing data at rest and in transit - Understanding data access controls - The value of knowing where your data resides Maintaining user connectivity - How to communicate the disaster and recovery efforts to users - How to identify and eliminate single points of failure - Communicating with the media 2

COURSE Latest TESTIMONIALS CONTENT 1 “Session well organized. The trainer is veryDAY3 PROJECT MANAGEMENT & REVIEW conversant with the subject matter. Well delivered and would definitely recommend to anyone else.” BCP/DRP Project Management - Identifying stakeholders - Habil Mutende, Manager Information Security & Change - Analyzing stakeholder needs Management, Central Bank of Kenya - Obtaining commitment from upper management 2 “Excellent presentation, excellent attitude to Review of the BCP/DRP Process answer our questions & to share his experience.” - Project initiation - Risk analysis - Senior Manager, IT Department, Deloitte - Business Impact analysis - Develop/choose strategies 3 “I have used Mark in key roles with high visibility - Test and validate the plan clients. Without hesitation I would highly - Modify/update the plan recommend Mark for any and all IT audit - Approve and implement the plan engagements. His professionalism, deep knowledge, and results oriented work style are Analysis of fictitious business case deeply valued by not only myself, but more importantly by the all those who are lucky enough Applying lessons learned to use his services.” - Russ Aebig, Director at Artesient 4 “We have used Mark Edmead on several projects in the past few years including SOX readiness for publicly traded companies and IT vulnerability assessments for major financial institutions. He always delivers professional and detail-oriented workpapers on-time and within budget. Mark is highly recommended and we will continue to use him on other projects.” - Brenda Piazza, Director at CBIZ MHM**Affiliate membership to Business Continuity Institute COURSE SCHEDULE Affiliate members to Business Continuity Institute get access to the following membership 8.00 Registration & Coffee/Tea benefits: 8.30 Workshop commences 10.10 - 10.30 Morning coffee/tea - Continuity magazine – 4 per year (digital version) 12.00 - 13.00 Lunch - Monthly BCI ENewsletter 14.40 - 15.00 Afternoon coffee/tea - Access to ‘member only’ section of BCI website 16.00 End of day - Access to copies of BCI Workshop Reports - Member rates on BCI products and services - Networking opportunities at BCI organised events - Access to BCI mentoring programme - Access to discounted events 3

BUSINESS REGISTRATION FORMCONTINUITY &DISASTER Fax: +603 9205 7788RECOVERY Tel: +603 9205 7772PLANNING23 - 25 FEBRUARY 2016 Mobile: +6016 3326 360GRAND MILLENNIUM Email: [email protected] LUMPURMALAYSIADELEGATES IN-HOUSE TRAINING1 Name : 360 BSI is passionate about providing strategic IT programs Name on tag: and high potential training solutions across the region to build Job Title : personal competencies and organizational capability. Email : Mobile : You will receive practical training from a professionally qualified educator with over twenty years of teaching and2 Name : training experience. Name on tag: Job Title : Please feel free to mix-and-match topics from the areas listed Email : below to get the right training content for your staff. Other Mobile : topics may be available upon request.3 Name : OTHER RELATED PUBLIC COURSES Name on tag: Job Title : Service Oriented Architecture (SOA) Email : Information Security Management Principles Mobile : IT Risk Management & Leadership Document Management & Data RetentionAUTHORIZATION Fraud Control & the COSO 2013 Framework IT Governance(This form is invalid without a signature) Project Management for IT ProfessionalsName : Hotel Contact Details:Job Title : For Room Reservation, please contact Reservation Desk. Tel: +60 3 2117 4899 Fax: +60 3 2142 1441Email : Grand Millennium Kuala LumpurTel : ( ) 160, Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia.Organization : General Information:Address : 1 Registrations close ONE (1) week before the training dates. 2 The fees cover lunch, tea breaks, materials and certificate.Signature : Date: / / 3 Official confirmation will be sent, once registration has been received. 4 Participants will need to arrange their own accommodation. 5 Attire: Smart Casual Cancellations/Substitutions Substitutions are welcome at any time. Please notify us at least 2 working days prior to the event. All cancellations will carry a 10% cancellation fee, once a registration form is received. All cancellations must be in writing by fax or email at least 2 weeks before the event date. Cancellations with less than 2 weeks prior to the event date carry a 100% liability. However, course materials will still be couriered to you. Thank you for your registration!FEES PAYMENT DETAILS USD 2,995 per delegate Payment is required within 5 days upon receipt of the invoice. 15% discount - Special for Group of 3 Bank transfer: The fee does not include any taxes (withholding or otherwise). In case of any taxes applicable 360 BSI MIDDLE EAST LIMITED the client has to ensure that the taxes are paid on top of the investment fee paid for the course. Abu Dhabi Commercial Bank Compliance with the local tax laws is the responsibility of the client. Dubai Mall Branch, P.O.Box 49124 Dubai, U.A.E* Save up to 50% for In-house Training program Account No: 10065721319001 Swift No: ADCBAEAAXXX IBAN No: AE780030010065721319001 All payments must be received prior to the event date© 360 BSI (M) Sdn Bhd (833835-X), Level 8 Pavilion KL, 168 Jalan Bukit Bintang, 55100 Kuala Lumpur, Malaysia. www.360bsi.com/IT 4

Event Code Type 360 BSI Training Calendar 2016 DATE - 2016 VENUEKK-TE-DOH-46 General 13 - 14 Dec 2015 Doha COURSE TITLE Effective Technical Report Writing KK-TE-KL-41 General Effective Technical Report Writing 13 - 14 Jan 2016 Kuala LumpurKK-TE-JAK-42 General Effective Technical Report Writing 18 - 19 Jan 2016 JakartaKK-TE-DOH-47 General Effective Technical Report Writing 21 - 22 Feb 2016 Doha SV-IT-KL-22 IT Business Continuity & Disaster Recovery Planning 23 - 25 Feb 2016 Kuala LumpurSV-IT-DUB-21 IT IT Information Security Management Principles 28 Feb - 02 Mar 2016 DubaiKK-MN-DUB-129 IT Document & Information Management, Security, 06 - 09 Mar 2016 Dubai Retention & ArchivingSV-SS-DUB-102 Safety BBS: Safety & Leadership 06 - 08 Mar 2016 DubaiSV-SS-DUB-103 Safety Root Cause Analysis 09 - 10 Mar 2016 DubaiKK-MN-KL-117/118 General Negotiating Sales Success & Customer Loyalty 07 - 10 March 2016 Kuala LumpurKK-MN-KL-119/120 General Effective Communication, Presentation Skills & 07 - 10 March 2016 Kuala Lumpur Report WritingKK-MN-DUB-121/122 General Negotiating Sales Success & Customer Loyalty 13 - 16 March 2016 DubaiKK-MN-DUB-123/124 General Effective Communication, Presentation Skills & 13 - 16 March 2016 Dubai Report Writing KK-MN-SIN-130 04 - 07 Apr 2016 Singapore KK-MN-DUB-131 IT Document & Information Management, Security, 10 - 12 Apr 2016 Dubai Retention & Archiving Management Green Supply Chain Management SV-FI-KL-11/12 Finance Fraud Control & The COSO 2013 Framework: Improving To be confirmed 2016 Kuala Lumpur Internal Controls and Organizational EffectivenessSV-MN-DUB-131 HRSV-MN-DUB-132 HR Effective Performance Management To be confirmed 2016 Dubai Preventing Workplace Bullying To be confirmed 2016 DubaiSV-FI-DUB-9/10 Finance Fraud Control & The COSO 2013 Framework: Improving To be confirmed 2016 Dubai SV-IT-DUB-19 IT Internal Controls and Organizational Effectiveness SV-SS-DUB-96 Safety SV-SS-DUB-97 Safety Project Management for IT Professionals (23 PDUs) To be confirmed 2016 Dubai Dubai SV-IT-DUB-20 IT Visible Safety Leadership To be confirmed 2016 Dubai Quality, Behavior & the Bottom Line: The Human Side of To be confirmed 2016 Dubai Quality Improvement IT Governance: Governance & Management of To be confirmed 2016 Enterprise IT Other Training Courses by Affiliated Training Partners Technical Advanced Shutdown / Turnaround / Outage (STO) Dubai Management Kuala Lumpur Security Advanced Certificate in Security Management Dubai Security Advanced Certificate in Professional Investigation & Covert Surveillance Dubai Dubai Security Advanced Certificate in Field Incident Command Dubai Dubai Management CSR Strategy & Value-creation Masterclass Dubai HR Training ROI Masterclass Management Effective and Efficient Warehouse Operations Finance Effective Collection & Recovery StrategiesContact Kris at [email protected] to register or for further details. Tel: +60 16 3326 360