The operational resilience of financial entities that play a critical role in the financial system is key to financial stability. In this article, we present a novel approach to assess operational resilience for financial entities providing time-critical services. These tools provide the means for supervisors to measure and test different aspects of financial entities' operational resilience in a standardised and comparable manner and can be adapted to different types of financial institutions for which continuous operations is expected. We present an application of those tools in the context of the fourth ESMA CCP stress test.
� Published in association with IBM � Effective and comprehensive solutions This book describes how to develop a holistic framework for measuring, controlling, detecting, and responding to operational risk in all its manifestations. It provides the reader with a viable route to addressing this increasingly important issue in an effective and comprehensive manner.
Well publicised failures in risk management have appeared with shocking frequency over the past few years. Affected firms can suffer significant commercial damage or even bankruptcy as a result. Only now is there a growing realisation that risk management is a key management responsibility. This book will help turn your firm into a 'risk aware' organization which will be able to avoid catastrophic loss. It will also enable senior management to make better strategic and operational decisions, thanks to an informed understanding of business hazards. Case studies from a wide cross section of different firms and markets are used to explain how to define, analyse and control operational risk. An insightful guide to one of the key topics of modern strategic and operational management, written by a team of expert risk management professionals Learn about the application of operational risk management to a wide range of market sectors, including commercial, retail and investment banking, investment management, insurance, the energy industry, telecommunications, manufacturing and logistics Case studies and worked examples from around the world, including North America, Western Europe, South East Asia and Latin America
Although much work has been done considering the issue of airbase resilience #x14; especially in the Asia-Pacific region #x14; these studies have typically focused on a single aspect of the problem (such as hardening or runway repair) but have not considered the issues in total. There is a need to view the issue more holistically, especially given the strategic implications of U.S. power projection in anti-access/area denial (A2/AD) environments. The authors of this report developed a modeling framework and lexicon for conducting a detailed analysis of future Air Force operational resilience in an A2/AD environment; the analysis itself focused on different regions (Pacific, Southwest Asia, etc.) to bound the problem and identify a robust set of strategic assumptions and planning requirements. The study was set within the context of efforts to rebalance the joint force in the Asia-Pacific region. This report describes the Operational Resilience Analysis Model (ORAM) built for this effort, which was used to evaluate the impact of different courses of action from an operational standpoint. The authors explain the ORAM model, discuss the inputs that go into modeling Blue (friendly) and Red (enemy) capabilities, and illustrate the model using a simple notional case. They conclude with some suggestions for follow-on work to improve the functionality of ORAM and to address data uncertainties in the model.
CERT® Resilience Management Model (CERT-RMM) is an innovative and transformative way to manage operational resilience in complex, risk-evolving environments. CERT-RMM distills years of research into best practices for managing the security and survivability of people, information, technology, and facilities. It integrates these best practices into a unified, capability-focused maturity model that encompasses security, business continuity, and IT operations. By using CERT-RMM, organizations can escape silo-driven approaches to managing operational risk and align to achieve strategic resilience management goals. This book both introduces CERT-RMM and presents the model in its entirety. It begins with essential background for all professionals, whether they have previously used process improvement models or not. Next, it explains CERT-RMM’s Generic Goals and Practices and discusses various approaches for using the model. Short essays by a number of contributors illustrate how CERT-RMM can be applied for different purposes or can be used to improve an existing program. Finally, the book provides a complete baseline understanding of all 26 process areas included in CERT-RMM. Part One summarizes the value of a process improvement approach to managing resilience, explains CERT-RMM’s conventions and core principles, describes the model architecturally, and shows how itsupports relationships tightly linked to your objectives. Part Two focuses on using CERT-RMM to establish a foundation for sustaining operational resilience management processes in complex environments where risks rapidly emerge and change. Part Three details all 26 CERT-RMM process areas, from asset definition through vulnerability resolution. For each, complete descriptions of goals and practices are presented, with realistic examples. Part Four contains appendices, including Targeted Improvement Roadmaps, a glossary, and other reference materials. This book will be valuable to anyone seeking to improve the mission assurance of high-value services, including leaders of large enterprise or organizational units, security or business continuity specialists, managers of large IT operations, and those using methodologies such as ISO 27000, COBIT, ITIL, or CMMI.
Urban Water Distribution Networks: Assessing Systems Vulnerabilities and Risks provides a methodology for a system-wide assessment of water distribution networks (WDN) based on component analysis, network topology and, most importantly, the effects of a network's past performance on its seismic and/or non-seismic reliability. Water distribution networks engineers and system designers face multiple operational issues in delivering safe and clean potable water to their customers. Includes vulnerability assessment methods for water distribution pipes Discusses topological aspects and their effects on network vulnerability Explores analytical and numerical modeling methods for finding and analyzing systems vulnerabilities in water distribution networks Features real world case studies of networks under continuous and intermittent water supply operations
Major operational incidents in payment systems suggest the need to improve their resiliency. Meanwhile, as payment infrastructures become more digitalized, integrated, and interdependent, they require an even higher degree of resilience. Moreover, risks that could trigger major disruptions have become more acute given the rise in power outages, cyber incidents, and natural disasters. International experiences suggest the need to strengthen reliability objectives, redundancies, assessment of critical service providers, endpoint security, and alternative arrangements
This book presents intuitive explanations of the principles and applications of power system resiliency, as well as a number of straightforward and practical methods for the impact analysis of risk events on power system operations. It also describes the challenges of modelling, distribution networks, optimal scheduling, multi-stage planning, deliberate attacks, cyber-physical systems and SCADA-based smart grids, and how to overcome these challenges. Further, it highlights the resiliency issues using various methods, including strengthening the system against high impact events with low frequency and the fast recovery of the system properties. A large number of specialists have collaborated to provide innovative solutions and research in power systems resiliency. They discuss the fundamentals and contemporary materials of power systems resiliency, theoretical and practical issues, as well as current issues and methods for controlling the risk attacks and other threats to AC power systems. The book includes theoretical research, significant results, case studies, and practical implementation processes to offer insights into electric power and engineering and energy systems. Showing how systems should respond in case of malicious attacks, and helping readers to decide on the best approaches, this book is essential reading for electrical engineers, researchers and specialists. The book is also useful as a reference for undergraduate and graduate students studying the resiliency and reliability of power systems.
The importance of businesses being ‘operationally resilient’ is becoming increasingly important, and a driving force behind whether an organization can ensure that its valuable business operations can ‘bounce back’ from or manage to evade impactful occurrences is its security risk management capabilities. In this book, we change the perspective on an organization’s operational resilience capabilities so that it shifts from being a reactive (tick box) approach to being proactive. The perspectives of every chapter in this book focus on risk profiles and how your business can reduce these profiles using effective mitigation measures. The book is divided into two sections: 1. Security Risk Management (SRM). All the components of security risk management contribute to your organization’s operational resilience capabilities, to help reduce your risks. • Reduce the probability/ likelihood. 2. Survive to Operate. If your SRM capabilities fail your organization, these are the components that are needed to allow you to quickly ‘bounce back.’ • Reduce the severity/ impact. Rather than looking at this from an operational resilience compliance capabilities aspect, we have written these to be agnostic of any specific operational resilience framework (e.g., CERT RMM, ISO 22316, SP 800- 160 Vol. 2 Rev. 1, etc.), with the idea of looking at operational resilience through a risk management lens instead. This book is not intended to replace these numerous operational resilience standards/ frameworks but, rather, has been designed to complement them by getting you to appreciate their value in helping to identify and mitigate your operational resilience risks. Unlike the cybersecurity or information security domains, operational resilience looks at risks from a business-oriented view, so that anything that might disrupt your essential business operations are risk-assessed and appropriate countermeasures identified and applied. Consequently, this book is not limited to cyberattacks or the loss of sensitive data but, instead, looks at things from a holistic business-based perspective.
