| 8:00 - 8:30 a.m. | Continental Breakfast
Ballroom Foyer - Ballroom Level |
| 8:30 - 10:15 a.m. | General Session
Ballroom C - Ballroom Level |
| | Opening Remarks |
 | Patrick Alesi
Chairman, SIFMA Business Continuity Planning Committee
|
| | Evaluating the Terrorist Threat to Our Critical Infrastructure |
 | Dr. Stephen Gale
Co-Chairman, Center on Terrorism, Counter-Terrorism & Homeland Security
Foreign Policy Research Institute
University of Pennsylvania
www.fpri.org |
| | Seven years after September 11th it continues to be of vital importance that we truly understand the current threat associated with Islamist terrorism - on both domestic and international fronts. Although resources have been allocated to increasing homeland security, much of the nation’s critical infrastructure still remains vulnerable. In analyzing the infrastructure that serves as what Osama bin Laden calls the “joints” of the US economy, we must not only consider the potentially pervasive, long-term, even global effects that Islamist terrorist attacks might have on the socio-economic and political stability of the nation, but also the means for selecting security measures that are both effective and efficient. Furthermore, the coordination of the intelligence that supports improved security policies and measures need to be more effectively integrated at all levels of government and with the private sector. |
| | Managing Risk in an Era of Uncertainty |
 | Commander Kirk Lippold
Retired Commander USS Cole
United States Navy |
| | The modern world does not wait for the uninitiated and the unprepared. The ability of organizations to react quickly to a crisis, adapt strategies to deal with unforeseen circumstances, and then choose the best course of action comes only from thinking through the unimaginable. Commander Kirk Lippold explains how preparation, leadership, and empowerment enabled the entire crew of the USS Cole to act decisively in the ultimate crisis situation. His innate ability to act in the now and plan ahead set a new benchmark for dealing with complex environments and operating under intense crisis management conditions. |
| 10:15 - 10:45 a.m. | Exhibitor Networking Break
Ballroom Foyer - Ballroom Level |
| 10:45 - 11:30 a.m. | General Session
Ballroom C - Ballroom Level |
| | The Unthinkable – Who Survives When Disaster Strikes – and Why |
| | 
|
 | Amanda Ripley
Senior Writer – Homeland Security and Risk
Time Magazine |
| 11:30 a.m. - 12:30 p.m. | Individual Sessions - Round OneThe following 60-minute workshops will be conducted once.
|
| | Session 1
Regency Room - Mezzanine Level
CERT® Resiliency Engineering Framework — Achieving and Sustaining Operational Resiliency |
| | David W. White
Senior Analyst
Carnegie Mellon Software Engineering Institute - CERT
www.cert.org |
| | Traditional activities like security, business continuity, and IT operations management have a common purpose: to manage operational risk in a way that helps the organization achieve and sustain operational resiliency. Unfortunately, many organizations lack the process maturity to actively direct and control operational resiliency. They typically perform operational risk-based activities in silos, depend on heroics in times of stress, and base their view of success on “what hasn’t happened” rather than an objective measure of competency. This presentation introduces the CERT® Resiliency Engineering Framework—a maturity model that reflects the convergence of security, business continuity, and IT operations disciplines in a way that provides a roadmap for continuous improvement. As a process model, the framework is intended to help organizations determine their level of process competency and to improve this level as necessary to meet their unique strategic demands. The roadmap aims to help an organization to objectively measure and manage resiliency engineering processes, redirect scarce resources, and realize improvements in their processes so that it can be prepared for whatever disruption may come. |
| | Session 2
Imperial/Booth Room - Conference LevelEmerging BCP Regulations |
| | Chris Oliver, FBCI
Group Operations Director
Office-Shadow, Inc.
www.office-shadow.com |
| | Donald L. Schmidt, ARM
CEO and Founder
Preparedness, LLC
www.preparednessllc.com |
| | In the few years immediately following 9/11, a number of business continuity rules and regulations were established that affect financial services firms and other businesses. It wasn’t until recently that additional rules followed. Now a new US voluntary business continuity standard is being developed, standards have been published in the UK and regulators in Asia are proposing new standards. In this session, experts will explore what the new US voluntary standard may look like, what the UK standards cover and how the rules in Asian countries will affect local businesses. |
| | Session 3
Chrysler Room - Mezzanine Level2008 SIFMA BCP Survey |
| | Blaise D'Ambrosio
VP Business Continuity Manager
T. Rowe Price
www.troweprice.com |
| | Gregory M. Gist
Senior Policy Advisor, Office of
Business Continuity
Citi
www.citigroup.com |
| | Dan Gordillo
Global Business Continuity
UBS
www.ubs.com |
| | Vincent Orrico
Contingency Planning Exchange
www.cpeworld.org |
| | The SIFMA Business Continuity Planning Survey for 2008 covers firms of all sizes. Attendees will gain an understanding of what firms are doing with their BC programs, including: "How are people and technology recovered?", "What are their top priority initiatives?", “Are businesses spending more for BCP in 2008?”, and “What is the extent of their Pandemic Planning?” The findings will be compared to trends identified in past BCP surveys and to recent events. The session is also designed to be interactive, as the presenters intend to initiate a group dialogue regarding issues identified from the survey in the hopes of soliciting solution examples from session attendees as well as providing solution examples of their own. |
| | Session 4
Ballroom C - Ballroom LevelPotential Economic Impact on a Business Due to a Flu Pandemic.
Workshop Session Hosted by Roche Laboratories, Inc. www.roche.com |
| | Brooke R. Doerler
Corporate Development Manager
Roche Laboratories, Inc.
www.roche.com |
| | Included in the latest draft government guidelines on preparing for a pandemic, HHS encourages corporations to consider stockpiling antivirals for their employees. This session will discuss the potential economic impact of a pandemic on a business and also discuss the new Roche Antiviral Protection Program which is designed to lower the most common hurdles cited by employers. |
| | Session 5
Park Avenue Room - Mezzanine LevelBuilding a Pragmatic Continuity Plan in the Buy-Side and in Smaller Firms |
| | Alexander C. Tabb
Partner, Crisis & Continuity Services
TABB Group
www.tabbgroup.com |
| | In today’s hyper-competitive market, market differentiation within the buy side is difficult to achieve. Forward-looking buy-side firms have identified that one of the elements that they can develop to assist in making them stand out is an integrated risk management plan that takes into consideration both financial and operational risks. But how do you do that without spending a fortune? Mr. Tabb will discuss lessons learned from developing mid-tier buy-side continuity plans. How do you develop a robust operating infrastructure that can ensure sustained operations in the event of disaster? What elements do you need to ensure continued internal and external communications after a disaster? Is training that important? How often should you exercise a plan and what type of exercises should you develop? How often should they be run? This session, based on real-world experience, will provide concrete advice on what needs to be included in a robust, but pragmatic continuity plan: what elements are necessary, what are nice to have and what can be left on the cutting room floor. |
| 12:30 - 1:30 p.m. | Luncheon
Ballroom D - Ballroom Level |
| 1:30 - 2:30 p.m. | Individual Sessions - Round Two |
| | Session 1
Imperial/Booth Room - Conference Level
The following 60-minute workshop will be conducted twice, enabling Conference registrants to attend both. Best Practices Roundtable |
| | Robert Kaiser
Director of Business Readiness
Merrill Lynch & Co.
www.ml.com |
| | Melvyn Musson
Senior Business Continuity Planning Manager
Edward Jones
www.edwardjones.com |
| | Laura Osgoodby
Director, Citigroup Global Capital Markets Operations
Citigroup
www.citigroup.com |
| | This roundtable has been one of the most popular sessions at the BCP Conference each year. This is an interactive “roundtable” audience discussion of strategies, issues, problems and successes experienced when developing and maintaining business continuity plans. Special focus will be on experiences in complying with BCP rules and on issues, such as pandemic planning, encountered by firms of different sizes. The workshop will be presented as two 1-hour sessions in which attendees may decide the topics to be discussed. The open exchange of questions, ideas and experiences by attendees is encouraged. This session is open only to employees of securities firms and not to media, regulators and other conference attendees. Attendees may also submit questions and issues at anytime prior to the workshop. Forms are available at the registration desk for that purpose. |
| | The following 60-minute workshops will be conducted once. |
| | Session 2
Park Avenue room - Mezzanine Level2008 FBIIC/FSSCC Financial Services Sector Cyber Exercise |
| | Mark G. Clancy
Executive Vice President
Citi, IT Risk & Program Management
www.citi.com |
| | A cyber security exercise sponsored by U.S. Department of the Treasury and conducted by the Financial and Banking Information Infrastructure Committee (FBIIC) and the Financial Services Sector Coordinating Council (FSSCC) is scheduled for September 2008. The exercise is designed to gain a better understanding of dependencies on outside critical information functions and dependencies within the financial services sector, to raise awareness of potential IT/cyber risks and vulnerabilities within critical infrastructures and to identify gaps with the financial services sector and outside. This session will explain the exercise and provide a preliminary results overview.
|
| | Session 3
Regency Room - Mezzanine LevelBusiness Continuity in the US Critical Infrastructures |
| | Dr. Susan Bailey
Vice President Global Network Operations Planning
AT&T
www.att.com |
| | Lynn Costantini
Chief Information Officer
North American Reliability
Corporation
www.nerc.com |
| | David R. Nevius
Senior Vice President and Director Of Reliability Assessments and
Performance Analysis
North American Electric Reliability
Corporation
www.nerc.com
|
| | All US businesses are heavily dependent on the nation’s critical infrastructures. When disaster strikes and you are forced to activate your business continuity plans, what will be happening at the critical infrastructures that you rely on to keep your firm running? This session focuses on two of the most essential infrastructure – electric power and telecommunication. Experts from these sectors will explain their recovery strategies, discuss how they responded to actual recent events and review progress in the past few years. |
| | Session 4
Chrysler room - Mezzanine LevelEffective Business Continuity Management Reporting Concepts |
| | Patrick Alesi
Chairman, SIFMA Business Continuity Planning Committee |
| | Michael Curry
Principal, Planning and Development
Vanguard
www.vanguard.com |
| | Rudy Garcia
Director, Business Continuity Management
Citigroup Global Markets Inc.
www.citigroup.com |
| | You’ve developed and installed a business continuity program that can recover your operations and systems from small and large-scale events. Your program works, it’s well maintained and passes regulatory examinations, but are you doing as much as you can to keep your senior management apprised of your business continuity progress? This session will provide a behind-the-scene look at several proven reporting strategies used by securities firms. |
| | Session 5
Ballroom C - Ballroom LevelResponsive Leadership at Critical MomentsWorkshop Session Hosted by Varolii Corporation www.varolii.com |
| | Gerald Lewis, Ph.D.
President
Gerald Lewis, Ph.D. & Assoc., P.C.
www.geraldlewis.com |
| | In recent years, we have witnessed some very tragic events: 9/11, the Murrah Building, hurricanes, fires, floods and other major emergency events. Leadership during times of crisis requires different skills than those needed to manage normal day-to-day operations but, unfortunately, few people in leadership positions ever receive formal training in crisis leadership. This session is designed for both business continuity professionals and people in management positions. The session will allow you to: understand the difference between leadership and management; know how to present to senior management in order to “get them on board”; improve your skills as a leader within your organization; and comprehend the critical aspects of communication at times of crisis. |
| 2:30 - 2:45 p.m. | Exhibitor Networking Break
Ballroom Foyer - Ballroom Level |
| 2:45 - 3:30 p.m. | General Session
Ballroom C - Ballroom Level |
| | The Next Generation Internet |
 | Dr. Peter M. Fonash
Chief Technology Officer, and Director, National Command and Coordination Capability (NCCC)
Office of the Assistant Secretary for Cybersecurity and Telecommunications
U.S. Department of Homeland Security
www.dhs.gov
|
| 3:30 - 4:30 p.m. | Individual Sessions - Round Three |
| | Session 1
Imperial /Booth Room - Conference Level
The following workshop is a repeat of Round One.Best Practices Roundtable |
| | This roundtable has been one of the most popular sessions at the BCP Conference each year. This is an interactive “roundtable” audience discussion of strategies, issues, problems and successes experienced when developing and maintaining business continuity plans. Special focus will be on experiences in complying with BCP rules and on issues, such as pandemic planning, encountered by firms of different sizes. The workshop will be presented as two 1-hour sessions in which attendees may decide the topics to be discussed. The open exchange of questions, ideas and experiences by attendees is encouraged. This session is open only to employees of securities firms and not to media, regulators and other conference attendees. Attendees may also submit questions and issues at anytime prior to the workshop. Forms are available at the registration desk for that purpose. |
| | The following 60-minute workshops will be conducted once. |
| | Session 2
Regency Room - Conference LevelTelecommuting Strategies That Work |
| | Moderator Vincent Orrico
Contingency Planning Exchange
www.cpeworld.org |
| | Gregory J. Ferris
Managing Director
Morgan Stanley
www.morganstanley.com |
| | If used properly, telecommuting can be an effective strategy to allow your business to function through an emergency. There are, though, different technical architectures and different policies that can be employed. Learn how three firms approached their telecommuting decisions, what worked and what caused issues. The panelists will explain planning assumptions, strategy, technical architecture and dependencies. |
| | Session 3
Chrysler Room - Conference LevelThe Five New Essential Elements of a Fully Resilient Business |
| | Troy Winskowicz
Product Manager
Dell Message One
www.messageone.com |
| | In today's real-time business environment, recovering from a crisis means more than having a plan and a comprehensive emergency notification service. When a natural disaster or local service disruption occurs, it is not only important to be able to broadcast crisis notifications, but it is also critical to implement sometimes-overlooked measures to minimize the duration of the business interruption. In fact, according to Neal Rawls, Continuity Central Security Columnist & Author, it has been estimated that 90% of companies unable to resume business operations within five days of a disaster are out of business within one year. In this important session, Troy Winskowicz from Dell MessageOne™ will discuss the five major elements of ensuring effective continuity of communications. You will learn where gaps exist in the industry that can lead to a less than holistic approach to continuity – and what Dell is doing to help ensure that your entire operations are minimally impacted by any crisis. |
| | Session 4
Ballroom C - Ballroom LevelTaking Care of Business: An Affordable, Practical and Innovative Approach for Business Continuity Management Workshop Session Hosted by Microsoft and i365, A Seagate Company www.i365.com www.microsoft.com |
| | If done well, Business Continuity Management provides organizations with a framework they can leverage for strategic and tactical activities. While many companies have had these processes for years, their implementation is not consistent due to cost, complexity and the rise of new scenarios such as virtual machine recovery. Microsoft and i365 will share best practices for organizations of all sizes that can be implemented cost effectively and leverage the next generation of online disk-based storage recovery solutions. |
| | Session 5
Park Avenue Room - Mezzanine Level |
| | Managing a Crisis of Confidence: Can Business Continuity Tools Help? |
| | Roland Johnson
President
Office Shadow, Inc.
www.office-shadow.com
|
| | The recent credit crunch highlights how fragile and complex our heavily connected financial structure is. In some regards, the effects of the current credit crunch are greater in economic terms than 9/11. Of course, it doesn’t come close in life, safety and emotional terms, but it does put the relative importance of crisis planning into perspective. Our ability to recover a particular system may pale in the bigger scheme of things. Where should BC / DR fit into an overall Risk framework? How do we keep an outward facing view of Risk when so much of our continuity thinking is about buildings and systems? Conversely, should our BC / DR program come into play in these situations, where there is obviously an exception to ‘business as usual’ but not an obvious interruption to business processes? Can the same tools and processes that we use to manage a physical or technological crisis be used to manage a crisis of confidence?
Roland Johnson will explore these ideas and discuss the broader Governance, Risk and Compliance picture.
|
| 4:30 p.m. | Conference Adjournment |
Special Note: The Business Continuity Conference & Exhibit has been organized by the Securities Industry and Financial Markets Association as a service to the industry. Presentations, findings and opinions of speakers and exhibitors and their representatives do not constitute the expressed or implied endorsement by SIFMA of any product, service, presentation or technology; nor does SIFMA take responsibility for the content presented by speakers and exhibitors. SIFMA Staff Advisers
Howard Sprow
John Panchery SIFMA's Business Continuity Planning Committee would also like to thank the following for their support of the Business Continuity Planning Conference & Exhibit:
Wall Street Journals provided by Dow Jones www.dowjones.com
|