...A Case Study Report On Cisco Systems Risk Strategies Submitted to, Amy vuong Submitted by, Marut shah Vishal Dave Manthan Shekhadia Keyur Patel Rudraksh Gaikwad Imran Siddique Mohammad Faisal Contents 1. Introduction ............................................................. 4 1. Executive summary .............................................. 4 2. Issue identification .................................................. 5 1. Challenge & Issues ............................................... 5 3. Alternatives & Options: .......................................... 6 4. Recommendations ................................................... 9 5. Implementation of strategies & results: .................. 9 6. Monitor & Control: ............................................... 10 7. Lessons Learned..... Error! Bookmark not defined. 1. Introduction Cisco, the global information and communication technology provider, has put in place a supply chain resiliency program that any company facing possible risk from supply chain disruption should study. Cisco's program for SCRM combines tools, policies, practices and management support into a comprehensive system that enables the company to truly understand and manage the risks associated with the supply of most of its products. Beginning with new product design and introduction, and continuing through to current product manufacturing and fulfillment, Cisco can predict potential risk points and work with members of its supply...
Words: 1861 - Pages: 8
...Cisco: Supply chain RISK MANAGEMENT PLAN VERSION 5 01/13/2014 TABLE OF CONTENTS 1. INTRODUCTION 1. Executive Summary 2. Purpose of the Risk Management Plan 2. Risk Management Procedure 1. What is a Risk? 1. Risk Identification 2. Risk Assessment 3. Risk Mitigation 4. Risk Monitoring 5. Risk Planning 2. Qualitative Risk Analysis 3. Quantitative Risk Analysis 4. Risk Reporting 3. Tools and Practices 4. Conclusion 1. Risk Contingency Planning 2. Processes to Address Immediate Unforeseen Risks 5. Risk Management Plan Approval 6. Appendix A: References 7. Appendix B: Key Terms INTRODUCTION 1 EXECUTIVE SUMMARY THIS RISK MANAGEMENT PLAN DOCUMENTS A PRESENTATION MADE AT YEILDMORE ON HOW CISCO MANAGES THE RISKS ASSOCIATED WITH SUPPLY CHAIN DISRUPTIONS. YEILDMORE ASSESSES CISCO'S SUPPLY CHAIN RESILIENCY PROGRAM AS ONE OF THE BETTER-EXECUTED PROGRAMS WE HAVE SEEN, AND RECOMMENDS OTHER CLIENTS STUDY IT TO UNDERSTAND HOW THEY MIGHT "DERISK" THEIR OWN SUPPLY CHAINS. THEY OFFER A PRODUCT-CENTRIC APPROACH WHICH PROVIDES MORE BUSINESS VALUE THAN AN INCIDENT-CENTRIC APPROACH TO RISK ASSESSMENT FOR MOST BUSINESSES. Cisco’s transparency is critical to both internal and external support for supply chain resiliency. Objective metrics contribute...
Words: 4662 - Pages: 19
...Case Study: Cisco Addresses Supply Chain Risk Management This Case Study documents a presentation made at Gartner's Security and Risk Management Summit conference in 2010 on how Cisco manages the risks associated with supply chain disruptions. Gartner assesses Cisco's supply chain resiliency program as one of the better-executed programs we have seen, and recommends other clients study it to understand how they might "derisk" their own supply chains. CISCO’S SUCCES in SCRM Cisco's program for SCRM combines tools, policies, practices and management support into a comprehensive system that enables the company to truly understand and manage the risks associated with the supply of most of its products. Cisco managed to predict potential risk and points and work with members of supply chain to manage and minimize risks connected with with enviroment full of uncertainty. THE „RESILIENCY CHALLENGE” Cisco's business model is complicated, relying extensively on outsourced manufacturing for more than 95% of the >12,000 products it delivers, most of which are configure-to-order. Cisco sells to a broad range of customers from the private and public sector, and as Cisco expands its presence in the consumer sector (with products such as the Linksys line), it is seeing a growing presence of make-to-stock products. The company's growth strategy includes being highly acquisitive. It has made more than 140 acquisitions since its founding and is presently making three to...
Words: 1097 - Pages: 5
...IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez IS3110 IT RISK MANAGEMENT PROJECT Henry Smigielski, Steven Martin, Benjamin Yau, Ulises Martinez TABLE OF CONTENTS 1.0 PURPOSE AND SCOPE 4 2.0 RISK PLANNING 4 2.1 ROLES AND RESPONSIBILITIES 6 2.2 RISK IDENTIFICATION 7 2.2.1 Methods for Risk Identification 7 2.2.2 Identified Risks 7 2.3 RISK ASSESMENT 28 2.3.1 Qualitative Risk Assessment 28 Probability 28 Impact 29 Threat Matrix 30 2.3.2 Quantitative Risk Assessment 33 2.4 RISK RESPONSE PLANNING 34 Avoid 35 Mitigate 35 Accept 35 Contingency 35 Transfer 35 2.5 RISK MITIGATION 35 2.6 RISK MONITORING 39 Pulse Meetings 39 Variance Reports 40 Program Reviews 41 Technical Reviews 42 Project Forecasting 43 Problem Solving 45 2.6.1 Project Management Information System 46 Management Reviews 47 Project Dashboards 48 Change Management Log 50 3.0 Computer Incident Response Team Plan 51 3.1 Have an incident response plan. 52 3.2 Pre-define your incident response team 53 3.3 Define your approach: watch and learn or contain and recover. 54 3.4 Pre-distribute call cards. 55 3.5 Forensic and incident response data capture. 56 3.6 Get your users on-side. 56 3.7 Know how to report crimes and engage law enforcement. 57 3.8 Practice makes perfect. 58 4.0 Disaster Recovery versus Business Continuity Planning 59 4.1 Define Key...
Words: 14207 - Pages: 57
...Company Virtual Solutions Inc. Foundations of Business Continuity Management Table of Contents Executive Summary 3 Introduction 5 About Company Virtual Solutions 6 The Current Status of Business Continuity Planning 6 Historical Context 6 The New Plan 8 Using Recovery Planner 8 Configuration for TPT 9 Presentation 9 Compliance 10 Comprehensive Planning 10 Leadership Approval 12 The Plan Strategy 12 Team Structure 12 Figure 1: The Business Continuity Plan Team Organizational Chart 13 Emergency Management Team 13 Business Continuity Team 14 Business Unit Teams 15 Fly Out Teams 16 Fire Teams 16 The Four Phases of the Plan 16 Figure 2: The four phases of the Plan 16 Phase I - Appraisal 17 Phase II – Recovery Coordination 18 Phase III - Production 18 Phase IV – Site Restoration 19 Business Unit Plan Structure 20 Alternative Sites 21 Planning Refinement Recommendations 22 Risk Assessment 22 Business Impact Analysis 22 Emergency Response 23 Disaster Recovery 23 Testing and Restoration 24 Future State 25 Comprehensive Business Planning 25 ACP Workflow Planning 26 Awareness and Training 27 Maintaining Support 27 Projected Timeline 28 Figure 3: Projected Timeline 29 Tasks 29 Conclusion 30 Sources 31 Appendix...
Words: 6761 - Pages: 28
...PA2 EXAMINATION BLUEPRINT 2011/2012 Effective Date: December 2011 This document is the property of: CGA-Canada 100-4200 North Fraser Way Burnaby, British Columbia Canada V5J 5K7 Phone: 604 669-3555 Fax: 604 689-5845 www.cga.org/canada Updated: April 18, 2011 CGA-Canada PA2 Examination Blueprint 2011/2012 Table of Contents About the Examination Blueprint ......................................................................................................................... 2 PA2 Examination ................................................................................................................................................... 2 PA2 Course ........................................................................................................................................................ 2 Prerequisite Courses for the PA2 Examination .................................................................................................. 3 Competency Weightings ....................................................................................................................................... 3 Structure of the Examination ................................................................................................................................ 5 Examination Competency Coverage ..................................................................................................................... 6 Scoring Model and Evaluation of Candidate Performance .......
Words: 4762 - Pages: 20
...SC Response to Terrorism Project MIT Center for Transportation and Logistics “Supply Chain Response to Terrorism: Creating Resilient and Secure Supply Chains” Supply Chain Response to Terrorism Project Interim Report of Progress and Learnings August 8, 2003 This report was pre pared by James B. Rice, Jr. of the MIT Center for Transportation and Logistics (CTL) and Federico Caniato of Politecnico di Milano for the Supply Chain Response to Terrorism Project team with contributions from team members Jonathan Fleck, Deena Disraelly, Don Lowtan, Reshma Lensing and Chris Pickett. This work was conducted under the direction of Professor Yossi Sheffi, CTL Director. Please contact James B. Rice, Jr. of CTL (jrice@mit.edu or 617.258.8584) if you have any questions or if you would like to discuss this report. 08/12/2003 1 SC Response to Terrorism Project Supply Chain Response to Terrorism Project: Interim Report of Progress and Learnings 1 2 Executive summary........................................................................................................... 4 Research introduction and background ............................................................................. 6 2.1 Introduction................................................................................................................ 6 2.2 Background Research ................................................................................................ 6 2.3 Project...
Words: 28274 - Pages: 114
...436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 443_Disaster_Rec_FM.qxd 5/25/07 3:07 PM Page i Visit us at w w w. s y n g r e s s . c o m Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our solutions@syngress.com Web pages. There you may find an assortment of valueadded features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress...
Words: 189146 - Pages: 757
...amenities such as 24 hour maintenance and pool access, top-of-the-line workout facilities, on-site stores with groceries and commonly used household goods, luxurious club houses, movie theaters, and free high-speed internet. ULH experienced most of its growth over the last 18 months and until now had not realized that their outdated network infrastructure could possibly inhibit future growth. ULH is seeking proposals to upgrade their IT infrastructure to be able to better meet existing demand and future growth. This proposal and project will consist of the following five phases: 1. Project initiation a. Needs will be identified to determine if ULH will be able to realistically benefit from the completion of this project. 2. Project planning a. The project scope will be clearly defined including but not limited to: i. Goals ii. Objectives iii. Budget iv. Deliverables v. Timeline 3. Project Launch a. Teams are identified and informed of specific responsibilities and...
Words: 3634 - Pages: 15
...PA1 EXAMINATION BLUEPRINT 2014/2015 Effective Date: December 2014 This document is the property of: CGA-Canada 100-4200 North Fraser Way Burnaby, British Columbia Canada V5J 5K7 Phone: 604 669-3555 Fax: 604 689-5845 www.cga.org/canada Updated: January 21, 2014 CGA-Canada PA1 Examination Blueprint 2014/2015 Table of Contents About the Examination Blueprint ......................................................................................................................... 2 PA1 Examination ................................................................................................................................................... 2 PA1 Course ........................................................................................................................................................ 2 Prerequisite Courses for the PA1 Examination .................................................................................................. 3 Competency Weightings ....................................................................................................................................... 3 Structure of the Examination ................................................................................................................................ 5 Examination Competency Coverage ..................................................................................................................... 6 Scoring Model and Evaluation of Candidate...
Words: 4745 - Pages: 19
...Case 2–2 Sabor Inc. In mid-April, Ray Soles, vice president of supply chain management at Sabor Inc., had become increasingly concerned about the potential shortage of supply of marconil, a new high-tech raw material for air filtration. Sabor Inc.’s three suppliers, during the last two weeks, had ad- vised Ray Soles to sign long-term contracts and he was trying to assess the advisability of such commitments. SABOR INC. Sabor Inc. of Cleveland, Ohio, produced high-quality consumer and industrial air-conditioning and heating units. An extensive network of independent and company-owned installation and sales centers serviced customers throughout the North American market. Total company sales last year totaled $800 million. AIR FILTRATION AND MARCONIL Sabor Inc. for decades had sold air humidification and air filtration units along with its prime units in air heating and cooling. Until three years ago, air filtration had accounted for about 7 percent of total corporate sales and had been sold primarily as add-ons to a new air cooling/ heating system. However, with the advent of marconil, air filtration had started to increase significantly as a percentage of total sales. Marconil, a new high-tech product developed as part of the U.S. space effort, had a range of unique properties of high interest to a variety of industries. In the case of air filtration, when processed by a Sabor Inc. developed and patented process, marconil could be transformed into a thin, very light...
Words: 5493 - Pages: 22
...programme management 7 2.7 Multi-supplier proposals 7 2.8 Proposed supplier organisation and project staffing 8 2.9 Technical understanding 8 2.10 Proposed management processes 8 2.10.1 Quality management 9 2.10.2 Change management 9 2.10.3 Service provision and management 10 2.10.4 Resource management 12 2.10.5 Capacity planning and management 12 2.10.6 Business continuity and contingency plans 12 2.10.7 Project management 13 2.10.8 Programme management 13 2.10.9 Strategic management 14 2.10.10 Knowledge management and organisational learning 14 2.10.11 Training 15 2.11 Risk management and risk transfer 15 2.12 Supply chain management 16 2.13 Benefits management and delivery 16 2.14 Relationship management 17 2.15 IT-specific questions 17 2.15.1 Business process changes 18 2.15.2 Application development 18 2.15.3 Software and systems engineering 18 2.15.4 Development and maintenance 20 2.15.5 IT service management 21 2.15.6 Infrastructure design and planning 21 2.15.7 Infrastructure and technology deployment 21 2.15.8 ICT infrastructure management 22 2.15.9 Operations management 22 2.15.10 Technical support 22 2.16 Construction-specific questions 22 Introduction 1 Scope This document is a supporting resource for the related guidance documents on supplier assessment in the...
Words: 6334 - Pages: 26
...| Risk & Control Assessment | | Control Matrix – Narratives - Summary | | Risk & Control Assessment | | Control Matrix – Narratives - Summary | Bob, Inc November 14, 2012 Authored by: Sara Colle, Aaron Hughes, Mohammed Kahn, Paul Koller Bob, Inc November 14, 2012 Authored by: Sara Colle, Aaron Hughes, Mohammed Kahn, Paul Koller interoffice memorandum to: Jim Reinhard, ceo from: group 1 subject: risk assessment report date: 11/14/2012 cc: Mr. Reinhard, We have completed our risk assessment as requested by management. The following report will take you through our completed risk matrix, narratives about the risks and controls, and provide a summary of our findings. The areas covered include: * BCP/Disaster Recovery * Backup and Recovery * Physical Security * Logical Security * Documentation and Policies & Procedures * Change and Patch Management * Computer Operations We hope that this assessment meets your requirements. Should you have any additional questions please feel free to contact anyone of the individuals below that assisted in the preparation of the report. Best Regards, Sara Colle, Aaron Hughes, Mohammed Kahn, Paul Koller Business Continuity Planning and Disaster Recovery 1. RISKS – Loss of customers, loss of profits, loss or reputation, loss of government approval to do business Hurricane Sandy recently paralyzed New York City, the financial capital of the world. This...
Words: 5459 - Pages: 22
...Published in association with the Best Management Practice Partnership The IT Service Management Forum An Introductory Overview of ITIL® V3 A high-level overview of the IT INFRASTRUCTURE LIBRARY The IT Infrastructure Library An Introductory Overview of ITIL® V3 Version 1.0 Written by: Alison Cartlidge Ashley Hanna Colin Rudd Ivor Macfarlane John Windebank Stuart Rance Alison Cartlidge Mark Lillycrop Xansa - Steria HP itEMS Ltd IBM Sun HP Xansa - Steria itSMF UK Edited by: Published by: The UK Chapter of the itSMF With thanks to all those who took part in the review process. © Copyright itSMF Ltd, 2007 This version first published 2007 Based on other copyright material with the permission of the copyright owners. ITIL® is a Registered Trade Mark, and a Registered Community Trade Mark, of the Office of Government Commerce (OGC) and is registered in the US Patent and Trade Mark Office. PRINCE® is a Registered Trade Mark, and a Registered Community Trade Mark, of the Office of Government Commerce (OGC) and is registered in the US Patent and Trade Mark Office. COBIT® is a Registered Trade Mark of ISACA and the ITGA. CMM® is registered in the USA Patent and Trademark Office. PMBoK® is a Registered Trade Mark of the Project Management Institute. M_o_R ® is a Registered Trade Mark and a Registered Community Trade Mark of the Office of Government Commerce. © Crown copyright material reproduced with the kind permission of OGC on behalf of the Controller of...
Words: 12782 - Pages: 52
...Lab 2 - Align Risks, Threats, and Vulnerabilities to COBIT PO9 Risk Mgmt. Controls Part 1 4. Discuss the primary goal of the COBIT v4.1 framework. Provide a basic description of cobit. * The purpose of Control Objectives for Information and related Technology (COBIT) is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems. 5. Explain the major objective of the Control area (COBIT 4.1 Controls Collaboration link on the left side of the COBIT website) * “The COBIT Controls area within ISACA's Knowledge Center promotes collaboration and sharing of information, solutions and experience among COBIT users.” 6. From the COBIT Domains and Control Objectives section, list each of the types of control objectives and briefly describe them based on the descriptions on the website. * Plan and Organize – “This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realization of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organization as well as technological...
Words: 4162 - Pages: 17