El documento describe la organización y estructura de mando de un Equipo de Respuesta a Emergencias Comunitarias (CERT). Explica que el CERT se organiza siguiendo el Sistema de Comando de Incidentes (ICS) con un Comandante de Incidente a la cabeza. También detalla que el CERT se divide en secciones funcionales como operaciones, logística y médica, y que cada líder de sección supervisa varios equipos de trabajo. El objetivo principal es establecer una cadena de mando clara que permita responder de manera efectiva y
Presentación para implementar un plan de compliance Cómo diseñar e implementar un Programa de Prevención de Delitos: cumpliendo con las exigencias del Código Penal
• Cómo debe implementarse un Programa de Prevención de Delitos.
Alcance mínimo y mejores prácticas • Cuáles son las distintas fases de implementación
> Alcance y estrategias de organización según la cultura y la madurez del control interno. Estructura y dependencia
> Orientación de recursos según los distintos riesgos identificados en un mapa de riesgos penales
> Prácticas y medidas eficientes de prevención en políticas y
protocolos de delegación de autoridad
> Debido control ante riesgos y fraudes frecuentes
> Prácticas de documentación de los controles del programa
> Reporte de riesgos y faltas a comités
> Monitoreo del programa y de nuevos riesgos
• Cómo incorporar e integrar en el Código Ético los siguientes
ítems: canal de denuncia, código financiero, prevención de corrupción, información privilegiada, delitos contra el mercado, poderes y protección del medio ambiente
Cyber risk management and the benefits of quantificationDavid X Martin
Cyber security is an unknown, unknown risk which is difficult to quantify. Focus on the impact of the cyber security events, not how they happen. Use disruption models to quantify operational disruptions. Convert as many unknown risks into known risks, so they can be quantified. And for those truly unknowable risks, focus on what needs to be done to ensure survivability.
Vulnerability Management KPIs and KRIs:
Academy.skillweed.com
Monitor the effectiveness and risks in identifying and addressing vulnerabilities in IT systems to enhance security.
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Presentación para implementar un plan de compliance Cómo diseñar e implementar un Programa de Prevención de Delitos: cumpliendo con las exigencias del Código Penal
• Cómo debe implementarse un Programa de Prevención de Delitos.
Alcance mínimo y mejores prácticas • Cuáles son las distintas fases de implementación
> Alcance y estrategias de organización según la cultura y la madurez del control interno. Estructura y dependencia
> Orientación de recursos según los distintos riesgos identificados en un mapa de riesgos penales
> Prácticas y medidas eficientes de prevención en políticas y
protocolos de delegación de autoridad
> Debido control ante riesgos y fraudes frecuentes
> Prácticas de documentación de los controles del programa
> Reporte de riesgos y faltas a comités
> Monitoreo del programa y de nuevos riesgos
• Cómo incorporar e integrar en el Código Ético los siguientes
ítems: canal de denuncia, código financiero, prevención de corrupción, información privilegiada, delitos contra el mercado, poderes y protección del medio ambiente
Cyber risk management and the benefits of quantificationDavid X Martin
Cyber security is an unknown, unknown risk which is difficult to quantify. Focus on the impact of the cyber security events, not how they happen. Use disruption models to quantify operational disruptions. Convert as many unknown risks into known risks, so they can be quantified. And for those truly unknowable risks, focus on what needs to be done to ensure survivability.
Vulnerability Management KPIs and KRIs:
Academy.skillweed.com
Monitor the effectiveness and risks in identifying and addressing vulnerabilities in IT systems to enhance security.
ISO27001 standard was revised and a new version was published in 2013. ISO27001 is also becoming more common Information Security standard among service providers. This presentation focuses on the recent changes in 2013 version and also the process for implementing and getting certified for ISO27001.
Following are the key objectives of this presentation:
Provide an introduction to ISO27001 and changes in 2013 version
Discuss the implementation approach for an Information Security Management System (ISMS) framework
Familiarize the audience with some common challenges in implementation
C-Suite’s Guide to Enterprise Risk Management and Emerging RisksAronson LLC
Significant opportunities remain for organizations to continue to strengthen their approaches to identifying and assessing key risks. This program will provide an overview of Enterprise Risk Management (ERM) best practices and current emerging risks that should be on your radar for 2018.
Watch the complete webinar here: https://aronsonllc.com/c-suites-guide-to-enterprise-risk-management-and-emerging-risks/?sf_data=all&_sft_insight-type=on-demand-webinar
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
Exposición Informática Forense aplicada a base de datos en prevención de suplantación de identidad
Caso Renta Dignidad - La Vitalicia
Expositora Ing. Grecia Francachs Castro
IV Congreso Internacional de Informática Forense y Hacking Ético
13 de Septiembre 2014, Sucre / Bolivia.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
Identify risks and hazards that have the potential to harm any process or project. Use content-ready Risk Assessment PowerPoint Presentation Slides to analyse what can go wrong, how likely it is to happen, what potential consequences are, and how tolerable the identified is. With the help of ready-made risk assessment PowerPoint presentation slideshow, use control measures to eliminate or reduce any potential risk related situation. This deck comprises of various templates to control risks such as types of risks, risk categories, identify the risk categories, stakeholder engagement, stakeholders risk appetite, risk tolerance, procedure, risk management plan, risk register, risk identification, risk assessment, risk analysis, risk response plan, risk response matrix, risk control matrix, risk item tracking, risk impact and probability analysis, risk mitigation strategies, qualitative risk analysis, quantitative risk analysis, risk management process, risk management steps, and more. These templates are completely customizable. You can easily edit the color, text, icon and font size as per your need. Add or remove content, if needed. Grab this easy-to-understand risk assessment PowerPoint templates to figure out what could cause harm to the project, whether the hazards could be eliminated or not, what preventive measures should be taken to control the risks. Download risk assessment PPT slides now to execute the project easily. Behave in a down to earth fashion with our Risk Assessment Powerpoint Presentation Slides. Give them a glimpse of your fact based approach.
Compliance management systems: cómo establecer procedimientos y medidas de control para supervisar, gestionar y monitorizar el cumplimiento normativo • Risk Assessment: cómo evaluar las vulnerabilidades legales en
materia de cumplimiento normativo de cada una de las áreas de la organización
> Claves para la identificación de los riesgos
> Cómo determinar los objetivos de Compliance y alinearlos con la estrategia empresarial
• Creación de nuevas políticas y códigos de conducta
> El código ético como base para el resto de políticas: claves para su diseño y redacción
> Aspectos a tener en cuenta para lograr una articulación de políticas: claves para la priorización de normas
• Difusión del sistema: qué instrumentos son los más adecuados para asegurar que los empleados conocen y entienden qué se espera de ellos
> Ámbito legal. Cómo acreditar el conocimiento y aceptación por parte de los empleados
> Ámbito cultural. Cómo incentivar y premiar el cambio de conductas
> Auditorías periódicas de revisión del comportamiento profesional: cómo articular un sistema disciplinario
• Documentación del modelo.
Cómo asegurar la trazabilidad de las medidas adoptadas de cara a un hipotético proceso judicial como Corporate Defense
• Certificación del sistema: qué certificaciones y estándares son los más aceptados a nivel jurídico
• Auditoría Externas: cuándo y cómo deben encargarse y realizarse
• Los “Compliance Ambassadors”. Cómo gestionar y construir una red de colaboradores en departamentos y sucursales
• Gestión de incidencias Compliance de compras: ¿cómo
cuantificar los riesgos asociados a las relaciones comerciales con proveedores de productos y servicios?
• Procedimientos para la Due Diligence del proveedor: ¿cómo implantar un sistema de “Know Your Supplier”?
• Qué elementos se deben tener en cuenta en una auditoría de socios, contratos y joint ventures • Compliance de contratos: políticas de control de los procesos de adquisición de bienes y servicios
Hernan Huwyler
Dirección de Control Interno
y Gestión de Riesgos
VEOLIA
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
Exposición Informática Forense aplicada a base de datos en prevención de suplantación de identidad
Caso Renta Dignidad - La Vitalicia
Expositora Ing. Grecia Francachs Castro
IV Congreso Internacional de Informática Forense y Hacking Ético
13 de Septiembre 2014, Sucre / Bolivia.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
The SOC analyst training program is meticulously designed by the subject matter experts at Infosec Train. The training program offers a deep insight into the SOC operations and workflows. It is an excellent opportunity for aspiring and current SOC analysts (L1/L2/L3) to level up their skills to mitigate business risks by effectively handling and responding to security threats.
https://www.infosectrain.com/courses/soc-analyst-expert-training/
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
Data leakage prevention is one of the key topics which we have been talking in present. Due to the organizations moving towards big data, financial systems.. which resides in cyber space, there is an increasing number of frauds associated with the technology revolution in the cyberspace.This post highlights the threats and the counter measures, so we can protect the sensitive personal data. I prefer the approach of “ Trust but verify model ”.
Identify risks and hazards that have the potential to harm any process or project. Use content-ready Risk Assessment PowerPoint Presentation Slides to analyse what can go wrong, how likely it is to happen, what potential consequences are, and how tolerable the identified is. With the help of ready-made risk assessment PowerPoint presentation slideshow, use control measures to eliminate or reduce any potential risk related situation. This deck comprises of various templates to control risks such as types of risks, risk categories, identify the risk categories, stakeholder engagement, stakeholders risk appetite, risk tolerance, procedure, risk management plan, risk register, risk identification, risk assessment, risk analysis, risk response plan, risk response matrix, risk control matrix, risk item tracking, risk impact and probability analysis, risk mitigation strategies, qualitative risk analysis, quantitative risk analysis, risk management process, risk management steps, and more. These templates are completely customizable. You can easily edit the color, text, icon and font size as per your need. Add or remove content, if needed. Grab this easy-to-understand risk assessment PowerPoint templates to figure out what could cause harm to the project, whether the hazards could be eliminated or not, what preventive measures should be taken to control the risks. Download risk assessment PPT slides now to execute the project easily. Behave in a down to earth fashion with our Risk Assessment Powerpoint Presentation Slides. Give them a glimpse of your fact based approach.
Compliance management systems: cómo establecer procedimientos y medidas de control para supervisar, gestionar y monitorizar el cumplimiento normativo • Risk Assessment: cómo evaluar las vulnerabilidades legales en
materia de cumplimiento normativo de cada una de las áreas de la organización
> Claves para la identificación de los riesgos
> Cómo determinar los objetivos de Compliance y alinearlos con la estrategia empresarial
• Creación de nuevas políticas y códigos de conducta
> El código ético como base para el resto de políticas: claves para su diseño y redacción
> Aspectos a tener en cuenta para lograr una articulación de políticas: claves para la priorización de normas
• Difusión del sistema: qué instrumentos son los más adecuados para asegurar que los empleados conocen y entienden qué se espera de ellos
> Ámbito legal. Cómo acreditar el conocimiento y aceptación por parte de los empleados
> Ámbito cultural. Cómo incentivar y premiar el cambio de conductas
> Auditorías periódicas de revisión del comportamiento profesional: cómo articular un sistema disciplinario
• Documentación del modelo.
Cómo asegurar la trazabilidad de las medidas adoptadas de cara a un hipotético proceso judicial como Corporate Defense
• Certificación del sistema: qué certificaciones y estándares son los más aceptados a nivel jurídico
• Auditoría Externas: cuándo y cómo deben encargarse y realizarse
• Los “Compliance Ambassadors”. Cómo gestionar y construir una red de colaboradores en departamentos y sucursales
• Gestión de incidencias Compliance de compras: ¿cómo
cuantificar los riesgos asociados a las relaciones comerciales con proveedores de productos y servicios?
• Procedimientos para la Due Diligence del proveedor: ¿cómo implantar un sistema de “Know Your Supplier”?
• Qué elementos se deben tener en cuenta en una auditoría de socios, contratos y joint ventures • Compliance de contratos: políticas de control de los procesos de adquisición de bienes y servicios
Hernan Huwyler
Dirección de Control Interno
y Gestión de Riesgos
VEOLIA
Description des données que le SHOM (Service Hydrographique et Océanographique de la Marine) pourrait passer en #opendata lors des événements #archipelmolene organisés par la Cantine numérique brestoise
Chambre de Commerce du Montréal Métropolitain
Conférence sectorielle sur les technologies de l'information (TI)
Employeurs potentiels : les start-ups
Marie-Andrée Roger, cofondatrice et gestionnaire de projets de Overture Project
La conférence sectorielle vise à offrir aux nouveaux arrivants qualifiés un portrait complet du secteur dans lequel ils aspirent à travailler au Québec, et plus particulièrement de la situation de l’emploi dans ce secteur. La conférence sectorielle rassemble différents acteurs qui viennent partager leurs connaissances et expériences sur leur industrie. Ce sont par exemple des représentants d’entreprises, de comités sectoriels de main-d’oeuvre, de grappes sectorielles, d’ordres professionnels ou encore des immigrants ayant réussi leur intégration au sein du secteur.
Pour plus d'information : http://www.ccmm.qc.ca/fr/metropole/interconnexion/
3. Visual 6.3
Organización del CERT
w Describir la organización del CERT
w Identificar cómo se interrelaciona el CERT con el
Sistema de Comando de Incidentes (ICS)
w Explicar los requerimientos de documentación
4. Visual 6.4
Objetivo de la Administración en la Escena
w Mantener la seguridad de los trabajadores en el desastre
Ø Los Comandantes de Incidentes del CERT deben prioratizar
continuamente las actividades de respuesta en base a la
capacidad y la capacitación del equipo y al principio de que la
seguridad del rescatador es la preocupación número uno.
w Proporcionar liderazgo claro y estructura organizacional
Ø Desarrollando una cadena de mando y roles conocidos por todos
los miembros del equipo. Cada miembro del CERT tiene
únicamente una persona de la cual recibe instrucciones y a la cual
se reporta.
w Mejorar la efectividad de los esfuerzos de rescate
Ø La información sobre el desastre se recolecta y las respuestas se
prioratizan en base a la seguridad del rescatador y de la forma que
hagan el mayor bien a la mayor cantidad de personas según la
capacidad y la capacitación del equipo.
5. Visual 6.5
Necesidad de Organización de un CERT
Proporciona:
w Terminología común que contribuye a una
comunicación efectiva y a un entendimiento
compartido
w Comunicación efectiva entre los miembros del equipo
w Una estructura administrativa bien definida
w Responsabilidad
6. Visual 6.6
Objetivos de la Organización del CERT
w Identifica el alcance del incidente
w Determina una estrategia general
w Despliega Equipos y recursos
w Documenta acciones y resultados
7. Visual 6.7
Sistema de Comando de Incidentes
w La estructura básica del ICS es establecida por la
persona que llegue primero a la escena, quien se
convierte en el Comandante del Incidente.
w Inicialmente, el Comandante del Incidente puede
manejar todos los puestos de comando que se
muestran en el cuadro, pero al tiempo que el
incidente evoluciona, puede asignar personal como:
Ø Jefe de la Sección de Operaciones.
Ø Jefe de la Sección de Logística.
Ø Jefe de la Sección de Planificación
Ø Jefe de la Sección Administrativa.
8. Visual 6.8
Estructura de Comando CERT
w Cada CERT debe establecer una estructura de mando.
w Se asigna un líder del CERT—o, en términos del ICS, un
Comandante de Incidente—para dirigir las actividades del equipo.
Ø Esta persona puede ser designada para actividades voluntarias y
capacitación del CERT.
Ø Sin embargo, durante la activación del CERT para un desastre,
esta persona será la primera en llegar al área de reunión
previamente designada.
w A la ubicación establecida por el líder del CERT como punto
central para el mando y control del incidente se le llama Puesto
de Comando para elCERT.
Ø El IC permanece en el puesto de comando.
Ø Si el IC tiene que salir de ahí, es su responsabilidad delegar a
alguien más para el puesto de comando.
9. Visual 6.9
El CERT y el Sistema de Comando de Incidentes (ICS)
Estructura Básica del Sistema de Comando de Incidentes (ICS)
Comandante del
Incidente
Jefe de Sección
de Operaciones
Jefe de Sección
de Logística
Jefe de Sección
de Planeación
Jefe de Sección
Administrativa
10. Visual 6.10
Estructura del CERT
Estructura de Comando del CERT
Jefe de Sección de
Operaciones
Líder de Grupo de
Combate de Incendios
Líder de Grupo de
Búsqueda y Rescate Líder de Grupo Médico
Equipo A de
Combate de Incendios
Equipo B de
Combate de Incendios
Equipo C de
Combate de Incendios
Área de Prácticas
Equipo A de
Búsqueda y Rescate
Equipo B de
Búsqueda y Rescate
Equipo C de
Búsqueda y Rescate
Equipo de
Triaje
Equipo de
Tratamiento
Equipo de
Morgue
12. Visual 6.12
Toma de Decisiones en el CERT
w Daños considerables = No hay rescate
w Daños moderados = Minimizar rescatadores y tiempo
en el edificio
w Daños ligeros = Localizar, triaje, tratar y prioritizar la
remoción de víctimas
13. Visual 6.13
Los Líderes CERT deben...
w Orientar claramente al personal.
w Enfatizar el trabajo en equipo.
w Mantener períodos de recesos, frecuentes.
w Proveer la nutrición adecuada.
w Rotar al personal por equipos en los receso o en cambios
de turnos.
w Remover el personal de la zona gradualmente para
descanso.
Los componentes del grupo CERT deben realizar
una reunión de evaluación al culminar cada
emergencia.
14. Visual 6.14
Términos Importantes
w Coca Cola – Significa, emergencia real, los
participantes continuarán trabajando en el escenario a
menos que se le indique lo contrario. Los instructores a
cargo de la seguridad atenderán la situación.
w Pitos:
• 1 solo silbido= Atención
• 2 consecutivos= Detenerse y escuchar
• 3 consecutivos = Desalojar el lugar, manténgase
atento al desarrollo de la situación
15. Visual 6.15
Responsabilidades de Documentación
w Proporcionar al puesto de comando información
continua
w Documentar el estado del incidente
Ø Ubicaciones del incidente
Ø Rutas de acceso
Ø Peligros identificados
Ø Localizaciones de apoyo
16. Visual 6.16
Nunca Olvide …
w La seguridad del socorrista es lo primero
w Sistema de compañeros
w Trabajo en equipo