The Next Big Thing
Posts about next generation technologies and their effect on business.

The shifting world of business continuity

disaster2.pngI was in an exchange this week with an individual talking about business continuity. The view that business continuity needs to focus on:

An organizations business continuity approach need to be reassessed in a world of high levels of automation, contracting for services and reduced latency. The very definition of foundational terms like ‘work location’, ‘services’ and ‘support’ are changing. Diversity of perspective is likely to be a critical component of any kind of timely, situation response.

 

“The management of business continuity falls largely within the sphere of risk management, with some cross-over into related fields such as governance, information security and compliance. Risk is a core consideration since business continuity is primarily concerned with those business functions, operations, supplies, systems, relationships etc. that are critically important to achieve the organization's operational objectives. Business Impact Analysis is the generally accepted risk management term for the process of determining the relative importance or criticality of those elements, and in turn drives the priorities, planning, preparations and other business continuity management activities.”

 

In today’s environment, business impact analysis is becoming ever more technical and the interconnection between environmental factors more complex. We have seen situations recently with program trading that an entire financial institution has been placed at risk when their automated trading responds in an unforeseen fashion or their governance breaks down. We’ll be seeing similar techniques applied throughout organizational processes.

 

The response to almost any situation can be enabled by techniques like VOIP and other approaches that allow additional levels of abstraction. Simulations can be used to understand the implications of various scenarios as part of business continuity planning.

 

As I mentioned back in March:

Having an effective, robust approach to business continuity is part of management, security and many other roles within an organization.  It is important to remember that there is a cost for being unable to respond to an incident.

Risk management is not about having zero risk… it is an opportunity for innovation

risk.pngRisk management is about balancing the risks against the costs to protect.

 

PwC and CSO magazine recently released the 2013 State of Cybercrime Survey, which states that while cybercrime threats are on the rise, current attempts to counter them remain insufficient.

 

“Cybersecurity is more than an IT challenge—it’s a business imperative. New technologies, well-funded and determined adversaries, and interconnected business ecosystems have combined to increase your exposure to cyberattacks.”

 

It states that:

Businesses that are adapting are:

  • Reconsidering the scope of the challenge to include your business ecosystems
  • Re-evaluating ownership and accountability for cybersecurity
  • Understanding the motive, means and methods of your adversaries
  • Prioritizing and protecting the information that really matters most to your business
  • Collaborating and sharing information in order to have the best available knowledge about the ever changing threats”

Showing that many organizations do weigh the risks and find the costs (from a business disruption and budget point of view) are higher than their expected incident costs -- risk management is not making sure you have no risk. Risk management, when done properly, will accept risk when the alternative is worse than avoiding the risk. This kind of conflict is an opportunity for innovation.

 

Advances are not made by convincing management about solving problems the old way. They come from defining solutions that are less disruptive or expensive and resolve the conflict between cost and risk. Addressing security concerns is really an innovation driver.

US Nationwide Emergency Alert System Test on November 9th 2011

eas.pngWhether it’s a fire or flood, an earthquake or hurricane, being prepared and staying informed are the keys to getting through an emergency situation safely. With that in mind there is an upcoming nationwide test of the U.S. Emergency Alert System (EAS). 

 

Be prepared…

On Wednesday, November 9 at 2:00 p.m. Eastern Time, the Federal Emergency Management Agency (FEMA), the Federal Communications Commission (FCC) and the National Oceanic and Atmospheric Administration (NOAA), will conduct a nationwide test of the Emergency Alert System (EAS).

 

All digital, cable and satellite television and broadcast radio services across the country will be simultaneously interrupted for approximately 30 seconds, after which regular programming will resume.

 

Stay informed…

This is the first national-level test of the EAS that has ever been conducted and will be similar to the local emergency tests, issued by the National Weather Service and state/local officials, used to send alerts and warnings.

 

So remember, if you find yourself within earshot of a radio or TV on November 9th, at home or in your car – and hear an emergency message broadcast on every TV and radio channel – it’s just a test.

 

Visit the FEMA: Nationwide EAS Test website for more information about the test.

 

Businesses should think of this as a reminder to test their own disaster preparedness.

New HP security focused family of products and offerings

Organizations are under increasing pressure to secure their infrastructure while continuing to enable employees and clients to exchange information. Cloud techniques are pushing this need to a whole other level then the capabilities designed into most environments. Managing the risks associated with this are taking new skills as well, since the rise of mobility, cyber threats, and social media and the associated conflicts of expectations are demanding innovative approaches.

 

The days of perimeter based (locked down) security are over. Today’s enterprise must be as fluid as the clients served. Sharing information whenever, wherever and on whichever device they choose. This new fluidity requires a complete approach to security to enable interaction while driving operational effectiveness and reducing business risk.

 

Most enterprises support a patchwork of unrelated products, applications and uncoordinated processes. Security is scattered, with a lack of coordination between people, processes, and technology.  This makes for a fragile environment that is difficult to adjust. It is necessary to actively understand the current state of risk management, security, and breaches.

 

Yesterday, HP unveiled an expanded and integrated Enterprise Security approach.

 

security approach.png

 

They focus first on providing workshops and other approaches to assess the security capabilities in the existing environment.

 

With that current situation analysis in hand there are a range of tools and services to help organizations either transform themselves or consume security transformation services as required.

 

The enterprise services organization also provides a wide range of services to help manage their security environment.

 

Finally, there is an Secure Boardroom approach to provide visibility between and across the enterprise security environment.

 

Don't expect HP's investments to stop there though.

 security ecosystem.png

 

HP’s depth related to security is quite a bit broader and deeper than most organizations realize. There are thousands of people available across the globe, partners to help as well and numerous research activities currently underway in HP’s various labs to address future needs.

Cyber Risk means Cyber Defense

security.pngI’ve mentioned before the paradox of IT – the fact that there is an expectation of innovation as well as risk management; organizations need to plan their cyber defense.  I recently came across a document for those interested in The Financial Management of Cyber Riskan implementation framework for CFOs.

 

The document was created by the American National Standards Institute (ANSI).

 

“The 76-page document offers a pragmatic action plan that addresses cybersecurity from an enterprise-wide perspective. Developed by a task force of more than sixty industry and government experts, The Financial Management of Cyber Risk: An Implementation Framework for CFOs has been funded and managed by the private sector and is offered as a free resource on cyber risk mitigation for organizations across the country.”

 

It consists of frameworks for:

  1. Understanding and Managing the Economic Aspects of Financial Cyber Risk
  2. Managing the Human Element
  3. Managing Legal and Compliance Issues
  4. Operations and Technology
  5. Managing External Communications and Crisis Management
  6. Analyzing Financial Risk Transfer and Insurance

How are you handling the paradox of IT?

Search
Showing results for 
Search instead for 
Do you mean 
Follow Us
Featured
About the Author(s)
  • Steve Simske is an HP Fellow and Director in the Printing and Content Delivery Lab in Hewlett-Packard Labs, and is the Director and Chief Technologist for the HP Labs Security Printing and Imaging program.
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.