Tag Archives: training

What the World Needs Now is… More Good-Quality Cyber-Security Training

DRI ANZ

To view this article in its original location, please click here.

Love, sweet love, is a great idea for the world. Hal David and Burt Bacharach made a great song out of suggesting that we could use more of it. However, there also are a few more things that could be added to the list. One of them is cyber-security training. A recent study by Unisys indicates that almost 70 percent of critical infrastructure providers had at least one significant security breach within the preceding year. In a ‘cause and effect’ follow-on, the same study showed that employees lacked training cyber-security. In fact, only about one in 16 organisations (6 percent) did anything about it. So what’s the problem – complacency or lack of solutions?

Many enterprises are coming to the conclusion that security breaches will happen at some time. They realise that a zero-breach objective may be unrealistic. However, their best hopes lie in pushing such breaches out as far as possible, and in limiting their potential for damage. Complacency is not the problem: it’s fatalism. The Unisys report reveals that 78 percent of people responsible for security thought a successful attack on their industrial control and supervisory systems (ICS and SCADA) was likely within the next two years.

While security vulnerabilities will continue in vendors’ products, organisations can still do a lot to improve their situation by correctly educating their workforce. This includes training specialist IT staff to maintain applications and network software at latest vendor release level. It also means inculcating good information security practices in staff in general. The basics of proper password management, and strict ‘need to know’ and employee identification policies can go a long way to help protect both a business and its personnel. It takes time, effort and patience for all concerned. But in the end, tough love like this is what it takes to keep enterprises healthy and wealthy. So in that sense, Hal and Burt’s song still has a message for organisations today too.

Making Your Business Continuity Plan – Tips for Success

DRI ANZ

To view this article in its original location, please click here.

You’ve had the training, you know your subject, now it’s time to get that business continuity plan down on paper – or into your PC. However, what seems crystal clear in your head when you start may not turn out quite the same way after you’ve written it out. To help construct a plan that does justice to your vision of how things should be, start with the scope of your business continuity plan. First, make sure that your plan addresses business continuity for processes, not for isolated incidents: for example, ‘denial of access to premises’, rather than ‘fire at the main entrance’. Second, make sure your plan covers all the essential processes – and not just the ones for IT or a central factory, for example.

The style you use is important too – people may need to consult your plan in emergency situations where every minute counts. That means avoiding unnecessary complexity. What readers need to know are the essentials: what should be done, by which person, when and why. Remember also that ‘wish lists’ have no place in a business continuity plan. For example, indicating that part of the plan will be completed later, for example a list of main suppliers and services organisations, means the plan is not finished. Finish it first, then make it available.

Likewise, make sure that the plan covers reasonable possibilities without making any unjustified assumptions. It is quite possible for example that an organisation suffers both IT server crashes and denial of access at the same time. Don’t assume that incidents only happen one at a time, rather than in parallel. And once your business continuity plan is written and distributed to those who need to know, test it and update it regularly. Remember also to send out the updated version of the plan. There are few things worse than staff scrambling to execute an outdated business continuity plan whose vital information is no longer valid!

A DRI Training Discussion Point – the Value of Your Data

DRI ANZ

To view this article in its original location, please click here.

Participating in DRI courses on disaster recovery and business continuity planning and management is an excellent idea for many organisations, big and… not so big! The principles, techniques and best practices presented in the training show you clearly how to understand and apply the concepts that can make the difference between an enterprise that swims or sinks. Sometimes important points in the courses can benefit from reinforcement, particularly for information that the world in general is still getting up to speed on. For example, understanding the financial impact of data loss, i.e. the value of your organisation’s data, is relevant for everybody concerned with disaster recovery and business continuity.

We can identify four major dimensions for the value of data in an organisation. These are: availability, cost of creation/reconstruction, data loss, and associated reputational value. Understanding the costs associated with each dimension makes it possible to apply disaster recovery and business continuity knowledge even more effectively.

  1. The first dimension of availability or its opposite, downtime, can be evaluated in terms of the time and effort needed to restore missing data, and the loss of productivity for employees who need that data so that they can work properly (salespeople who need to sell, production workers who need to manufacture, etc.).
  2. Data that cannot be recovered must be replaced, which is the second dimension of cost, because of the need to recreate data from records or acquire them from a third party.
  3. If the data cannot be replaced, the cost will be in the blockage of financial transactions or sales, for example. This ‘opportunity cost’ corresponds to the third dimension.
  4. And for the fourth dimension, loss of data can affect the reputation of the organisation, as well as the share price when the organisation is a commercial enterprise.

Examining these different factors can help when deciding priorities in applying what you learn. And, of course, in seeing the return on investment you can get from each DRI training session.

Business Continuity and Corporate Governance

DRI ANZ

To view this article in its original location, please click here.

A large part of business continuity has to do with measuring how an organisation stacks up compared to BC best practice, assessing processes in place to improve that performance and making a system of checks and balances to ensure that compliance with BC principles continues. Expressed like this, these aspects of business continuity start to sound remarkably like corporate governance. Business continuity even has the same three dimensions of ownership and reporting, involvement, and integration. From roots in IT, moving into operations and change management, and now emerging as a discipline in its own right, business continuity has also become an important part of good corporate governance.

The concept of governance itself has only come to the fore recently; even if many organisations have been doing it one way or another for much longer. Corporate governance means involvement by senior levels of management; it is ‘owned’ by C-level officers. It is important therefore that senior management also takes an active interest in business continuity. The incentives to do so are there. Besides better resilience, effective business continuity planning and management can help maximise quality, efficiency, cost savings, and competitive advantage. It also reinforces a good corporate reputation and opens up new business opportunities, while facilitating compliance with statutory and regulatory requirements into the bargain.

Senior management involvement in business continuity comes after awareness. DRI-ANZ runs a number of activities for this, including one-day business continuity overview courses, presentations and on-site visits to corporations that have implemented BC policies. All of these contribute to high level management perception of business continuity as a worthwhile component of corporate governance. Increased involvement is then repaid by the opportunity for business unit managers and directors to help shape the business continuity of their organisation in the way that helps them do their jobs in the most profitable and productive way.

Learning about the Key Difference between Plans and Planning in Business Continuity

DRI ANZ

To view this article in its original location, please click here.

‘Plans are nothing; planning is everything’. This famous quote from Eisenhower, military supremo and later President of the United States, needs some further explanation – but it’s worth paying attention for anyone who wants to put solid business continuity in place. Eisenhower’s meaning was that while you need a plan, the plan must remain flexible and open to any required changes; and that the process itself of planning is as valuable as the documents it produces along the way. This is a fundamental theme of the one-day DRI course on Business Plan Exercise, Audit and Maintenance (BCOE-800) that also includes further related topics.

Besides emphasising the need to maintain business continuity plans and planning, the BCOE-800 course also discusses the requirements to exercise and test them. The timeliness and quality of the response of a business continuity team depends on practical experience of putting those plans into action. The course therefore covers a range of testing and exercise programs. It includes training on how to develop them for your organisation and how to communicate the results for subsequent improvement. At the same time, participants review audit processes related to BC planning and best practice for developing plans that are synchronised with the strategic direction of their enterprise or organisation.

Auditors, coordinators of business continuity and disaster recovery actions, and business unit heads are among those who will find this practically oriented course valuable. More than books and theory, it puts business continuity planning firmly into the context of real business life and its constant change. You’ll come away with the information needed to make sure that business continuity measures stay sufficient, plans remain current, and other members of the organisation receive timely reminders and refreshers through appropriate business continuity plan tests and exercises.