This is the second of two posts examining the ‘prepare’ step in building and managing a BCEM (Business Continuity Event Management) plan. In the previous post, we saw how understanding the business is critical to a business impact mitigation and process recovery. The activities discussed produce input for the business impact analysis, including:
- Business objectives
- Regulatory environment
- Critical processes
- Process interdependencies
- Process vulnerabilities
Using this information, we can plan for inevitable process failures. The BIA uses business impact information and the probability of specific business continuity events to calculate levels of business risk. The end result of a BIA is a picture of the BCEM threat, vulnerability, mitigation, and response framework and how that framework reduces risk to levels acceptable to management.
See Business Continuity Event Planning: Business Impact Analysis (BIA) by Tom Olzak, Olzak on Business Continuity, CSO Security & Risk Online.
Cisco has released a second set of findings from a global study on data leakage, revealing the prevalence and effectiveness of corporate security policies within companies and the reasons employees break or comply with them. The study enables information technology teams in various parts of the world to understand employee risk factors so they can effectively tailor policies that fit the reality of what their users need to do their jobs.
Although videoconferencing has become a billion-dollar industry, it leaves distant decision-makers less likely to make sound judgments, according to a study published in a journal of the Institute for Operations Research and the Management Sciences (INFORMS).
Risk Management Solutions (RMS) recently announced the results of a study analyzing the impact of a major earthquake on the Hayward Fault in California. The study marks the anniversary of the 1868 Hayward Earthquake (which ruptured the southern section of the fault 140 years ago during October) and was conducted in collaboration with research seismologists led by the US Geological Survey.
More than 1,500 emergency managers from the U.S. and around the world will be in Kansas City, Kansas (Overland Park), to attend the International Association of Emergency Managers (IAEM) 56th Annual Conference.
Tags: emergency management
As is true in most areas of IT some things are new and some things remain the same. This is certainly true of disaster recovery/business continuity. We simply cannot move ahead with new recovery strategies if any lingering problems remain. What this post suggests is that there is a logical progression when dealing with data center backup and recovery. The key is to make sure that the proper steps are followed.
If you’re a member of the Association of Contingency Planners (ACP), don’t forget to vote for new members to the national board of directors.
InterCEP, the International Center for Enterprise Preparedness at New York University, the world’s first major academic center dedicated to private sector crisis management and business continuity, is hosting the next phase of working groups in which participants will provide input on the design and development of the Voluntary Public Sector Certification & Accreditation Program, also known as Title IX.
Could this happen to your organization?
Recently, the Department of Information Resources (DIR) for the State of Texas fined IBM $900,000 for failure to complete timely backups as required by its $800 million dollar contract with the State. The fine was prompted by what has been called a server malfunction in the Texas Attorney General’s office that destroyed nearly half of eight months’ worth of documents.
Reports have now surfaced noting that in the months prior to the incident ten other agencies complained about network breakdowns and server backup problems with IBM. As a result, Texas Governor Rick Perry has suspended IBM’s contract to assess the cause and receive a full review and explanation from IBM.
Never assume that your data backup program is going to work when you need it – test, test, TEST!