Robert Osten

Gartner, Inc. has identified seven emerging security and risk management trends that will impact security, privacy and risk managers over time. Gartner defines the top trends as ongoing strategic changes in the security ecosystem that are not yet widely recognized, but are expected to have a broad impact on the industry and a significant impact. According to Gartner, the seven most important trends for security and risk management are for 2019 and beyond: Trend #1: Risk appetite statements are linked to business results. As IT strategies become more closely aligned with business objectives, the ability of Security and Risk Management (SRM) executives to effectively present security issues to key decision-makers in the organization is gaining in importance. "To avoid focusing solely on IT decision-related issues, create simple, practical, and pragmatic risk-taking statements that are related to business objectives and relevant to board level decisions," said Peter Firstbrook, research [...]

Looking to 2019, directors and C-level executives around the world are very concerned about their company's ability to transform operations and infrastructure to compete successfully with born digital companies. This is the result of the "Executive Perspectives on Top Risks 2019" survey conducted by the global consulting firm Protiviti in collaboration with the Enterprise Risk Management (ERM) Initiative of the North Carolina State University Poole College of Management. The challenges of succession in senior management, followed by tighter regulatory changes and controls, rounded off the three most important concerns. The survey examines the concerns of 825 board members and executives worldwide in a variety of industries. This year's results show a significant increase in digital readiness concerns, catapulting them from 10th place in 2018 to 1st place in 2019. This leap shows that digital agility and scalability are essential for businesses. Established companies are struggling to compete with [...]

Preparing for cyber attacks is often a shortcoming in many organizations. In this article, we look at how to develop an effective incident response plan and give an overview of five steps that should be taken during an incident. It's the call that IT teams fear: An employee reports that his PC screen is flashing red with a message telling him that his files are encrypted and that he has to pay a ransom to decrypt them. What should they do next? The actions the company takes in the next few minutes and hours will determine how large - or small - the impact of the cyber attack will be. In addition, a cyber attack not only negatively impacts the company's physical IT systems, it also causes stress and puts pressure on employees. A recent paper published by the University of Haifa found that cyber attacks have a [...]

Decision making in an emergency or even a crisis is an art. The decision-makers are either simply good at it or in the end are only lucky to know who to call. However, the right decision is often made for the wrong reasons! For those who know that they are not brilliant at making decisions or do not want to rely on their luck, I have looked at simple tools and techniques that are easy for emergency teams to understand and therefore applicable during an incident. One of the tools that many try to use and adopt is the UK Police National Decision Model (NDM). Many business continuity consultancies teach a civil version of it. It's a little too complex for me and I'm still looking for something simpler. Looking for insights and tools for decision making, I came across an excellent paper by Carolyne Smart and Ilan [...]

The heads of state and government of the remaining 27 EU member states have adopted the Brexit treaty package with Great Britain. This was announced by EU Council President Donald Tusk on Twitter on Sunday. They approved the treaty of resignation and a political declaration on future relations between the EU and the UK. Now there are a lot of things to settle. It provides for a transitional period until the end of 2020, which could be extended until the end of 2022. During this period, there will be virtually no change for business and citizens on either side. But the British Parliament has yet to vote on the Brexit package in the first half of December. The approval is considered questionable. British Foreign Secretary Jeremy Hunt told the BBC it would be a challenge to get the deal with the EU through Parliament. The EU Commission [...]

The ISO standard ISO 22301:2012 was published in May 2012. It is the world's first international standard for Business Continuity Management (BCM) to help organizations reduce the risk of business interruption from any source. The International Standard replaces the British Standard BS 25999. ISO Standard 22301 specifies the requirements for planning, establishing, implementing, operating, monitoring, checking, maintaining and continuously improving a documented continuity management system in order to prepare for, react to and recover from business interruptions. The requirements specified in ISO 22301 are general, analogous to ISO 31000, because they should be applicable to organisations (or parts thereof) of any kind, regardless of size or industry. The scope of applicability of the defined requirements depends on the operating environment and complexity of the organisation. ISO 22301 is applicable to all organizations that: want to set up, implement, maintain and improve a BCM; want to ensure compliance [...]