Uncategorized

It is a game of speculation. Which security-related, social or political incidents could shape the year 2019: Drone incident / accident at an airport. With the increasing spread of privately and commercially used drones, it can be assumed that accidental or intended incidents with drones will occur. At least one serious accident of drones with aircraft or airports is to be expected. Long-term cold weather with impairment of gas supply and restrictions in shipping, especially inland shipping and North-East Sea. The last flood on the Elbe or Rhine with extensive flooding was already six years ago - in the next four years there will presumably be a further flooding situation across federal states. Major demonstrations in the area of conflict between infrastructure and energy generation such as Hambacher Forst, Stuttgart 21 etc. lead to significantly longer and more complicated planning and implementation processes of large-scale and small-scale projects [...]

Completeness and timeliness: The list of all business impacts considered must be complete. In day-to-day business, the focus is primarily on operational details. The overall view is thus lost to a certain extent. In the strategic dimension of Business Impact Analysis (BIA), it is very important not to overlook assets or risks. Without a complete list of all processes involved, it is not possible to describe all risks and dependencies. It is crucial not only to consider the existing documentation situation, but also to make a target/actual comparison between documentation and reality. Undocumented processes such as "shadow IT" can represent an incalculable risk - those who do not include them in their business impact analysis have white spots on their map. Even outsourced processes must be considered. The same is true for up-to-dateness. The processes listed in the Business Impact Analysis must be up to date. Depending on [...]

Looking to 2019, directors and C-level executives around the world are very concerned about their company's ability to transform operations and infrastructure to compete successfully with born digital companies. This is the result of the "Executive Perspectives on Top Risks 2019" survey conducted by the global consulting firm Protiviti in collaboration with the Enterprise Risk Management (ERM) Initiative of the North Carolina State University Poole College of Management. The challenges of succession in senior management, followed by tighter regulatory changes and controls, rounded off the three most important concerns. The survey examines the concerns of 825 board members and executives worldwide in a variety of industries. This year's results show a significant increase in digital readiness concerns, catapulting them from 10th place in 2018 to 1st place in 2019. This leap shows that digital agility and scalability are essential for businesses. Established companies are struggling to compete with [...]

Preparing for cyber attacks is often a shortcoming in many organizations. In this article, we look at how to develop an effective incident response plan and give an overview of five steps that should be taken during an incident. It's the call that IT teams fear: An employee reports that his PC screen is flashing red with a message telling him that his files are encrypted and that he has to pay a ransom to decrypt them. What should they do next? The actions the company takes in the next few minutes and hours will determine how large - or small - the impact of the cyber attack will be. In addition, a cyber attack not only negatively impacts the company's physical IT systems, it also causes stress and puts pressure on employees. A recent paper published by the University of Haifa found that cyber attacks have a [...]

Decision making in an emergency or even a crisis is an art. The decision-makers are either simply good at it or in the end are only lucky to know who to call. However, the right decision is often made for the wrong reasons! For those who know that they are not brilliant at making decisions or do not want to rely on their luck, I have looked at simple tools and techniques that are easy for emergency teams to understand and therefore applicable during an incident. One of the tools that many try to use and adopt is the UK Police National Decision Model (NDM). Many business continuity consultancies teach a civil version of it. It's a little too complex for me and I'm still looking for something simpler. Looking for insights and tools for decision making, I came across an excellent paper by Carolyne Smart and Ilan [...]

The term robustness refers to systems that maintain their function despite fluctuating operating or manufacturing conditions, i.e. they are insensitive to interference. The system is in a stable state. This behaviour is also called the "principle of safe existence / safe life behaviour". This is achieved by taking fluctuating operating conditions into account and tolerating them at the design stage. Example: Antifreeze in windscreen wiper water for a temperature range from -20° C to 60° C The increasing specialisation of products is proving problematic. In the above example, not only one product is available on the market, but several have different specifications: Product A for a temperature range from - 15° C to 50° C Product B for a temperature range from - 18° C to 45° C Product C for a temperature range of - 10° C to 55° C Product D for a temperature range from [...]

The heads of state and government of the remaining 27 EU member states have adopted the Brexit treaty package with Great Britain. This was announced by EU Council President Donald Tusk on Twitter on Sunday. They approved the treaty of resignation and a political declaration on future relations between the EU and the UK. Now there are a lot of things to settle. It provides for a transitional period until the end of 2020, which could be extended until the end of 2022. During this period, there will be virtually no change for business and citizens on either side. But the British Parliament has yet to vote on the Brexit package in the first half of December. The approval is considered questionable. British Foreign Secretary Jeremy Hunt told the BBC it would be a challenge to get the deal with the EU through Parliament. The EU Commission [...]

The ISO standard ISO 22301:2012 was published in May 2012. It is the world's first international standard for Business Continuity Management (BCM) to help organizations reduce the risk of business interruption from any source. The International Standard replaces the British Standard BS 25999. ISO Standard 22301 specifies the requirements for planning, establishing, implementing, operating, monitoring, checking, maintaining and continuously improving a documented continuity management system in order to prepare for, react to and recover from business interruptions. The requirements specified in ISO 22301 are general, analogous to ISO 31000, because they should be applicable to organisations (or parts thereof) of any kind, regardless of size or industry. The scope of applicability of the defined requirements depends on the operating environment and complexity of the organisation. ISO 22301 is applicable to all organizations that: want to set up, implement, maintain and improve a BCM; want to ensure compliance [...]