Business Impact Analysis

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

Modern Hospital Alarm and Response Planning

By |2021-09-24T16:37:49+02:00 24 September, 2021|Interest, Norms & Standards|

Hospitals are specialized healthcare enterprises that operate either for profit or as a public legal entity. Crisis management in hospitals is also known as "hospital alert and response planning" (german: Krankenhaus Alarm- und Einsatzplanung KAEP), this has its roots in the need to increase treatment capacity. Examples of this are mass casualty incidents (MCI) or sick cases, where the hospital has to care for significantly more patients than in regular operation. Also described in the KAEP are measures to deal with functional failures, such as power outages. Hospital processes require personnel as well as resources embedded in an organization. Support from resources such as electricity, water, sewage, hygiene, IT, materials, medicines, etc. is required with the highest availability. Organizational, billing and documentation processes occur in parallel. The intersection between a hospital and a company from a business continuity management perspective is therefore very large. The Criticality Ordinance of [...]

Comments Off on Modern Hospital Alarm and Response Planning

Embedding resilience into your cloud-based modernization strategy

By |2021-08-24T08:21:15+02:00 24 August, 2021|Interest|

As part of transformation and modernization strategies, enterprises are increasingly adopting cloud-first strategies. This provides an ideal opportunity to embed resilience. Consider three core components of modernization: people, applications and IT. "We don't know of any vendor or service provider today whose business model and revenue growth is not impacted by the increasing adoption of cloud-first strategies." Those were the words of Gartner analyst Sig Nag, commenting on the company's recent finding that the public cloud services market grew an astounding 17.5 percent in 2019 to a total of $214.3 billion. While the cloud is transforming businesses of all types, a key aspect of its appeal to traditional enterprises in particular is the role it plays in modernizing existing IT structures. In particular, migrating existing IT to an Infrastructure-as-a-Service (IaaS) model can be a blessing to comprehensive modernization strategies, with pay-as-you-use pricing structures helping to streamline and scale [...]

Comments Off on Embedding resilience into your cloud-based modernization strategy

How COVID-19 is changing the future of cyber resilience through remote working

By |2021-08-23T15:43:38+02:00 23 August, 2021|Interest|

One of the clear impacts of the COVID-19 pandemic is that it has forced many organizations to resort to remote work; and this could have an irreversible impact on future work practices - and cyber resilience. The COVID-19 crisis will undoubtedly have a lasting impact on the way most organizations operate, as work life and operational structures are forced to change dramatically. One of the most obvious changes brought about by the COVID-19 pandemic is the increase in remote work. This development, brought about by the need to reduce physical contact and the spread of infection between people, is likely to remain a feature of modern life even after the worst of the pandemic is over. A key reason for this changing dynamic is that COVID-19 has shown many companies the benefits of virtual online communications. In particular, many companies have seen how effective remote work can be, [...]

Business continuity management as the key to cyber security

By |2021-08-19T08:37:59+02:00 19 August, 2021|Interest|

Resilience to cyberattacks requires much more than protective, defensive security tools and training. Resilience is also about the ability to recover quickly. Therefore, it must always include business continuity management activities. It's time to redefine the role of chief information security officers (CISOs) and budget accordingly. Although prevention is key to limiting cyberattacks, the question is whether it alone is enough. Cyberattacks are constantly increasing in number and severity. A chief information security officer is responsible for prevention, but we believe a CISO should also feel responsible for business continuity and crisis communication: The ability to respond so the business can return to business as usual as quickly as possible is a much more realistic goal than preventing attacks entirely. The goal: Detect, respond, recover and improve. But how can an organization respond to an attack while still planning for its future? By not separating preventive measures and [...]

Comments Off on Business continuity management as the key to cyber security

“New Normal” – Really that new?

By |2021-08-18T13:58:00+02:00 18 August, 2021|Interest, News|

In many places, life with and after SARS-Covid-19 is currently being described as the new normal. But much of what is supposed to be "new" is not so new. I dare to take a look back. The call of the tower guard: "Close the gates" announced imminent danger. The "lockdown" was the consequence. Isolation and waiting (historically: quarantine = 40 (itl. quaranta) days waiting period for ships entering the port of Venice to protect the narrow city from epidemics) were always the first step to ward off an epidemic. So far, nothing new. But behind the term "New Normal" lies the question of how to shape the future. And not just in dealing with a pandemic event. In terms of business processes, this means formulating modified requirements for business continuity management (BCM). Because closing the gates and waiting will have consequences: Necessary movements of people and goods are [...]

Is COVID-19 really a “Black Swan”?

By |2021-08-18T13:27:29+02:00 18 August, 2021|Interest|

Many commentators referred to the COVID-19 pandemic as a "Black Swan" event. However, this is a misunderstanding of what a Black Swan actually is. Understanding the difference moves COVID-19 from the list of events for which governments and organizations could not prepare to the list of events for which they should have prepared. What are Black Swans? The theory of Black Swan events was developed to categorize unpredictable high-impact events. Nassim Nicholas Taleb first proposed the term in his 2001 book Fooled by Randomness. In 2007, he expanded the concept in his better-known book, "The Black Swan." According to Taleb, a Black Swan event has three characteristics: "First, it is an outlier, being outside the range of regular expectations, because nothing in the past can convincingly point to its possibility. Second, it has an extreme impact. Third, despite its outlier status, human nature lets us concoct explanations for [...]

Risk perception

By |2021-07-05T07:59:42+02:00 5 July, 2021|Interest|

Have you ever wondered why an event usually has to happen before action can be taken? Why it is only after an event that precautions are taken to ensure that the impact of such an event is not so far-reaching should it occur again? This question is addressed in this blog article. First and foremost, in order to address a risk, it must be known. In some companies, this is proactively investigated and risk analyses and business impact analyses are done. But why are some risks not taken seriously or addressed, even though they may be known? To begin, let's review how risk is defined in emergency and crisis management. A risk is the probability/frequency of occurrence of a certain event times its damage extent/potential. The various risks are classified in a risk matrix, which is used as an assessment template.   Fig. 1: Risks mapped in a [...]

Climate change as a business risk?

By |2019-07-03T10:02:08+02:00 3 July, 2019|Uncategorized|

Climate change and its consequences are painfully felt in many areas and increasingly pose a threat to people and the environment. According to the German Weather Service (DWD), "around 9% more precipitation falls over the year than 140 years ago". The increase in heat waves and hot days can also be clearly seen in the climate report of the German Weather Service (source: bkk.bund.de). Direct consequences of the climatic changes are weather extremes such as heavy rain (or snow), heat (or extreme cold) as well as increasing storms. They have an increasing impact on infrastructure, health, water resources, ecosystems, and much more. In the future, companies will also have to deal even more thoroughly with the possible effects and consequences of climate change. In May of this year, heavy rainfall caused the ceiling of a hospital delivery room to collapse and, at some point, electricity to fail. It [...]

Comments Off on Climate change as a business risk?
Go to Top