Volume Four, Issue Three

SEPTEMBER 11, 2001 IN RETROSPECT: A DECADE ON, WHAT BUSINESS CONTINUITY AND INFORMATION SECURITY LESSONS HAVE BEEN LEARNED?

Author: Thomas Virgona, Ph.D
Abstract: This paper describes research which investigated the impacts of September 11, 2001, on information security and looks at how effective disaster recovery and business continuity prepared to protect information systems were. Despite it being almost a decade since the events reviewed in this paper occurred, many of the lessons are not only current, but have not yet been effectively explored or considered. 

The research examined the impact on information systems security on the disaster recovery effort associated with September 11, 2001.  Specific areas considered included:

• What happened to the systems that day and how did information systems technologists react?
• What changes to the SDLC (specifically humans’ role in disaster recovery design planning) have been implemented since September 11, 2001?
• What lessons were learned?

The expected outcome of the research will be a better understanding of issues facing information security during major disasters.  
Specific findings included:

• One of the major shortcomings in the disaster recovery or continuity of business design was the reliance on humans to ensure that company’s information infrastructure was restored to an operational status. 
• Organizations often create elaborate emergency operations plans, but they fail to develop the capability to implement these plans.  Disaster plans are important, but they are not enough by themselves to assure preparedness.   They can be an illusion of preparedness.
• Informally developed teams are more effective than formal teams. 
• Information policies can’t be stopped during a crisis, but they need to be relaxed.  Due to the human elements and personal relationships, firms need to realize that information system will be changes in an un-controlled manner during a disaster.  How these changes conflict with existing information security and change control policies presents an issue for firms.

PURCHASING NOTIFICATION SERVICES: PART ONE

Author: Dennis C. Hamilton, Hon FBCI
Abstract: In part one of a two part paper, Dennis C. Hamilton discusses difficulties within the notification services industry and problems in the way organizations evaluate and select their service providers.  

PURCHASING NOTIFICATION SERVICES: PART TWO

Author: Dennis C. Hamilton, Hon FBCI
Abstract: In the second part of a two part paper, Dennis C. Hamilton discusses difficulties within the notification services industry and problems in the way organizations evaluate and select their service providers.

Volume Four, Issue Two

THE CHALLENGES IN A CHANGING WORLD: ADOPTING AN INTEGRATED APPROACH TO RISK MITIGATION

Author: Robert Hall
Abstract: In early 2010 The Business Continuity Journal and its sister publication Continuity Central ran a competition seeking to discover the best new business continuity articles and papers. The subject matter of any entry could relate to business continuity, disaster recovery, resiliency management, enterprise risk management, operational risk management or IT continuity. Entries had to be previously unpublished and were judged by a committee drawn from the Business Continuity Journal’s editorial review panel.

This paper was judged to be the winning entry. In it, Robert Hall looks at attitudes to risk within businesses and explains why the balance may be too far on the side of risk avoidance. Business continuity managers may have played a role in creating this imbalance.

The author looks at the concept of ‘value’ within the business and how this can be used to take the business impact analysis further.
Moving forward, taking a holistic approach to risk, its mitigation and management, will deliver real benefits; including the potential for increased market share and innovation.

THE ART OF BCM: SUN TZU, THE FIRST BUSINESS CONTINUITY MANAGER?

Author: Gary Hibberd
Abstract: Gary Hibberd looks at some of the sayings of the famous Chinese general Sun Tzu and explains how they can relate to business continuity management.

This paper was judged to be the runner-up in the recent business continuity writing competition which was run by The Business Continuity Journal and its sister publication Continuity Central.

BUSINESS CONTINUITY PLANS: JUST AN AUDIT EXERCISE OR A BUSINESS RECOVERY PLAN?
Author: Mark Henry
Abstract: Mark Henry challenges business continuity managers to answer some searching questions about their business continuity plans and their real capabilities during a major incident. This paper was short-listed in the recent business continuity writing competition which was run by The Business Continuity Journal and its sister publication Continuity Central.

THE BRAVE NEW WORLD OF RESILIENCY
Author: Joseph E. (Joe) Starzyk , PMP
Abstract: Regardless of size or industry, organizations are dependent upon the continuous flow and processing of information. As business requirements drive organizations to provide faster, broader, 24/7 access to information, the decision about how to best manage and protect this information is a critical focus of both business units and information technology organizations across the globe.

Because today’s near continuous business operations place greater resiliency demands on the underlying IT functions that support critical business processing, it is no longer feasible to separate availability from recovery, business continuity from disaster readiness or system failover from continuous processing. A new, combined business and IT functionality has emerged, necessitating that these functions be addressed with strategies and techniques designed and integrated into a singular, seamless approach.

his enhanced resiliency approach must combine local operational availability with remote disaster recovery in order to provide a more holistic way of managing critical information processing across the business continuum. It should be able to prevent—and at times, even predict—an adverse action that might impact an organization’s ability to transact its core functions and services, helping to ensure that information is available for processing on a continual basis.

This paper was short-listed in the recent business continuity writing competition which was run by The Business Continuity Journal and its sister publication Continuity Central.

THE EFFECTS OF CULTURE AND MANAGEMENT ON HOW CRISIS PRONE AN ORGANIZATION IS
Author: Neil Rogerson
Abstract: This paper provides a critical examination of the effects that culture and management can have on how prone an organization is to crisis. It also analyses the nature of both modern organizations and systems and utilises the case studies of global finance and commercial airliners to illustrate the discussion. The analysis then moves on to what skills teams can adopt to improve their performance before considering some higher level strategies for resilience and what barriers exist to their adoption.

This paper was short-listed in the recent business continuity writing competition which was run by The Business Continuity Journal and its sister publication Continuity Central.

Abstracts for the previous issue: Volume Four, Issue One