Browsing articles in "Blog"

Embrace ISO 27001

Oct 15, 2015   //   by David   //   Blog, Information Security  //  No Comments

‘Info Sec sits with the IT Department’, is a comment I hear regularly from clients in the Business Continuity area.  Of course in many organisations it does. The risk for those of us who specialise in BC is that Information Security becomes more and more important to Executives and Business Continuity gets pushed to the bottom of the heap.

Again a trend I see when doing supply chain reviews for clients is that companies who have ISO 27001 say that their BC plan complies with that Standard and that is sufficient. They have no interest in achieving ISO 22301 as what they have already complies with a Standard.

And guess what?  Most companies are happy to accept that as sufficient evidence of their supply chain being suitably covered!

Selling the need for Information Security (Or ISO 27001) is fairly easy, the fear factor works a treat here! You just need to list the hacks and leaks; Sony, Ashley Madison, various banks and many more.

Selling BC is a more difficult matter.  Yes you can cite plenty of examples of incidents but they rarely hit home in the same way.  That can often be because the media loves to focus on security breaches. For example the New York Times had 700 stories about security issues last year!

So is ISO 27001 a threat or a benefit to those of us who come from a BC background? Well the obvious answer is that it is both!

Just look at our own Institute’s threat survey which showed that cyber-attacks were the number one threat, if that is what our responders are saying we must address their concerns.

What if you don’t know about Information Security though?  You may have no technical background and it may mean little or nothing to you when the jargon starts to roll out.

Actually you know more than you think!  Step back a little, all of us in the BC world know a great deal about running exercises. And they will have covered just about any issues you want to name; fire, flood, plague of frogs (a very specialist one that!), pandemics and many more.  A security breach is just another incident so if you want to start showing how much value a BC person can add, try running an exercise on a security breach.

You can easily Google information to give you a good technical sounding starting point or someone in IT can explain how a breach could occur if you don’t know yourself, but in the end our exercises often start by simulating the response AFTER an event. Given that, the ‘how’ isn’t always so critical.

The key focus should be on reputational damage at one end and steps to prevent a repeat at the other.  This is a good chance to test how well your Comms spokesperson can respond to the firestorm that will happen in the media and on Twitter. Your reputation is at risk and a poor response can be catastrophic.

It is also a chance to put your IT Department under pressure on how they would cope!




Being more involved

An exercise is a good start as a BC person but what next?  Well good security is more than technical prevention.

Many, many breaches are caused by human decisions and errors. Opening attachments which hide viruses and clicking on links. Good information security follows the 90/100 rule. 10 percent of security is technical and 90 percent relies on you to adhere to policies and good practices.

For example, the lock on the door is 10 percent. You remembering to lock it, checking to see if it is locked, ensuring others do not prop the door open, and keeping control of keys is 90 percent.

So get a copy of ISO 27001:2013, read the requirements, be surprised at how much you recognise and begin to work on adding it into your BIAs and BCPs.

Embrace ISO 27001 and turn a threat into an opportunity!

Ebola crisis: World ‘dangerously unprepared’ for future pandemics

Jan 28, 2015   //   by David   //   Blog, Pandemics  //  No Comments

A fascinating article on the BBC website which I have in full here.  Shows how unprepared we are…

Ebola crisis: World ‘dangerously unprepared’ for future pandemics

World Bank Group President Jim Yong Kim delivers Georgetown University's inaugural Global Futures lecture on Ebola virus in Washington. 27 Jan 2015
Jim Yong Kim was delivering the inaugural Global Futures Lecture at Georgetown University
The world is “dangerously unprepared” for future deadly pandemics like the Ebola outbreak in West Africa, the president of the World Bank has warned.

Jim Yong Kim, speaking in Washington, said it was vital that governments, corporations, aid agencies and insurance companies worked together to prepare for future outbreaks.

He said they needed to learn lessons from the Ebola crisis.

More than 8,500 people have died, most in Sierra Leone, Guinea and Liberia.

“The Ebola outbreak has been devastating in terms of lives lost and the loss of economic growth,” Mr Kim told an audience at Georgetown University.

“We need to make sure that we get to zero cases in this Ebola outbreak. At the same time, we need to prepare for future pandemics that could become far more deadly and infectious than what we have seen so far with Ebola. We must learn the lessons from the Ebola outbreak because there is no doubt we will be faced with other pandemics in the years to come.”

‘Insurance policy’

Mr Kim said the World Bank Group had been working with the World Health Organisation (WHO), other UN agencies, academics, insurance company officials and others to work on a concept of developing a financial “pandemic facility”.

He said he expected a proposal for this to be presented to leaders of developed and developing countries in the coming months.

Mr Kim said the proposal would probably involve a combination of bonds and insurance plans but that, in some ways, the facility could be similar to a homeowner’s insurance policy.

“This could work like insurance policies that people understand, like fire insurance,” he said.

“The more that you are prepared for a fire, such as having several smoke detectors in your house, the lower the premium you pay.

Workers prepare for burial for victims of Ebola virus, in Monrovia, Liberia. 5 January 2015
The WHO says there have been more than 21,700 reported cases of Ebola in the outbreak

“The more that countries, multi-lateral institutions, corporations and donors work together to prepare for future pandemics – by building stronger health systems, improved surveillance and chains of supply and transportation, and fast-acting medical response teams – the lower the premium as well.

“That would benefit donors and others who would pay the premium, but the greatest benefit would be that market mechanisms would help us to push improvements in our preparedness for epidemics.”

He said that one possible outcome of a pandemic facility would be a stronger World Health Organisation. He said disease-control agencies in developing countries could also develop greater capacity.

Mr Kim said informal talks on the subject had also been held at last week’s World Economic Forum in Davos, Switzerland.

Slow response

His talk, “Lessons from Ebola: Toward a post-2015 strategy for pandemic response”, was the inaugural Global Futures Lecture at Georgetown.

Correspondents say there is general acknowledgement among governments and global health agencies that the international response to the Ebola crisis was belated and disorganised.

The WHO recently announced a series of reforms, admitting that it had been too slow to respond to the outbreak in West Africa.

At an emergency session in Geneva, director-general Margaret Chan said Ebola had taught the world and the WHO how they must act in the future.

She said the corner had been turned on infections but warned against complacency.

Reforms announced included a dedicated contingency fund “to support rapid responses to outbreaks and emergencies”.

There would also be improvements in international co-ordination and greater support for countries that needed to respond quickly to emergencies.


Bird Flu in Europe

Nov 18, 2014   //   by David   //   Blog, Pandemics  //  No Comments

As the migrating birds arrive they are being blamed for transmitting H5N? (we don’t know the designation yet) from Holland to the UK.  A duck farm in Yorkshire is facing the slaughter of all its stock and there is an exclusion circle imposed.  It is good that action has been taken so quickly and the threat to the UK’s human population remains very low.  Outbreaks happen world wide on a regular basis.  Again there is no reason to suspect this will start an outbreak amongst humans.

I know it is never funny, but I couldn’t resist this cartoon!

Duck cartoon