Board Risk Oversight / Business Continuity / Banks Return to Financial Products Linked to 2008 Credit Bubble

By: Ben J. Carnevale Is the passage of time erasing our memories of the risk management failures committed by so many of our major economic institutions during the 2008-2009 financial crises? A recent article posted in Business Week entitled “Behold the Ghosts of Bubbles Past” would certainly seem to indicate that to be the case. This article listed several events which would seem to imply that business continuity planners perhaps needed to quickly re-evaluate their business impact assumptions and even consider re-writing many of their disaster preparedness strategies related to … [Read more...]

BS25999 to ISO 22301

by Lisa DuBrock In May 2012, the International Organization of Standards (ISO) released a new standard for Societal Security, ISO 22301:2012.  This standard is intended to provide the global continuity community a baseline standard for best practices in business continuity management systems. The new standard is expected in the near future to replace BS 25999-2:2007.  This standard developed by the British standards Institution is closely aligned with the Business Continuity Institute's – Good Practices Guideline. It is expected that in the near future, BS 25999 will be retired.  … [Read more...]

ISO 22301 BCM Elements Mapped to Other Related Business Continuity Standards

The table below represents a methodology of how the ISO 22301 standard can be shown to be in relationship with other business continuity related standards regarding the creation of an integrated management system within an organization. The “BCM System Element” titled column in this table represents a listing of the normal components that more or less all business continuity management (BCM) standards propose to represent. All of the other columns attempt to list or identify where in each standard listed you will find in what section or chapter reference each basic BCM System Element is … [Read more...]

Data Breach Calculator Tool Available

If your risk management team is trying to put objective measurements to the business impact analysis scenario of what if a data breach exposure happened to your company ----then you might want to visit the website. This data breach calculator, offered by the Symantec group, asks you to answer ten (10) questions which with your answers ---then it presents a unique analysis report that will show you: (1) your company’s risk for a data breach, (2) your company’s estimated average cost per compromised record, and (3) your company’s average cost per breach. This … [Read more...]

Free Smartphone Downtime Cost Calculator Available

Recently one of our staff members came across a website offering a free Downtime Cost Calculator application for smartphone users.  We would like to share that link with our readers and hopefully, when performing your next business impact analysis exercise or participating in your organization’s business continuity team meeting to review or improve your existing BC/DR plan this DT Cost Calculator application will come in handy….. Click here for more information and to reach the links to both Android and iPhone application downloads… If applicable, please pass this information along to … [Read more...]

ISO 27001’s Annex A.14 Helped by BS 25999-2

The Information Security and Business Continuity Academy (IS&BCA) offers a webinar that may address a situation facing some of our readers.  The issue at hand may affect organizations planning to evaluate or currently implementing ISO 27001 – e.g. Annex A.14 of ISO 27001 requires a business continuity management control – but, doesn’t provide details about how to have or implement such a business continuity management system in your organization. This is where BS 25999-2 fits in – it describes all the steps for business continuity, from writing the BCM policy to performing the business … [Read more...]

Business Continuity Planner — Career Guidance Offered

  Our staff recently has received several comments/inquiries from readers interested in receiving business continuity planner career information. In response, our staff would like to refer to the information presented on the website. Some of the most frequently asked questions regarding  the pursuit of a business continuity planner’s career are: What is a business continuity planner’s job description? Example answer:             Develop, maintain, or implement business continuity and disaster recovery strategies and solutions, including risk assessments, … [Read more...]

Social Media and Shifting Business Leaders Attitudes toward Business Impact Analysis

This observation should matter to most of our readers because most of our comments on this topic seem to indicate that at the end of the day, social media is about people, not technology. The value of social media also does not come from social software or from just having a well-designed and Google-aligned website. Its value stems from how business leaders, from senior executives to managers, use the social media dynamics to foster new collaborative activity leading to improved and value-added business performance. What Bradley and McDonald stress in their article is the fact that … [Read more...]

Self-Assessment Cyber Security Evaluation Tool from DHS Offers SMB’s Free Benchmarking Status Against Standards

As previous postings on this website have indicated, the topic of cyber security threats rank highly in most business impact analysis and risk assessment analysis reports written by most organizations (if not all of them).  The concern to mitigate those threats remains an ongoing and increasingly difficult challenge for information security professionals around the world. Today, a stand-alone desktop software tool to assess the cybersecurity status protection of internal control system networks is now available free of charge from the US-CERT division of the Department of Homeland Security … [Read more...]

E-Discovery’s Frontier of Social Media

In several past postings on this website, the risk management concerns for organizations regarding e-discovery have for the most part involved e-mails and the context of postings by individuals.  However, in an article written by Alison Frankel and posted on the Thomson Reuters News & Insights website, a new direction for e-discovery litigation proceedings is requiring litigants to provide access to their social media accounts and to preserve their posts in those accounts. As Ms. Frankel states, “…It’s no giant leap from that kind of ruling to a looming problem for businesses.  As … [Read more...]