BCI webinar: The strategic value of business continuity
What is the value of business continuity? That is a question those working in the profession often grapple with, certainly when attempting to justify its existence to top management. In the latest edition of the Business Continuity Institute's Working Paper Series, Dr Clifford Ferguson explores the issue of strategic value and offers a way forward by integrating business continuity into an organization’s strategic plan.
RecordedAug 5 201560 mins
Your place is confirmed, we'll send you email reminders
Privacy laws regulate the collection, storage and use of data by organisations in many countries globally. Following the proclamation of the Protection of Personal Information Act (POPI) Act into law in 2014, so too will these laws become applicable to South African organisations.
In this digital age, technology plays a pivotal role in shaping the way in which business is done. The objective of this topic is to explore the Cyber Security and Resilience requirements placed on organisations by privacy regulations, and the impact of Cyber Security and Resilience on Business Continuity.
This webinar will touch on the reliance placed on effective Information Security and Cyber Security solutions to ensure compliance, and explore how a breach or failure of Information Security Controls needs to be managed.
Cyber crime has been around for as long as we’ve been connected to the Internet, but in recent times, the criminals behind it are excelling in their creativity and ingenuity with consequences that are more damaging than ever before. Furthermore, the organisations that invest in cyber crime preparedness seem to forever be one step behind as they only get to guess what might be coming.
The price tags of these data thefts, DDoS attacks, ransoms to unblock operating systems, etc. are going through the roof. Therefore, when faced with a cyber crisis, it is critical to demonstrate strong leadership and communicate effectively with all stakeholders to avoid spiralling down to a reputation meltdown.
In today’s global village everyone is connected. The nternet has brought billions of people together, allowing sharing of data, communication and commerce at a scale never imagined before. The value of the internet is clear for everyone to see. Unfortunately, the same internet also allows for cyber hackers and attackers to fight a new war, Cyber terrorism, theft of data and extortion. The attackers hide in plain sight. Working from homes or offices. Sometimes alone, often in syndicates. Even state sponsored cyber terrorism is on the increase.i
Large cyber security companies such as firewall providers and anti-virus vendors are spending millions of US dollars in a constant battle to stay ahead of the cyber threat. Unfortunately, these measures are not always successful in preventing cyber-attacks from occurring as can be seen from recent attack against Primera Blue Cross.
The company, a health insurer based in Washington State, said up to 11 million customers could have been affected by a cyber attack last year. Hackers gained access to its computers on 5 May 2016 and the breach was not discovered until 29 Jan 2017. The breach probably exposed members' names, dates of birth, Social Security numbers, mailing and email addresses, phone numbers and bank account information. The company is currently working with the FBI and a cyber security firm to investigate.
So, given that no matter what you do to protect yourself against the cyber threat, you will probably be attacked or have already been attacked. You therefore need a plan B to allow your business to continue with crucial day-to-day activities after the event.
Lyn Webb, Senior Manager, Regester Larkin by Deloitte
The first defence against cyber attacks is often to impose technical barriers, but how can an organisation’s culture help mitigate the cyber risk? This session will look at the cultural aspects of security, measuring cyber security culture and suggest how behaviour can make us more resilient.
Charlotte Thompson, Senior Manager, and Charles Barlow, Manager, Regester Larkin by Deloitte
Business continuity planning has long helped organisations prepare for, respond to and recover from all types of disruption. Sophisticated and enduring cyber incidents, however, can challenge the planning assumptions many organisations rely on, including recovery time and recovery point objectives. This session will look at how organisations can go beyond traditional business continuity planning to enhance cyber incident readiness.
Take your mark. Get set… and go. What do you do if your organization is faced with a crisis, do you have the necessary steps and procedures to recover from a cyber attack?
91% of APT (Advanced Persistent Threats) begin with spear phishing emails. Cyber criminals increasingly target employees within an organization who have administrative rights and access to critical systems. Successfully phishing these individuals could give them the ‘key’ to breaching security in further attacks.
This webinar will cover five domains to assist the organization to maintain a framework with the ability to deliver the outcomes consistently at all times. These domains focus on preventative, detective and reactive controls within the organization, and form part of the process of having the ability to recover in the event of a crisis.
These five domains will follow the process of identifying, protecting, detecting, responding and recovering, giving a holistic view of the full cycle of infrastructure resilience.
Matt Thomas and Lee Glendon (Ultima Risk Management)
Today’s digitised value chains have a very high dependency on third parties. This exposure is not lost on potential attackers, who will invest resources in researching, identifying and selecting targets among value chain partners. It would be an uneven contest were firms not to take steps to understand these vulnerabilities and ‘value at risk’ themselves. This webinar will set out clear steps that can be taken to understand potential vulnerabilities among third parties and will introduce a lifecycle approach to support robust third party risk management from the start of the relationship through to exit.
Sonny Sehgal (Transputec) and Adam Blake (ThreatSpike Labs)
The greatest threat to the corporate security perimeter now comes not from the outside, but the inside. Social engineering threats such as phishing, malware and ransomware target the weakest link, the human factor. This webinar will expose the techniques of the hackers and offer advice on how these can be combatted to make your business more resilient in the face of the cyber threat.
Roberta Ramsden-Knowles, Director and Charlotte Thompson, Senior Manager, Regester Larkin by Deloitte
This session will focus on how organisations can build senior executive level readiness to respond and recover from sophisticated cyber incidents. It will provide an overview of the threat landscape and consider the differences cyber crises present for senior executives. Participants will learn about some of the challenges faced when responding to a cyber incident and how to overcome them by building readiness in people, structures, processes and plans.
Deepak Singh, President & CEO of Gorisco Solutions
Software Asset Management and compliance is gaining more importance day by day due to the outburst of Information technology and increasing dependency of businesses on IT. Many software licenses are purchased by IT or businesses out of necessity and then forgotten due to its intangible form. Even freeware and open source software are downloaded and used by employees. As Software Asset Management (SAM) involves a lot of complexities, an objective based implementation and management of software assets is very critical. This session will give more insights into SAM and recommended best practices to ensure businesses do not end up getting into legal issues and losing revenues due to ignorance and poor management of software assets.
What are the threats facing your organization? The Business Continuity Institute's annual Horizon Scan Report, in collaboration with BSI, outlines what the main threats are according to business continuity and resilience professionals worldwide, segmented by region, sector and size of organization. Read the report, and if you have questions or want a better understanding of what it means, then makes sure you tune into this webinar.
Owen Miles (Everbridge) & Patrick Alcantara DBCI (BCI)
The Business Continuity Institute (BCI) has just published its latest research project, The Emergency Communications Report. The annual report surveyed over 600 industry professionals, reviewing emergency communications and security incident response plans for organizations around the world. This year’s findings revealed that global businesses are increasingly aware that true business resiliency is a company-wide initiative that involves taking accountability for the safety of all staff—whether they are located in the office, at home or on the road. Respondents indicated that a diversity of departments, including business continuity, IT, security, facilities, HR and more had a stake in the management, planning and enforcement of their organization’s emergency communications plans, but that an opportunity exists to optimize these processes to account for a global, mobile workforce, as well as the increased complexity and frequency of critical events and physical security incidents.
Join Owen Miles, Managing Consultant from Everbridge, and Patrick Alcantara DBCI, Senior Research Associate at the BCI and the author of the report, for an engaging webinar that will discuss the research findings and share additional best practices for critical communications.
Despite many business and technology innovations, business frictions still exist. Key business frictions drive delays, costs and risks.
In this presentation, we examine the dimensions of business friction and attributes of blockchains that can break the status quo. Blockchains can vaporize business frictions, redefining the structure of future business networks and creating new opportunities for business transformation
As this transformation unfolds, three things will change: a new science of organizational management, the tightening of trust and a new nexus for value exchange will emerge
And finally, as companies seize the opportunity available to them, businesses can take few steps to best extract value from blockchains. And as the risk of doing business reduces, as the risk of formal financial reporting reduces, Business Continuity and Resilience is assured. Disaster Recovery becomes key to ensuring Blockchain delivers on its promise.
Join Veteran Commander Pradeep Prasad, Chairman of BCI Bengaluru Forum for an engaging webinar that will demystify Blockchain for the audience.
Nick Wildgoose and Tim Astley (Zurich Insurance Group)
In this session, Nick Wildgoose Global Supply Chain Product Leader and Tim Astley Regional Practice Leader Strategic Risk & Business Resilience will summarise the key points from the latest BCI Supply Chain Resilience Survey and talk about a number of key actions that can be taken improve the risk picture. These will include:
- How do you approach getting Executive support for a supply chain risk program
- The importance of having a comprehensive approach to supply chain risk management
- The increasing role of technology and big data in understanding supply chain risk
There has always been change in our profession. We originally started by implementing disaster recovery programmes. Soon after that, the businesses realized that the people aspect of recovery was needed as well. The results were the beginning of business continuity programmes. DR and BC have worked together almost two decades now with great success. We are now at a major transformation point again. Business continuity is now sharing more information and interacting more with security and compliance groups.
This session will go over what most of us already have in place, what we will need to add, and how all three groups interface together to provide a new resilience program for your environment. The goal of this session is to show the interactions between risk management, business continuity, security and compliance that form the components of a resilience programme.
Business continuity can be a high pressured role at times, with many decisions having to be made under that pressure. It is important to be able to manage it effectively and so ensure the right decision is taken, whatever the circumstances. In this webinar, Paul Breed MCBI presents a decision making model which includes:
Information - (Fact, Assumption, Gaps - urgency)
Threat and Risk Assessment - based on Identity, Capability, Intention
Development of a Working Strategy - that dovetails the Threat and Risk Assessment
Options - ideally from a predetermined tactical menu that reduces time critical decision making
Action - based on the agreed option together with contingencies
Review - constantly review the decision especially when new information comes to light
The frequency of cyber-attacks continues to increase at an unparalleled pace. By attacking the most vulnerable value chains of organizations, they result in information confidentiality & integrity breaches, discontinuity of business activities and huge damages. Once considered predominantly as a technological issue, the risks related to the information systems are now evaluated within the Enterprise Risk Management scope. On the other hand, traditionally, Business Continuity Management (BCM) is mostly treated as a domain separate from Information System Security Management (ISSM). With the rapid explosion of cyber threats, the alignment between BCM and ISSM is now becoming a must, in order to provide management with a holistic view and enabling them to implement organizations where the teams closely interact with each other.
It goes without saying that the organizational part of security and BCM is the key for a successful implementation, yet the information system (IS) part needs to also be addressed in an efficient way. Various standards and frameworks exist to help organizations implementing a BCM, but they lack a strong link with the governance, architecture and security of the IS. In this webinar we will introduce very briefly an innovative approach and describe the first steps for the linkage between the two worlds, enabling an efficient implementation of BC based on an architectured and secured IS.
Ce webinaire présentera les bénéfices pour les organisation de s’aligner sur la norme ISO 22301 et de la certification à la norme ainsi que les bénéfices pour les individus de connaître la ISO 22301. Le webinaire présentera également la formation offerte par le BCI pour améliorer sa connaissance de cette norme et comment avoir une approche étapiste en vue de certifier une organisation en utilisant l’outil d’auto-évaluation. Ces formation et outil ont été développés par ICOR, le International Consortium for Organizational Resilience.
Marie-Hélène Primeau est formatrice pour le BCI et enseigne les cours ISO 22301 Lead Auditor. Sa firme, Premier Continuum, a aussi intégré l’outil d’auto-évaluation ISO 22301, développé par ICOR, dans son logiciel de continuité ParaSolution et le distribue sous licence.
This webinar will present the benefits of aligning to the ISO 22301 standard and of the certification to the Standard for an organization as well as the benefits for individuals to be knowledgeable on the ISO 22301. It will also present the training course offered by the BCI to improve knowledge of this Standard and a staged approach to certification with the self-assessment tool. The training and tool were developed by ICOR, the International Consortium for Organizational Resilience.
Marie-Hélène Primeau is a BCI instructor and teaches the ISO 22301 Lead Auditor Course. Her organization, Premier Continuum, has also integrated ICOR ISO 22301 Self-Assessment Tool in its BCM Software ParaSolution and distributes it under license.
Patrick Roberts is a Director of Cambridge Risk Solutions Ltd and has been an MBCI since 2007. In this webinar he looks back at some of his CPD activities over the last ten years, ranging from courses and conferences to books and journals. Although CPD within the BCI is now much more structured, and many more courses are available; he argues that some of the avenues that he has pursued may still be of value to future generations of business continuity practitioners.
The Business Continuity Institute (BCI) is the world’s leading institute for business continuity. Established in 1994, the BCI has established itself as the leading membership and certifying organization for Business Continuity (BC) professionals worldwide. The BCI currently has over 8,000 members in more than 120 countries.