This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
BCM World Conference
k
k
k
Learning the lessons
I
n his presentation, Gareth Jones MBCI barrier; while in terms of improving result in a subsequent issue occurring.
of KPMG gave a detailed insight into the situation, most called for a more Other issues included the competitive
the many ways of facilitating the prescriptive approach. advantage it can provide and the role that
learning process in the aftermath of an He said that as practitioners, we devote it plays from a governance perspective.
incident. He began by asking delegates a lot of effort to making the case for However, stumbling blocks can include
how often they conducted a debrief after change in our discipline, calling for more the diffi culties of overcoming a ‘blame
an incident. Some 80% said ‘always’, resources, greater levels of professionalism culture’, tackling the issue of unwillingness
just over 18% responded ‘sometimes’ etc. “But if we are not doing the learning to disclose failure and the fact that it will
and the remainder were willing to admit element properly then we are missing a require resources. “No one is saying that
that they never conducted a debrief. Of real case for change.” this process is going to be easy,” Gareth
those who did, Gareth asked in how Citing studies carried out by Toft & warned.
many organisations is the requirement Reynolds on learning from disasters, Turning his attention to the practical
to conduct a debrief a formal statement Gareth highlighted the importance considerations, Gareth said that the
within their BCM policy, to which 42% of “active learning” or “double-loop objective of any debrief should be to
said that it was in their policy. learning”. Simply knowing something generate a frank and critical view of what
Gareth told delegates that he had is not good enough if you are not going went wrong in order to learn from it. This
been involved in researching the issue to use the knowledge to your benefi t. should be conducted within days of the
of learning within the context of BCM. So often, he said, after an incident you event, as the window of information will
His research had focused on how BCM will fi nd people saying “I knew that was close rapidly, and where possible should
manager learn, what processes and going to happen!” to which the obvious be conducted in a neutral environment
tools were used, the role played by response is, “Well, why didn’t you say and with an independent party. The
isomorphic learning, and looked at ways something?” That is why it is important debrief should involve those directly
in which BCM learning processes could to put in place systems to allow you to involved in the incident and those who are
be improved. The research showed that harvest any potential signals of an incident accountable/responsible. The overall aim,
overall BCM learning is generally ad- on the horizon. he concluded, is to “achieve a positive
hoc, with most learning processes not In making the case for deliberate outcome”. It is therefore imperative that
automated. There were mixed conclusions learning, Gareth said that increasingly the process creates a case for change or
in relation to isomorphic learning, with the issue of liability is being raised those involved will become disillusioned
issues of confi dentiality proving a major should failure to learn from an incident with the process.
k k k The cyber crisis
A
r

ather dishevelled-looking James Royds FBCI of and how to protect themselves when online.
Infosec, but bearing an uncanny resemblance to He highlighted the fact that too few organisations are
Bob Geldof, took to the stage to give a passionate aware of the steps which they can take to protect themselves.
speech on the growing threat of cyber crime. Using his From a BCM perspective, he urged practitioners to apply the
‘disguise’ to illustrate the ease with which our identities can same techniques which they apply to other disruptive events
be stolen via the internet, James warned delegates that such to that of cyber crime. “An important step,” he said, “is to
online criminal activities were “raging unchecked along the understand what the causes and the consequences of this
highways of the online world”. disruption are. If we can apply these same techniques to the
He warned that the world was facing a global threat which cyber world them we have grounds for hope.”
was akin to the perfect storm. Cyber criminals, he said, are An effective response, he concluded, requires a collective
conducting their activities on a scale simply not thought approach combining information security practitioners, BCM
possible only a few years ago, with global gains from such professionals and risk managers. “The BCM community needs
acts exceeding that of drug traffi cking at $1trn. One in four to seize the opportunity to help co-ordinate a collaborative
computers, he added, are currently infected with software approach to help tackle this problem.”
which allows the criminal to use the machines for their own
purposes and to extract whatever information is contained
within them. The criminals are “scornful of geographical
boundaries” and are using much more sophisticated
techniques to carry out their criminal acts than the methods
being employed by business and governments to stop them.
Yet despite this, the standard response of most
organisations is to try and sweep the issue under the carpet
– “and as a result the wretched cycle continues!” One of
the primary stumbling blocks in tackling this issue, James
told delegates, is the behaviour of individuals when they
are online. “While they are our greatest asset, we must also
acknowledge that they can be our weakest link.” He urged
organisations to invest in educating and training their staff in
how to operate in a safe manner when on their computers
November/December 2009  Continuity  23
Cont Nov/Dec 09_insides.indd 23 27/11/09 14:13:44
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48
Produced with Yudu - www.yudu.com