News
buSiNeSSeS muSt re-focuS Security effortS
eu prepareD for poteNtial gaS criSiS
Deloitte study reveals failings in response to growing
information security threat
Gas Coordination Group assesses emergency response
measure following January crisis
Many consumer business organisations are not focusing on the
right areas to best respond to threats, according to the inaugural The Gas Coordination Group, chaired by the Commission,
Deloitte Touche Tohmatsu (DTT) 2009 global Consumer Business has conducted an analysis of all elements of the
security study, “Security can’t be discounted”. Infrastructure, preparedness of the EU and the Energy Community for a
security governance, insider threats, and budgets are among potential supply disruption in the Winter 2009/2010. The
the areas that need to be re-examined in light of the current group examined the gas consumption and storage levels in
information security threat environment, the study reveals. the EU and assessed emergency responses that have been
“Consumer business organisations are the ‘front lines’ when put in place by the members since the January 2009 gas
it comes to customer information because of the amount of crisis.
personal and financial data with which they are entrusted,” In particular, the group noted the full levels of storages
says Adel Melek, DTT global security, privacy & resiliency in almost all member states and that a number of short-
leader. “Our study found that the industry needs to re-focus term commercial agreements have been put in place to
its information security efforts to best respond to increasingly cover for the emergency case in those countries most
sophisticated and innovative threats.” hit by the January crisis. New reverse flow projects have
The DTT study reveals that, in many areas, consumer been identified and are being implemented. The European
business organisations are simply not focusing on the right areas Recovery Plan provides a stimulus of €1.44bn for new
to best respond to the threats that face them: gas interconnectors and reverse flow projects. In addition,
• Many organisations still consider information security industrial gas demand has dropped in 2008/09 due to the
primarily a technology infrastructure issue. 51% of economic crisis. Gas and LNG prices have come down at
respondents identify their top security initiative for 2009 as European hubs.
security infrastructure improvement. The group noted the need to coordinate emergency
• Respondents are placing a less prominent focus on security planning and implement the necessary infrastructure projects
governance – 53% of respondents are operating without for the security of supply together with regional partners.
an approved security governance structure, despite the fact Previously, in its October meeting the Group assessed the
that security governance helps to ensure that proper security progress of various regional gas initiatives, including joint
controls are in place. emergency planning.
• Managing insider threats receives a low ranking among The Commission also invited members of the Gas
top security initiatives for 2009 – only 10% of respondents Coordination Group to run supply disruption scenarios at EU
identify it as their top priority, despite acknowledging that and regional levels to identify the best possible responses to
people, including third parties, are their organisations’ a disruption of gas supplies.
weakest link.
The study also found that only 9% of respondents have
an enterprise-wide business continuity plan that has been
documented and approved for all critical functions. But this correctioN
is not a state that respondents are satisfied with, since disaster
recovery is the second most-mentioned security initiative for In the “Pulling on the supply chain” article in the
2009. September/October issue of Continuity, we incorrectly
The study is based on discussions with information attributed the Culturetrack® system referred to in the piece
technology executives and information officers of global to West Sussex County Council. The system has, in fact,
consumer business organisations, and includes perspectives been developed by Fast Track Consulting Ltd.
and commentary from Deloitte member firm subject matter
experts.
New iNterNatioNal riSk StaNDarD releaSeD Kevin W Knight, chair of the ISO working group that
developed the standard explains: “All organisations, no matter
iSo 31000 provides framework for systematic management how big or small, face internal and external factors that
of risk
create uncertainty on whether they will be able to achieve
their objectives. The effect of this uncertainty is ‘risk’ and it is
ISO has launched a new international standard, ISO inherent in all activities.”
31000:2009, Risk management – Principles and guidelines, “In fact,” he continued “it can be argued that the global
designed to help organisations of all types and sizes to manage financial crisis resulted from the failure of boards and executive
risk effectively. The standard provides principles, framework management to effectively manage risk. ISO 31000 is expected
and a process for managing any form of risk in a transparent, to help industry and commerce, public and private, to
systematic and credible manner within any scope or context. confidently emerge from the crisis.”
ISO has also published ISO Guide 73:2009, Risk The standard recommends that organisations develop,
management vocabulary, which complements ISO 31000 by implement and continuously improve a risk management
providing a collection of terms and definitions relating to the framework as an integral component of their management
management of risk. system.
  Continuity  November/December 2009
Cont Nov/Dec 09_insides.indd 6 27/11/09 14:11:40