This page contains a Flash digital edition of a book.

BC- off to university or the lobby?

Business continuity comment from Lyndon Bird at the BCI

am often asked why there are so few academic opportunities available in the field of Business Continuity Management. I don’t mean the training courses for practitioners and aspiring BCM professionals, but the rigorous, academic-based courses offered by universities. In order to be able to answer this question, I first had to undertake some research of my own. A like for like search across universities in the UK quickly showed me that as far as I can judge apparently no UK university offers a first degree course in Business Continuity. When I extended my search to include Master’s Degrees, I did little better – I found no MBA programme that specifically mentioned BCM as part of the curriculum. Although my research is limited to the UK, I think I can probably make the safe assumption that the global picture differs very little from the UK landscape. Out of simple curiosity, I ran a quick check to see how some of the BCM


IT security comment from Darren Pitman, niu Solutions’ Compliance & Security Practice

related subjects fared at Master’s Degree level in terms of representation within UK universities syllabuses. The results were quite thought provoking.

Risk Management Security Management

663 338

Compliance Management72 Crisis Management51 Emergency Management44 Disaster Management

41 Resilience Management27 ‘Finance’ is the word that immediately springs to mind. It is highly likely

that the 663 Risk Management references pertain to Financial Risk Management and of course most Compliance and Security Management courses also have a financial connection. So is this association with the world of finance just one explanation for this apparent deficiency? Is it the temptation of earning big money in the city that is drawing students to these courses and is this why Business Continuity doesn’t make it on the list?

Essentially, we simply have the usual market forces of supply and demand

at work here and it seems that business continuity isn’t what they want. In my mind we have two options. We can accept this fact and retreat into disgruntled resignation or we can challenge this fact and use our voice to effect some positive change with some influential lobbying, beginning with the current perception of business continuity in business! Unless businesses perceive business continuity as a critical component of

their business strategy, unless businesses start adopting BCM practices from the top down, and start looking for new recruits with these skills and competencies, then students won’t be drawn to business continuity, and if they don’t want it universities won’t offer it! It is as simple as that. But all is not lost, should you want to study business continuity. There

are other options available to you. The BCI Diploma in Business Continuity is just one route to market. Offered through the BCI in partnership with Bucks New University, this Diploma is an excellent qualification for budding BCM professionals.


about – it’s often difficult for organisations to determine where to start and how to prioritise each one. Most organisations have a pretty good grasp of what’s important and in many cases they are relatively successful in creating a security strategy that will suffice, but still need advice and guidance on maximising their investments and moving from a reactionary position to one that delivers proactive protection. For several years now, savvy organisations in the US have been using


the SANS ’20 critical controls for effective cyber defence’. Increasing media coverage on cyber security, threats and best practice has accelerated board level attention and put pressure on IT teams. The critical controls provide a focus for organisations, enabling them to address their security issues and compliance requirements in the most efficient and cost effective way. This year CPNI (The Centre for the Protection of National Infrastructure) has recognised the benefit these guidelines can offer to organisations in the UK and is participating in an international government-industry effort to promote them to businesses. As a globally recognised set of guidelines, organisations of all sizes

and functions can use these to confidently shape the development of a successful security strategy or, more likely, help them to build upon and maximise those they already have in place. The 20 critical controls present an opportunity for UK organisations to

assess existing strategies and address where the gaps may be and in which areas they’re most lacking. Implementing all of these controls to an effective standard and being able to continually monitor them will not only make organisations much more secure but will also simplify any compliance requirements they may have. In fact, for many organisations, this will enable them to move from a pure ‘box ticking’ approach to one that provides more tangible benefits. Of course, organisations should still complement their IT security strategy with overall policy and governance in mind, including organisational structure, personnel and physical security controls. As the threat landscape evolves, regulations get tighter and the culture within organisations changes; it can seem like treading water to try and keep on top of everything. These critical controls will help organisations stay on top of the IT element of its overall security strategy.

hen developing a cyber security strategy there’s so much to consider, with hundreds of potential products and controls to think

IT security

Taking critical control of IT

April 2012

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44