Friday, 13 December 2013

University, Career, Real World Security

I am new to the world of business continuity and information security so this is my story so far. At college my interests ranged from geology to politics so I became accustom to the fact that our world is ever changing and we must find new ways of dealing with this. I found the perfect degree which enabled me to further my interests. This was the Disaster Management (BSc) degree at Coventry University where I graduated in November 2012. During my degree I covered subjects from natural hazards to emergency planning and business resilience. Whilst at university I attended a number of business continuity focussed conferences which were my first insights to the industry and gaining concepts of threats and vulnerabilities facing businesses.  Furthermore I took the opportunity to build my business and personal networks.

At university I gained key experience in ‘hands on’ disaster management exercises. One of these involved the scenario of emergency response to a plane crash and the objective was to rescue the passengers and get them to hospital with limited information and resources provided. This occurred in Wales in the freezing winter, where my home for several nights consisted of wood, plastic poles, rope and tarpaulin which when put together created something surprisingly warm. We were being graded under a number of criteria, including teamwork, leadership, communication, utilisation of resources and time. As a group of students who were still learning, it was an exercise that focussed on developing and understanding each other’s skills and the benefits we could bring to the task, whilst working under pressure and difficult conditions to respond to a disaster scenario.

Following my degree, I wanted to experience the real world of disaster management. As daunting as it sounded I was eager to put what I had learnt into practice. I contacted a large local authority to volunteer for their emergency planning team. A placement opportunity was created and I gained 10 months of experience and skills in emergency planning.  As a very interesting sector to work in I found it be unpredictable and the job role was to protect the safety of people and businesses against significant threats under civil contingencies act.   A key activity I participated in was the review of the “Control of Major Accidents and Hazards” (COMAH) regulations and offsite plans which included participation in training for the duty officers.

I was eager to learn more and to break into my career, business continuity is not an easy industry to enter as a graduate.  I had the passion and drive, but without experience I couldn’t gain experience.  I joined the steering committee of XGen Business Risk and Resilience, an organisation focussed on developing the skills of qualified resilience practitioners and introducing newcomers to the industry. This enabled me to develop my networking relationships and provide opportunities to show my capabilities for any potential job. During my time on the committee I have been a part of organising a conference for businesses with guest speakers on a number of subjects that include cyber security and business resiliency.

Opportunities were presented though social media. I had work experience within a local authority and I wanted to further my career in the private sector. I was scooped up by CQR as they recognised my passion and drive towards my career in risk and resiliency.  I have been thrown into the world of security and resiliency and it is living up to my expectations. My first 3 months have been a great learning curve in not only understanding our methodologies and approach to our service delivery but also understand how we work with our clients and how their business operates.  So far my projects have included business continuity plan maintenance, third party business resiliency assessments, development of a building recovery plan, creating governance maturity models for global business continuity program. 
Georgina Collett, Information Security Specialist

Thursday, 5 December 2013

Business Continuity - Why does it matter - a personal perspective

How often do we think that if only we had prepared, if only I had done something before then things would have been better? It's human nature to think that bad things always happen to the other person. Well we know that, from our own personal experience things do happen to us. Now imagine that you are responsible for running a large business and you have the same thoughts. Wouldn't it be so much better to have done something before it was too late?

You can - its call Business Continuity

Let me explain a little more. Business Continuity gives you an understanding of your business, what's critical, what you need to complete your task. It guides you on what you can do when things start to go wrong, what options you have to keep your business moving forward. It helps identify risks, and how you can reduce those risks and even help justify efficiencies in running your business.

The basic principle is to assess what you have, look at the impact of not having it and then to produce solutions to reduce the impact. That is all put into a concise plan which you can pick up and use at a moment's notice.

The key is to have the right information, at the right time to the right people.

We break down the plan for you so that you have key signposted actions at different times, initial response, crisis management, business continuity, business recovery, information disaster recovery and lessons learnt. All of these elements combine to give you a complete business resilience package for your business.

When you are dealing with the incident at the beginning and concentrating on 'putting the fire out' you can also action the part of the plan that will work to getting the business recovery under way. That might be a process that looks at the systems and activates up an alternate site. It might be a way of diverting the work to colleagues elsewhere. It The Business Continuity Plan will enable you to keep all the stakeholders informed about what is going on, it will hold all the critical contact details so you look for alternate supplies or services. You can decide what you have in your plan. Then if you are not there, someone else can pick up the plan and do it for you.

As well as your plan there will be posters, websites, personal critical contact cards that will complement the plan and provide you with up to date information before, during and after an event.

Sounds simple and that's because it is - but one cautionary note. It is not enough to just produce a plan, it has to grow and change as the business does. You need to know how to use it, and commit to keeping it current. Test your plan and strategy. Then, one day, when that need is there and you need help you can pick up your plan and know what to do with confidence.

Michael Bourton, Senior Security Specialist