Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

DRJ Blogs

DRJ Community Blogs
Tags >> Advice From A Risk Detective
Oct 08
2014

We need better checklists.

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

The Dallas hospital treating the Ebola patient has just announced that the patient died.

The Liberian public health and airport security personnel in Liberia did their jobs, and checked outgoing passengers at three distinct checkpoints.  But airport personnel can do little when patients lie or the patient didn't know that what was thought to be malaria was actually Ebola.

Jul 29
2014

Travel Risk Is High Right Now

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

It's not just that airplanes have been disappearing, or shot down, or that the infectious disease Ebola is out of control in parts of Africa, or that Tel Aviv travel was suspended by major airlines when shelling came too close to the airport . Travel risk has always been an issue for corporations whose employees are spread round the globe.  In this morning's New York Times article, Joe Sharkey goes inside a gathering of corporate travel managers to better understand their concerns, including legal and ethical risks, given the last week or so of travel events.

 

Jun 18
2014

Assessing Your Disaster Recovery and Business Continuity Strategy

Posted by Alex Belyarchik in Business Continuity , BRP , BIA , BCP , BCM Professionals , Awareness , Advice From A Risk Detective

Alex Belyarchik
  • Identifying business processes
    • How critical are they to the business? 
    • What are the RTO's for them? 
    • What is the supply RTO for them from IT? 
    • Are they relying on the applications, or could be done manually in case of disaster? 
    • If there are gaps within Supply / Demand RTO --> negotiate with the Sr. Mgmt to either implement the changes or sign off on accepting the risk
  • Assess the potential external / internal risks for the company
    • What are the disruptions to the business? (i.e. natural disasters, flu pandemic, building not available, e.t.c.)
    • What are the internal risks? (i.e. access privilege violation, information theft, e.t.c.)
    • Create "Criticality Matrix" to assess the probability of each of the risks happening to an organization. This could be on a High/Medium/Low basis
  • Review all DR/BCP Plans
    • Start off with the Tier 1's critical applications and go down the list
      • Conduct plan review called "Tabletop" with plan builder to review and update the document
      • Then conduct "Walkthru" with the plan builder presenting the plan in front of all stakeholders. You can also invite internal/external audit to assess the process
      • Conduct a functional test 
  • Vendor management
    • How often were the vendors reviewed? 
    • How often are the vendors visited? Top 10 critical vendors must be visited on an annual basis. This could be merged with the Security Assessment. 
    • Obtain information on data center locations, disaster recovery tests, contact persons, as well as dates and times of the past and future tests
    • Record information within plans and ensure that each plan requiring vendor application to be available possesses this vendor information
  • Functional Testing
    • How often are the critical applications tested? 
    • Is the testing methodology aligned with the corporate goals? Are you getting service disruptions during the tests? 
    • How often are Tier 2,3,4 applications tested? 
    • Were multiple concurrent tests conducted at once? (e.x. testing 20 applications as a bundle in datacenter failover test). 
    • Review the Test Certifications to ensure they possess critical information, such as: test times, applications tested, hardware tested, issues are logged, resolutions are found, physical signatures of the testers are obtained, Sr. Mgmt approvals
Apr 18
2014

Take Off the Blinders

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

Mar 26
2014

Seattle Disasters

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

 

NTSB: Helicopter rotated 360 degrees before crash

 

Jan 21
2014

Winter Weather Tips from FEMA

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

Another big storm is bearing down on the East Coast  --  so I thought I would post a link to FEMA's winter weather tips.
The building blocks of the tips for winter weather apply to those of us in other parts of the country as well.
If you keep a stash of extra batteries on hand, you're also likely to have created a family emergency plan and even perhaps to have 5-7 days of emergency food, medicine and other supplies on hand.    If you haven't found the time to take care of those items yet, pick a day this next week and get after it!  Once you've established the basics, it's a simple matter to check out the supplies once a year, replace anything that might have expired, and perhaps add a few more items to your stash labeled for emergencies.
Meanwhile, our thoughts go out to those on the East Coast, who've already gone through this once this month.

Jan 07
2014

Mother Nature Shows Us Once Again Who Is In Charge

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

Our son was home from The University at Albany for two weeks in December to celebrate the holidays with us.


 Now he's back in school experiencing this kind of weather.

Oct 11
2013

Earthquake planning

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

In yesterday's operational risk seminar that I teach at the University of Washington, our guest speaker was UW seismologist and information scientist Bill Steele.  In the first hour of class, he used a presentation he had recently made to state government on the development of an alert system that could mitigate certain types of public safety issues during an earthquake.  I've seen parts of the presentation before, and was struck again by the message that is driven home: disaster preparedness reduces costs over the long run.  And it may also reduce business interruption costs by as much as 20%.  Despite these facts, we are a long way from having an effective earthquake alert system in this state that could provide up to 3 minutes of warning before we felt the shock; and that could also be used to stop trains and elevators, and alert schools so that children could drop, cover and hold.

In our seminar the previous week,  I had talked about neuroscientist Tali Sharot's book, The Optimism Bias: A Tour of the Irrationally Positive Brain.  For those of you who might be curious, I've included a link to her TED talk.

Oct 04
2013

"That which does not kill us makes us stronger." -- Frederich Nietzsche

Posted by Annie Searle in Advice From A Risk Detective

Annie Searle

We might argue with any number of Nietzsche's philosophical tenants, but this statement seems to define not only the human condition but also the quality of resilience that we aspire to in the plans and programs we build around business continuity and disaster recovery.

Americans are not the only people tested sorely in the past several years by hurricanes, tornadoes, tropical storms, wildfires, floods, extreme heat or earthquakes.  Nor have we had to bear the triple scenario that included a magnitude 9 earthquake, a tsunami, and the failure of major nuclear power plants in Japan in 2011.  Debris from those events is still washing up on the coast of the State of Washington, where I live.  That series of events in Japan should lead all of us in business continuity and emergency management to reconsider the fundamental assumptions on which we make our plans, and ask "What really is the worst case, now that conditions on the Earth have changed so significantly from climate change?"  For there's no doubt that things have changed, even though our plans have probably not been dusted off more than once a year for a drill or exercise, rather than an actual fail-over for the technology components.