Webizus Monthly Newsletter
Clients of Webizus Technologies, a web development and website design company, IndiaSign up for the monthly newsletter from Webizus Technologies, a web development and web site Partners of Webizus Technologies, a web development and website design company, IndiaCareers with Webizus Technologies, a web development and website design company, IndiaGive us your feedback on Webizus Technologies, a web development and website design company, Contact Webizus Technologies, a web development and website design company, IndiaAbout Webizus Technologies, a web development and website design company, India
 




"The show must g o on!"

--Anonymous

 

 

 

 

 

 

To visit Webizus Consulting, the Knowledge Management Consulting & Research arm of Webizus Technologies Click here.

 
 
search:

An E&Y IS Security Survey (2002) reports that business continuity plans exist at only 53% of organizations. Even till last year, 64 per cent of Indian IT companies, the preferred IT outsourcing destination of the world, did not have a corporate wide business continuity plan to address disruption risks. Heightened interest in BCM in their largest market (US) led them to consider planning for business continuity last year. According to the CII-PricewaterhouseCoopers IS Security Survey 2002-03, "74 per cent of the respondents (from a total of 103 large Indian and MNCs) have increased their security budgets over the previous year." Small & medium sized companies should also get over the complacency that a firm of their size does not need BCM. According to American Red Cross, as many as 40 percent of small businesses do not reopen after a major disaster like a flood, tornado or earthquake.


BCM is not just IT

BCM is not the responsibility of the IT department, even if IT systems form the backbone of company operations. BCM is part of the planning activity. A large number of companies active in BCM seem to have experienced a crisis situation in the past. The top management's commitment to BCM stems from the painful organizational memory of that past. This is evident from the fact that financial companies were the first to be up & running after 9/11 attacks thanks to the security measures they had taken and the lessons learnt after the 1993 attack on WTC. The same may not be true for employees down the line. Their involvement is crucial but needs convincing. Human skills and knowledge management are more desirable than IT skills in such a situation. The human factor is the one which is the most difficult to manage during & after a disaster. Staff need to be well trained to avoid panic & ensure their safety during the disaster. A minimum supply of the goods, materials and equipment, call forwarding facility, duplicate keys & security codes, backup locations & a host of operational issues need to be resolved to ensure business continuity apart from the obvious planning to get critical IT systems working & restoring backup data from another location.

BCM is an ongoing exercise

Once you have a BCM plan in place, is it time to sit back & hope that it is never actually used? Unfortunately, no. Change in operations, structure, nature of business, location, regulatory requirements & IT systems may bring in new risks to the fore. Hackers devise new & better ways & viruses attack new vulnerability. BCM plans should be revisited periodically and also when a change occurs. Issues like ensuring security of customer data to umbrella tasks like business continuity no more remain under the whims & fancies of the top management. Regulations such as Gramm-Leach-Bliley Act (GLBA) for the finance industry & The Health Insurance Portability and Accountability Act (HIPAA) for the health care industry make it mandatory to do so. Regulatory requirements should not be the only consideration for BCM though. For example, a yearly review of plans just for compliance sake may not serve the business continuity function, which should be the primary aim of such an exercise.
Crisis situations can arise without any forewarning (9/11), in a short notice or with an exact date (Y2K). BCM should be flexible enough to respond in different ways to different problems. These situations can last for a fraction of a second (bomb explosion) to days or months (SARS outbreak, wars). After 9/11, the focus of BCM in the corporate sector as well as government bodies worldwide has shifted visibly from planning for natural disasters to man made ones like terrorist attacks & nuclear accidents.

Risk Analysis

Risk analysis can be either quantitative or qualitative. The qualitative methodology based on probability calculations is rarely used as the accuracy of such calculations is suspect. Qualitative methods identify vulnerabilities, the threats associated with them & corrective actions that can be taken (both before & after a crisis). A CSI/FBI study in 2003 shows that overall financial losses from 530 survey respondents totaled $201,797,340. This too where 75% of organizations acknowledged financial loss, though only 47% could quantify them. According to the survey the biggest threat of attack or misuse in IT came from:
Virus (82%)
Insider abuse of net access (80%)
Laptop (59%)
Unauthorized access by insiders (45%)
Denial of service (42%)
System penetration (36%)
Theft of proprietary information (21%)
Sabotage (21%)
Financial fraud (15%)
Telecom Fraud (10%)
Telecom Eavesdropping (6%)
Active wiretap (1%)


The Earthquake Drill

A wide extent of complexity is involved in an earthquake disaster. The Fire Defence Agency in Japan has drawn up an "earthquake preparation planning manual," and in addition to giving guidance to local public bodies on deciding the earthquake preparation section of the regional anti disaster plan, it also carries out investigation and research into ways of reducing the damage from a large-scale earthquake. The Great Kanto Earthquake, which destroyed much of Tokyo on September 1, 1923 killed 140,000 people. Most of the harm in the Great Kanto Earthquake was done by fire. Tokyo began trembling just as it was getting ready for lunch. Those were the days of charcoal and coal stoves, and the red hot embers flew around, the day's wind playing the devil. Most water pipes burst, and there was little that the administration could do to check fires. Forty hours later, when the fires had subsided, more than 500,000 dwellings lay in ashes. And, a mere one per cent had collapsed in the earthquake itself, the rest having been devoured by the flames!
An earthquake drill takes place in Japan every year on September 1. The participating groups included police and fire departments, elements of the Japan Defense Force, and emergency response teams from NTT, gas, electricity and water agencies, the Guardian Angels of Japan, and the Boy and Girl Scouts of Japan in last year's drill. A large number of civilians & even the Prime Minister himself participates in these drills. Although a 24-hour warning of the impending catastrophe is possible, given the modern equipment, 7,000 people may still die and 300,000 get hurt in Tokyo alone in case an earthquake measuring 7 on the Richter Scale rocks the metro.

To learn from other's experiences is the best way to learn disaster management & plan for business continuity. Sadly, lurking fear is our tutor. Japan's preparedness for earthquakes is the best in the world, or so the world thought until the Great Hanshin Earthquake (Kobe, 1995). With no major seismic activity for 300 years, Kobe had got over its fear for earthquakes. Companies have to wake up from their complacency & learn from other's experiences.


References:

Federal Emergency Management Agency (FEMA)
The Hindu
Times of India
American Red Cross
Computer Security Institute (CSI)
The Nippon Foundation Library
Ernst & Young Global Information Security Survey 2002
CII-PWC IS Security Survey 2002-03 - Issues & Trends in India

your comments on the article

contact the author

Share this newsletter!
If you know colleagues who would be interested in this newsletter, please direct them to http://www.webizus.com/newsletter.html

To unsubscribe from the monthly newsletter, click on the link below to e-mail your request to us. YOU WILL RECEIVE NO FURTHER NEWSLETTERS from Webizus Technologies if you do.
newsletter@webizus.com?subject=unsubscribe

Webizus takes your privacy seriously. To learn more about Webizus' use of personal information, please read our Privacy Policy at http://www.webizus.com/privacy.html

Disclaimer:
Webizus through the content published makes no warranties or guarantees about the products/ services represented or about the articles presented in the newsletter. The articles by various authors are entirely their own opinion. Webizus holds no responsibility to any damage or loss incurred in any form to any person or organization due to the publication of any of the issues.

Copyright ©1999-2003, Webizus Technologies, All Rights Reserved.

For more information mail us on info@webizus.com

Contact us today for a demonstration of how we can cut down your costs and improve your business:
Email us at: info@webizus.com or call us at +91-9821634476 / +91-22-55910132

Download our corporate profile

 


Effective Business Continuity Management Business Process Management Intellectual Capital Management Newsletter Archives Click here to subscribe































Web Development Company ; Website Design Company ; SEO (Search Engine Optimization) Company