Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Citrayudha Komaladi
From:
Sent:
To:
Subject:
www.SecurityPark.net
The leading News portal for Security Professionals - Copyright 2000-2006
Security News article posted in Security News, IT Network and Computer Security, on 21/03/2007
Page 2 of 2
psychological literature that we vastly overestimate the likelihood of being involved in some dramatic event
such as a plane crash compared to falling victim to less newsworthy events. This leads to a phenomenon called
the availability heuristic where, for example, people believe death from terrorism to be a greater risk than
death from all possible sources (including terrorism). Over the last year we have seen the availability heuristic
clearly demonstrated at a Corporate level with many organisations developing detailed Flu Pandemic plans in
stead of generic Business Continuity plans which will provide resilience against a wide range of disruptions
including pandemics.
I am not suggesting for a moment that we pretend that 9/11 never happened or that we bury our
heads in the sand and refuse to consider the prospect of a Flu Pandemic. Rather in addressing
risks, we advise clients to balance considerations of Impact and Likelihood (both highly subjective
measures) with considerations of Comprehension and Control. In this context:
Comprehension refers to ones ability to accurately predict the likelihood of an event; and
Control refers to ones ability to prevent the event taking place or mitigate the effects.
This generally has the effect of redirecting attention away from vague, but potentially catastrophic
risks, towards more mundane but treatable ones.
Furthermore, our experience of working with and studying numerous organisations in crisis leads
us to two important conclusions:
High impact incidents are not necessarily more complex to manage and are, in many cases,
simpler than less disruptive events; and
There is much commonality in the actual issues that a Crisis Management Team has to deal with,
regardless of the precise trigger or the scale of the incident.
I would therefore submit that planning to deal with less dramatic scenarios is not only a useful
activity in its own right but also lays a solid foundation for planning to deal with headline-grabbing
events.
In most cases Business Continuity Management is about doing the best job with limited resources
getting the best Bang for your Buck. In this context, focusing plans and resources on mitigating
the impact of massively disruptive events may secure Senior Management attention and funding but
actually represents poor value for money. Concentrating in stead on the mundane and everyday is
much more likely to demonstrate real benefits in the short term and forms a solid basis on which to
build over time.
Article contributed by Patrick Roberts, Senior Consultant, Needhams 1834 Ltd. Needhams 1834 Ltd will be
exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 28th - 29th March
2007, www.businesscontinuityexpo.co.uk
This is a printer friendly version of the article - Go to the www.SecurityPark.net website and see the full article
online and all other related articles.
5/25/2010 9:56 AM