Stefan Hofbauer
ABSTRACT
The COVID-19 pandemic has shown that some companies have been prepared for the pandemic in terms of crisis management, but other companies have not been prepared at all. The dependency of a company on third-party provider is even bigger in a pandemic situation. Operational resilience must be assured for third-party providers, who are supporting the company in delivering critical business processes. In a pandemic, the risk is much bigger that a third-party provider is having economical or employee-related issues, for example financial problems or loss of staff so that the provider will not be able to support the company on the same level as before the pandemic or cannot support the company at all. To assure operational resilience within a company, it is needed to first identify the critical IT assets and critical processes within the company. Only then it is possible to protect these IT assets and assure the business continuity of the critical business processes. Results described in this paper are based on practical experiences gained during the COVID-19 crisis.
- Brahim Herbane, Ethné Swartz, and Dominic Elliott. 2004. Business Continuity Management: Time for a Strategic Role? Article in Long Range Planning. https://www.researchgate.net/profile/Ethne-Swartz/publication/240177042_Business_Continuity_Management_Time_for_a_Strategic_Role/links/5d23141492851cf4406f5462/Business-Continuity-Management-Time-for-a-Strategic-Role.pdfGoogle Scholar
- Department of Humanitarian Affairs/United Nations Disaster Relief Office – United Nations Development Programme. 1992. An Overview of Disaster Management. http://www.nzdl.org/cgi-bin/library?e=d-00000-00—off-0aedl–00-0—-0-10-0—0—0direct-10—4——-0-1l–11-en-50—20-about—00-0-1-00-0-0-11-1-0utfZz-8-00&cl=CL1.3&d=HASH68c99b49db2847ff4206b4.4.3.2.3>=1Google Scholar
- Yoshiaki Nemoto, and Kiyoshi Hamaguchi. 2014. Resilient ICT research based on lessons learned from the Great East Japan Earthquake. IEEE. https://ieeexplore.ieee.org/abstract/document/6766082Google Scholar
- Lisa V. Chewning, Chih-Hui Lai, and Marya L. Doerfel. 2021. Organizational Resilience and Using Information and Communication Technologies to Rebuild Communication Structures. Sage Journals. https://journals.sagepub.com/doi/abs/10.1177/0893318912465815Google Scholar
- Jan Beyea, Edwin Lyman, and Frank N. von Hippel. 2013. Accounting for long-term doses in “worldwide health effects of the Fukushima Daiichi nuclear accident. From the journal: Energy & Environmental Science. https://pubs.rsc.org/en/content/articlelanding/2013/ee/c2ee24183h#!divAbstractGoogle Scholar
- Sam Carana. 2015. Temperature Rise of 1.5°C could happen by 2024. Below2C. https://below2c.org/2015/12/temperature-rise-1-5c-happen-2024/Google Scholar
- McKinsey & Company. 2018. Don't stress out: how to build long-term resilience. https://www.mckinsey.com/business-functions/organization/our-insights/the-organization-blog/dont-stress-out-how-to-build-longterm-resilience#Google Scholar
- NIST. 2010., Contingency Planning Guide for Federal Information Systems. NIST Special Publication 800-34 Revision 1. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdfGoogle Scholar
- Queensland Fire and Emergency Services. 2018. Queensland Prevention, Preparedness, Response and Recovery Disaster Management Guideline. https://www.disaster.qld.gov.au/dmg/Documents/QLD-Disaster-Management-Guideline.pdfGoogle Scholar
- Joe Oleksak and John Hampson. 2020. The new Business Continuity Management Booklet: Four questions you should ask. Plante Moran. https://www.plantemoran.com/explore-our-thinking/insight/2020/02/the-new-business-continuity-management-booklet-four-questionsGoogle Scholar
- Kim Le. 2016. SOX Walk-through Overview. A2Q2. https://www.a2q2.com/blog/sox/sox-walk-through-overview/#:∼:text=Test%20of%20Design%20(TOD)%20%E2%80%93,operates%20as%20it%20was%20designedGoogle Scholar
- NIST. 2020. Security and Privacy Controls for Information Systems and Organizations. NIST Special Publication 800-53 Revision 5. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdfGoogle Scholar
- London First. 2003. Expecting the unexpected, Business Continuity in an uncertain world. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/61089/expecting-the-unexpected.pdfGoogle Scholar
- Jessie Reed. 2019. Data Center Disaster Recovery: A Complete Guide. Nakivo. https://www.nakivo.com/blog/data-center-disaster-recovery-a-complete-guide/Google Scholar
- Marten Bütow. 2019. Thus spoke the BSI….T-Systems. https://www.t-systems.com/de/en/newsroom/expert-blogs/thus-spoke-the-bsi-76334Google Scholar
- European Commission. 2016. What is a data breach and what do we have to do in case of a data breach? https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_enGoogle Scholar
- Bank for International Settlements. 2020. Principles for operational resilience. https://www.bis.org/bcbs/publ/d509.pdfGoogle Scholar
- CrossCountry Consulting. 2020. Operational Resilience: Identifying Critical Business Processes. https://insights.crosscountry-consulting.com/operational-resilience-identifying-critical-business-processesGoogle Scholar
- NIST. 2018. Framework Version 1.1. NIST Cybersecurity Framework. https://www.nist.gov/cyberframeworkGoogle Scholar
- IBM Cloud Education. 2019. What are Security Controls? IBM. https://www.ibm.com/cloud/learn/security-controlsGoogle Scholar
- Margaret Langsett. 2016. Six levels of business continuity maturity. Virtual corporation. https://www.continuitycentral.com/index.php/news/business-continuity-news/1293-six-levels-of-business-continuity-maturityGoogle Scholar
- Bundesamt für Sicherheit in der Informationstechnik. 2020. Orientation guide to documentation of compliance according to Section 8a (3) BSIG. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/IT-SiG/Orientierungshilfe_8a_3_eng.pdf?__blob=publicationFile&v=3Google Scholar
- Moh Heng Goh. 2019. What are the Types of Business Continuity Strategy? BCM Institute. https://blog.bcm-institute.org/bcm-planning-methodology/what-are-the-types-of-business-continuity-strategyGoogle Scholar
- Paul Malliet, Frédéric Reynès, Gissela Landa, Meriem Hamdi-Cherif, and Aurélien Saussay. 2020. Assessing Short-Term and Long-Term Economic and Environmental Effects of the COVID-19 Crisis in France. Environmental and Resource Economics. https://link.springer.com/article/10.1007/s10640-020-00488-zGoogle Scholar
- HP Enterprise Security. 2011. Next-Generation Application Monitoring: Combining Application Security Monitoring and SIEM. http://docs.media.bitpipe.com/io_10x/io_101711/item_478578/TT%2011-105%20HP%20Enterprise%20Security.pdfGoogle Scholar
- Karen Scarfone. 2015. IBM Security QRadar: SIEM product overview. SearchSecurity. https://searchsecurity.techtarget.com/feature/IBM-Security-QRadar-SIEM-product-overviewGoogle Scholar
- Stephen Cooper. 2020. Splunk SIEM Review & Alternatives. Comparitech. https://www.comparitech.com/net-admin/splunk-siem-review-alternatives/Google Scholar
- Sander Berkouwer. 2018. The Cloud Identity Dilemma. Semperis. https://www.semperis.com/blog/cloud-identity-dilemma/Google Scholar
- Neil Ferguson et. all. 2020. Impact of non-pharmaceutical interventions [NPIs] to reduce COVID19 mortality and healthcare demand. Imperial College. https://medium.com/tomas-pueyo/coronavirus-der-hammer-und-der-tanz-abf9015cb2afGoogle Scholar
- MITRE. 2020., ATT&CK Matrix for Enterprise. MITRE ATT&CK. https://attack.mitre.org/Google Scholar
- Simmons & Simmons LLP. 2020. Operational resilience – outsourcing and third party risk management. https://www.simmons-simmons.com/en/publications/cka512adwj5yq0999l3fbcm1d/operational-resilience—outsourcing-and-third-party-risk-managementGoogle Scholar
- Federal Office for Information Security. 2009. BSI Standard 100-4 Business Continuity Management. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standard_100-4_e_pdf.pdf?__blob=publicationFile&v=1Google Scholar
- Edward Bishop. 2020. Our New Normal Of Remote Work Makes Data Loss Prevention Crucial For GDPR Compliance. Forbes. https://www.forbes.com/sites/forbestechcouncil/2020/06/15/our-new-normal-of-remote-work-makes-data-loss-prevention-crucial-for-gdpr-compliance/?sh=24adde665937Google Scholar
- Michael Berman. 2020. What's The Difference Between Business Continuity Management (BCM) And Pandemic Planning? NContracts. https://www.ncontracts.com/integrated-risk-blog/whats-the-difference-between-business-continuity-management-bcm-and-pandemic-planning/Google Scholar
- CREST. 2019. What is Cyber Threat Intelligence and how is it used? https://www.crest-approved.org/wp-content/uploads/CREST-Cyber-Threat-Intelligence.pdfGoogle Scholar
- Eske Ofner. 2021. Keep calm and…? Five Tips For Successful Crisis Management. FACT24. https://fact24.com/en/five-tips-for-successful-crisis-management/Google Scholar
Index Terms
- Assuring long-term operational resilience in a pandemic: Lessons learned from COVID-19
Index terms have been assigned to the content through auto-classification.
Recommendations
Enhancing RCIES Model: A Case Study in the Sudanese Electricity Transmission Company
Risk identification and prioritization is very essential activity in any successful strategic risk management process. Developing a plan for dealing with such problems reduces the impact of unexpected risks and failures while prioritizing risks draws ...
Enhancing RCIES Model: A Case Study in the Sudanese Electricity Transmission Company
Risk identification and prioritization is very essential activity in any successful strategic risk management process. Developing a plan for dealing with such problems reduces the impact of unexpected risks and failures while prioritizing risks draws ...
Enhancing RCIES Model: A Case Study in the Sudanese Electricity Transmission Company
Risk identification and prioritization is very essential activity in any successful strategic risk management process. Developing a plan for dealing with such problems reduces the impact of unexpected risks and failures while prioritizing risks draws ...
Comments