innovation through dialogue

Security needs innovation, new ideas from new people. It's great to see a new Master's Programme underway at Stockholm University. Department of Computer and Systems Sciences (DSV) is set to regain its position as a leader in the field, and the industry stands to benefit.

Aiming for openness and external contacts, the programme has hosted a series of Security Dialogues, informal sessions with folks outside academia. I'm super-pleased to have been invited to meet with students December 2. Dialogue FTW!


react, adapt and return

Continuity risk can rarely be avoided and the likelihood is difficult to decrease. Our best bet tends to be lowering the consequence, preparing for how to reduce the impact of the risk event.

The way we do this is through planning to strengthen key organisational capabilities:

  • to react effectively when the event occurs (contingency plan)
  • to adapt and do business differently when necessary (continuity plan)
  • to return to normal delivery in an orderly fashion following the crisis (recovery plan)


passion vs. arguments

The Royal Swedish Academy of Sciences hosted a day on radiation risk in the context of final disposal of nuclear waste with researchers, industry, municipalities plus vocal opponents of, well, most everything.

60+ years after its introduction, nuclear energy remains an explosive topic. This sad state of affairs clouds our ability as a society to address the matter rationally. Then again, rationality is not in fashion these days.

But my thanks to all who contributed constructively. I learned a lot.


later is now

Beginning to get a grip on continuity risk, where does it hurt and where will it hurt? Ensure the involvement of top management. Where will your business be one year from now? Three years? Be sure to have your strategy framing your risk assessment.

You cannot eliminate all risk. So, which represents a cost that you can live with and which of it is existential to your business? (Hint: many owners of processes and systems believe their area is prio #1. This is precisely why you must involve the execs.)


your continuity compass

How do you manage the unknown?

For starters, make it part of your risk work. Risk is the potential for events with impact on your goals. Focus on low-likelihood events with high impact on availability. This is Continuity Risk - your continuity compass.

Have it integrated with your Risk Management. Identify, describe and quantify. Use your history, known events which could have a higher impact if repeated. How bad could it get on a rainy day? Analyse and treat. You know the drill. Expect the unexpected.


the future in your rear mirror

Once in a while things happen for the first time. Experts talk of black swans, events we couldn't imagine.

Those are the exceptions. Many accidents occur repeatedly. In fact, a useful tool for gazing into the future is a rear mirror.

But I haven't had any disasters, you say? Good for you! What about those times you were lucky? Or, not as unlucky as you could have been? Use the history within your context, think of what has happened. Imagine what the impact could be, another day, under worse conditions.


when the smoke clears

The 2014 Västmanland wildfire turned into a six weeks-long regional emergency.

It remains a source for insight into what works and what doesn't in societal preparedness. Issues from civil-military cooperation and local-regional-national coordination to volunteering, training and helicopters are subject to a broad study by Swedish Civil Contingencies Agency (MSB).

I was fortunate to attend last week's project update, and I recommend the webinar version with lessons for any practitioner in Crisis Management.


seminars: continuity meets multi-sourcing

Continuity Planning is about armouring your business with an element of robustness.

Multi-sourcing is a delivery model where you orchestrate a strong business with multiple sourcing partners.

What happens when the issue of continuity meets multi-sourcing? In September, I will be co-hosting seminars (in Swedish) on this very topic. How can we protect our customers and our business by ensuring availability in the face of unexpected events, even when we are dependent on external partners? Come join us!


know your dependencies

What might impact the continuity in your context? One key factor is dependencies.

Think of it. Are there deliveries, services, resources that you assume will always be available? Could you run your business without that special service provider, without those key individuals, those office premises, that technical infrastructure? If not, you must treat them accordingly.

Any business will have its dependencies. Knowing your dependencies and managing them proactively is a cornerstone for continuity.


the continuity of what?

Before addressing continuity, ask yourself this question. What system (service, process, component) is in focus?

Sounds simple but if you stumble here, you won't get far. What is your scope and why does it need to have its continuity protected? Is it within your area of responsibility, do you have the mandate? Does its operational quality matter to your stakeholders? Who will foot the bill?

Stating where your context begins and ends is a great start and sends a signal to others to do their part.