In order to obtain assurance, your qualified continuity plan should be tested.
Don't wait for it to be "perfect". Test soon, and use the test to find weaknesses.
The effort you put into testing will depend on risk. Begin with a desktop test, discussing the plan step by step with stakeholders.
Iterate the test and watch your plan improve, as well as your ability to execute it.
Nothing beats reality. A realistic simulation is the next best thing. It won't be cheap or simple, but certain scenarios need to be simulated.
(some of) my events
- 2018-11-28 Informationssäkerhet för ledare (teaching course, Stockholm)
- 2018-11-07 Certifierad IT-arkitekt (guest lecturing, Stockholm)
- 2018-10-03--05 Operativ informationssäkerhet (teaching course, Stockholm)
- 2018-09-05--07 Strategisk informationssäkerhet (teaching course, Stockholm)
- 2018-06-18 A framework for Information Risk maturity (presenting at SRA Europe, Östersund)
Retirement planning and pension savings is one of the most difficult, long-term decisions most of us will ever face. At a recent seminar, Nordea offered a list of issues to think of, focusing on today's rulebook, how responsibilities are shared between state, employers and individuals. But the system keeps changing. We're all literate, we can read up on current rules. As experts, bring your crystal ball, help us understand trends and scenarios. What might the system look like 30 years from now?
a static view on the most long-term decision most of us will ever face. @Nordea_SE offered a seminar on today's system for pension savings.— per stromsjo (@stromsjo) February 18, 2016
I used to think that proactivity in security is all about Risk Management. Then I found myself involved in Crisis Readiness. Still with an eye on risk exposure, preparedness adds a human as well as organizational capability dimension. How good are we at dealing with difficulties, improvising and being creative from a platform of plans and structures? The crisis perspective makes security more challenging. but it does confirm an old belief - it's not the technology, stupid! Think people and processes.