What is the best way to build a business continuity plan that outlines alternative suppliers?
“Make sure resilience is built in as you design things.“
Marc Avery, CISO and founder of the Cyberchain Alliance, talks to Sooraj Shah about how people, process and technology need to have resilience built in from the very beginning.
Marc Avery was a speaker at the very popular R3 cyber security conference, which ran from 15 to 24 September 2020. If you missed it, then it’s not too late: you can still watch on demand.
What's the best way to build a business continuity plan that outlines alternative suppliers?
Business continuity plans have a traditional context, and often seen as something that gets pulled out of the drawer maybe once a quarter, if organisations are lucky, and people see that and go through the business continuity plan and work backwards from that to see whether or not any improvements that they can make. Actually, business resilience now is much more important. As we've seen with the COVID pandemic, it's much more important to consider those things from the very fundamental designs of a service.
So your people, your process, and technology have to have resilience built in. So I'm not saying there isn't a place of business continuity plans. Clearly, these things need to be exercised, but actually making sure that resilience is embedded as you design things, as you build things, and of course, as you operate things, really does help to make it a less painful job as and when something goes wrong.
Such flexibility should be discussed with suppliers as well and not just relying upon commercial arrangements to have their resilience built-in. Taking that approach and sharing that with your suppliers as well. This is paramount.
Are the supply chain processes fit for purpose in the 21st century? Bridget Kenyon, Global CISO, Thales eSecurity, joined us at #teissLondon2019 to deconstruct the complexities between trust and security.
Employees must think of hackers as very malicious marketers and need to take all the necessary precautions (strong passwords, safety settings) to prevent them from entering the company's system, says …