There are many questions emerging from the latest problems caused by the “hero?” How can a protector become the “villain” within sub seconds? Yes I am talking about all the blue screens that were turned on recently due to a “real” update.
“Plans are Nothing; Planning is Everything”
As Dwight Eisenhower said, “plans are nothing; planning is everything.” In 2020, COVID showed us the human side of interruptions and in 2024, the blue screens showed us the technology side of interruptions.
Some may not consider either of these a “disaster” but rather an inconvenience. I beg to differ and here’s why. No matter how small or large, anytime a customer experience is affected, which drastically causes undue and unfair outcome to the customer’s well-being, culminating in loss of credibility, brand image and revenue to the enterprise, it is a disaster.
What was the “planning” for these blue screens by you? From my observation, I would say that not many enterprises were “planning.” Rather, they assumed that the “hero” would take care of things. But wait! Who is accountable for the well-being of your enterprise? Should you not have asked questions? But, then, what questions would you have asked?
In 2002, Donald Rumsfeld, the US Secretary of Defense, while not his original concept, presented this matrix in reference to the Iraq war. If we take the “blue screen” disaster, there are two quadrants at play, “Known Unknows” and “Unknown Knowns.” Paying attention to these two quadrants is critical to ensuring business continuity.
Perhaps you were not affected by the “blue screens.” Great! In one study, a few years ago, of ~600 incidents, the types of disaster events were mapped in the graph as a percent of total type of events that caused enterprises to declare a disaster. Cyber-attacks, of course, fall into many of these areas as well. If this study were to be conducted this year, I doubt the types of disaster would change much.
Business Continuity Management
The overall goal of Business Continuity Management or BCM is a culture change that evolves the enterprise to a place where resilience is a part of standard modes of operation, and a consideration in all aspects of organizational behaviors.
The BCM program management includes establishing the organization’s BCM policy and its requirements, e.g., providing the resources, structure, and teams required to comply with the BCM policy.
The Importance of Planning
The purpose of planning BCM is to address all sides of any interruption by unravelling all quadrants of the matrix. BCM requires addressing each of the Building Blocks below, from the perspective of people, processes, technology, premises and providers:
- Threat Risk Assessment (TRA) – What threats could impact the enterprise, from villains or heroes?
- Business Impact Analysis (BIA) – What impacts would the risks have?
- Planning – How is the enterprise going to handle these impacts?
- Exercising – Confirming the theoretical planning and awareness for the enterprise.
- Monitoring/Maintenance – Keeping the plan as an accurate representation of the enterprise at all times.
Assemble the Building Blocks
In this series, it is my intention to unfold these Building Blocks and to provide insight as to how ServiceNow Integrated Risk Management/IRM (Governance Risk & Compliance/GRC) and Business Continuity Management/BCM set of tools can help your enterprise assemble the Building Blocks for a lasting foundation of business continuity.
This time around, the villains didn’t have to do anything, the heroes created the chaos, fortunately found a quick way out of it! I am afraid, however, that the villains sat back and observed those who fell down quickly and thus showed their vulnerabilities to the world! Next time we may not be as fortunate?
I will leave you with two maturity models from ServiceNow (above), for you to review and ponder on, as to “where your enterprise is?” with regard to IRM/GRC and BCM use from a cultural and resilience perspective.
And now you are in the “Known, Unknowns.” To understand more and to speak with an expert, reach out to Infocenter today.
About Insight & Infocenter
Insight and Infocenter provide broad and far-reaching intelligent enterprise digital automation solutions. Using our solutions integrator framework we’re perfectly positioned to address the diverse and complex needs of any enterprise. We service thousands of clients, client locations, both in the U.S. and around the world, in many industries, helping to accelerate digital transformation by unlocking the power of people, processes and technology, with deep expertise in cloud, data, AI, cybersecurity, intelligent edge and workflow automation.
About the Author: Anicetus Fernando
Over 25 years of business and technology experience, including being the CIO, CTO, CISO for several companies and interim CEO for a MSP. Certified PMP, ITIL v3, Six Sigma Green Belt, CISO, Certified Scrum Master/CSM, SAFe Agilist, ServiceNow GRC. Masters in Marketing from Western Michigan University. Masters in Finance & Supply Chain Management from the University of Texas @Arlington.