May 1st, 2008
Securitydirector, LLC has announced the Private Beta release of its Enterprise Resilience Portal (ERESP). Small & Mid-size organizations are increasingly sensitive to their need for effective security, emergency, and continuity management practices. Yet, their path toward organizational resilience remains a challenging one, due to the high costs of traditional consulting practices, the multitude of legal requirements and industry guidelines, and the fragmentation of tools and applications required to achieve best practices. The Enterprise Resilience Portal changes this landscape by merging the core universal elements of resilience-related management programs in a proprietary Software-as-a-Service (SaaS) platform that facilitates adoption, encourages participation, and improves the effectiveness of any program aimed at managing risks and ensuring business continuity. ERESP is an outsourcing solution accessible as a conventional Web-application for most SMEs, in a licensed version for multinational corporations, franchises, and Homeland Security, or in a branded form for independent consultants and commercial partners. ERESP applications include: secure reporting & communication, online publishing, multimedia training & education, surveys, polls, leadership definition & workflows, and more.
Tags: business continuity, compliance, corporate security, emergency management, enterprise resilience, risk management, security management, SME
Posted in Industry Updates, Product Updates | No Comments »
May 1st, 2008
On August 3, 2007, Public Law 110-53 (”Implementing Recommendations of the 9/11 Commission Act of 2007″) called for the development and identification of ‘all-hazards emergency preparedness’ standards and best practices, fostering a voluntary preparedness program that would specifically include small business concerns (see Title IX.) In January of 2008, an interdisciplinary team of representatives from professional organizations including security, business continuity, emergency, and enterprise risk management issued a report titled “Framework for Voluntary Preparedness“, highlighting the significance of ‘core elements’ shared by regulations, standards, and best practices across these resilience-related sectors. This represents another exciting validation of our business model and a great opportunity for growth. Securitydirector, LLC has been advocating the convergence of tools, workflows, and applications related to the wide spectrum of security, compliance, and resilience practices within the enterprise since 2001, with the first release of the Enterprise Resilience Portal (ERESP), where ‘core features’ are a process-engineering translation of ‘core elements’.
High costs and the absence of clear and direct economic incentives are recognized as key challenges in the movement of any organization toward the adoption of security, emergency, and continuity management practices, particularly for Small and Mid-size Enterprises (SME). However, resistance is also caused the highly fragmented, inconsistent, or often redundant nature of processes and applications that each initiative or management practice demands for adoption and implementation. The “siloed” approach that characterizes many of today’s resilience-related management initiatives such as IT security, RM, BCP, WVP, Assets Protection, etc., is often the primary cause of their cost, ineffectiveness, and weak adoption rates. ERESP was designed from ground up as a dedicated platform featuring the tools and workflows that support the entire lifecycle of such management programs, dramatically reducing both time and costs traditionally associated with creating and sustaining risk mitigation programs. ERESP represents not only the new platform for the exchange of knowledge, products, and services between selected security providers and corporate leaders, but also an innovative, measurable effort in support of risk-management-related economic incentives.
Tags: BS 25999-2, business continuity planning, compliance, enterprise resilience, ISO/PAS 22399, NFPA 1600, risk management, security management
Posted in Industry Updates, News | No Comments »
May 1st, 2008
IT Security, Assets Protection, Crisis Management and Disaster Recovery, Workplace Violence Prevention, Intellectual Property Protection, and other “resilience-related” practices have grown in the past two or three decades into highly mature and specialized industries, unfortunately with little benefit if not negative consequences for most organizations outside of the club of Global 2000 and a few other Multinational Corporations. Each domain creating and safeguarding its own standards and applications, and shrouding their efforts in cloak of mystic and complexity to ensure the market dependence on its services. This is not to dismiss the value of specialized knowledge, but the growing complexity and fragmentation of solutions has alienated most business leaders who clearly need to maintain a higher-altitude perspective on the subject of organizational resilience. Ironically, one can recognize early efforts toward the development of yet another specialized industry around resilience, instead of recognizing it as a convergence requirement.
By looking at today’s security, emergency, and continuity management standards among Small to Mid-size Enterprises (SMEs), one can clearly see an imperative need for convergence, and one which extends across all resilience related practices and initiatives, not just for the often-debated physical and IT security domains. To achieve this, the organizational resilience realm needs new management platforms to improve work-flows and content, distribute knowledge, and ultimately reduce barriers to entry.
Why is convergence and a dedicated software platform the solution? The short answer is: because the fragmentation and complexity of security and risk mitigation solutions contributes the low adoption, weak interest, and poor participation by people who are the most significant element in producing as well as managing risk, regardless of industry or size of the organization.
An astounding majority of business losses and vulnerabilities are the result of very unsophisticated crime, grossly overlooked misconduct, and basic carelessness. Hundreds of millions of dollars are lost each year by SMEs and large corporations alike because of the lack of a basic background verification process, a simple intellectual protection program, or a routine data backup and recovery procedure - not because they failed to update their port-scanning application from “version 6.1 to 6.2″, or because their risk assessment application utilized outdated crime statistics for the satellite office location.
Resilience is first and foremost a culture (which some enterprise leaders adopt innately, without having to read ISO-PAS-22399), and one that happens to be ever more relevant and multi-dimensional in the current business world. A 65-page All-Hazard Emergency Action Plan & Procedures manual is no substitute for an aware employee who notices and reports a jammed emergency exit door, or knows where to go if the ground starts shaking. Similarly, a ‘culture’ of challenging unknown or badge-less individuals within a closed work environment can be be more effective than the latest biometric technology. People, and their well-being, are not only the obvious priority of any sensible security and continuity program, but also its greatest vulnerability (as even system-centric IT-gurus and hackers will admit.)
What most experienced risk mitigation consultants know but refrain from disclosing (or admitting in some cases) is that the bulk of know-how, and technology that would address 80% of an organization’s risks and liability exposures is far from exotic and well within reach of any firm with 20 to 500 employees. But the barriers to entry for most SMEs - chiefly cost and complexity - are such that they are too often left at the mercy of uniformed guards and access control systems providers.
The measure of an organization’s resilience is in the degree to which its people are active participants in understanding and containing risks.
Now, to achieve awareness and participation, risk evaluations and mitigation practices need to be meaningful, relevant, and easy! That is exactly the opposite of what specialized, ’siloed’ programs and initiatives achieve if driven by the specialists themselves. Which explains how even the largest corporations, with immense resources and maturity, routinely underestimate and mismanage crisis. Today, we have started to recognize the need to cut redundant efforts and identify shared features and resources across resilience-related practices (see this post) and, in this day and age, dedicated software platforms for converging content, applications, and work-flows have demonstrated to be the fastest and most effective way to achieve this. A perfect example of this scenario has been playing itself out in both the ERP and CRM spaces, where masses of small and large organizations sidestep narrow-domain resources and applications in favor of dedicated, unified platforms from the likes of SAP, SAGE, Oracle, and Salesforce.com.
The value of a converging application that hosts the shared elements of the resilience-related practices goes beyond the obvious “simplicity = adoption” equation and the cost reduction benefits. It actually affords a level field from which top management can better evaluate threats, vulnerabilities, and risk mitigation priorities. The Web 2.0 environment can empower any firm with survey and assessment tools, knowledge management, or training and testing solutions that are vastly superior and much more accessible then the current, packaged, vertical applications. What better use for this new Web-centric environment than that of bringing resilience knowledge, applications, and practices to the widest possible audience?
Tags: business continuity planning, compliance, convergence, corporate security, disaster recovery, emergency management, enterprise resilience, ISO/PAS 22399, NFPA 1600, risk management, security, security management, small business, SME
Posted in Opinions | No Comments »
|
|
