26 February 2023

C²: Enterprise Continuous Continuity…

Business Crisis and Continuity Management (BCCM) is a dynamic change management initiative that requires dedicated resources, funding and auditing.

Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C², or “Continuous Continuity”.

A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare. These nightmares are “Loss Events” that could have been prevented or mitigated all together.

According to the best practices from several sources, the Board of Directors is responsible for the BCCM of an organization. Let’s take a look at what the highly influential Basel Committee says about one principle as it pertains to business continuity:

Review and Testing of Business Continuity Plans – Basel Principle 13

“It is the responsibility of the organization's Internal Audit and Business Continuity functions to ensure that all of the organization's business continuity plans are tested and reviewed on a periodic basis to spot incorrect assumptions, oversights or changes to equipment, and employees and to identify any changes in business requirements not reflected in specific plans. Any undocumented requirements must immediately be documented. In addition, appropriate information owners and users must be informed of updates to plans.”

  • The following testing techniques must be used to ensure the continuity plan can be executed in a real-life emergency:
  • Table-top testing: Discussing how business recovery arrangements would react by using example interruptions such as ransomware.
  • Simulations: Training individuals by simulating a crisis and rehearsing their post-incident/crisis management roles .
  • Technical recovery testing: Testing to ensure information systems can be restored effectively.
  • Testing recovery at an alternate site: Running business processes in parallel with recovery operations at an off-site location.
  • Test of supplier facilities and services: Ensuring externally provided services and products will meet the contract requirements in the case of interruptions.
  • Complete rehearsals: Testing to ensure the organization, employees, equipment, facilities and processes can cope with interruptions.

The best practices talk about a BCCM that will be periodically updated. Periodic is not continuous. Change is the key factor here.

What changes take place in your organization between these periodic updates?

How could any organization accurately account for all the changes to the organization in between BCCM updates? The fact is that they can’t.

This will change over time as organizations figure out that this is now as vital a business component as Accounts Receivable. The BCCM will become a core process of the organization if it is not already, dynamically evolving by the minute as new change-based factors take place in the enterprise.

As new or terminated employees, suppliers and partners come and go into the BCCM process, the threat profile is updated in real-time.

This takes the operational management that much closer to C², or “Continuous Continuity”.

The enterprise today that understands the myriad of potential threats to its people, processes, systems and structures, stands to be better equipped for sustained continuity of Operational Risk Management and business operations.

20 February 2023

Human Dialogue: "Decision Advantage"​ of a Trusted Digital Globe...

How will you innovate with your front line team this month and this year to enable more accurate and resourceful “TrustDecisions”?

The ability to make business decisions in a standardized process simultaneously wrapped around our own human intelligence is the real advantage.

A true “Decision Advantage” in a world of constantly changing conditions and data environments is one of the greatest challenges within our global Leadership Management.

Creating innovation around decision making may sound like a lofty goal. It is, and yet for your particular team or organization, it certainly is within reach.

How might your team utilize a process and method for making more rapid and effective “TrustDecisions” across your global enterprise?

While these words are being written by a human-being now and not an Ai such as C h a t G P T, our future lives will encompass a continuous process to gain a digital assets advantage.

“But we will not function successfully if the war for control of those assets is lost. The battlefield, however, is the one on which trust is to be gained or lost—trust in the information we use, trust in the infrastructures that support us, and trust in the decisions we make in a digital world.” Achieving Digital Trust - Jeffrey Ritter

A process that is focused on digital truth will require our continuous application of “Operational Risk Management” combined with our global data governance collaboration.

  • Have you this week in the United States tried to unsubscribe from an e-mail list and did not find a digital link at the bottom of your e-mail to accomplish this?
  • Have you this week scheduled a 45 min Digital Zoom meeting and found yourself at min 44 without a decision?
  • Have you this week been taking depositions in California regarding the use of videos on your platform that are covered by Section 230?

"From the Board Room to our modern day asymmetric battlefield, achieving digital trust will open eyes. It will provide us with a reference model that management and software architects have been seeking for decades.
The survival of the Internet as we know it, is currently at stake. Leadership shall provide a look into the transparency of «Trust Decisions» and how ensuring digital truth will shape our global governance for decades to come."

Innovation with making accurate and resourceful “TrustDecisions” will go far beyond technology or Zeros and Ones.

Our future will require so much more that will not be digital.

Think Human Dialogue.

It will require more “TrustDecisions” that are in person, Face-to-Face, Eye-to-Eye and finalized with a hand shake…


11 February 2023

4D: Extraordinary Risk…

As we gathered up our gear to walk out to the Bell 407 for another epic day one February in the remote mountains, you could just feel the “butterflies” in our gut again.

When you think of any challenging mission that has real risks, you and your team know that when you launch that daily objective and buckle up, that you have each others backs. Got your six.

You as a team have already trained to identify the risks, “Deter, Detect, Defend and Document” the environment you are operating within, that particular day.

"The helicopter now rapidly gained altitude and we looked at each other across the aisle with smiles on our faces. Our goggles made it hard to see each others eyes, but you could feel the adrenaline starting to take effect."

Now it’s all about, the person to your right and left, keeping each other in your peripheral vision to know that s/he is still there.

It was just another day in pursuit of the daily mission, accelerating down the mountain on our skis in endless powder snow.

Until it happened. Passing to close to the “tree well,” the edge caved in and now you could feel yourself falling down the deep hole around the trunk of the massive pine tree.

Catching your breath and now looking up, you could see the dark blue sky yet the surface was 6-7 feet vertical and you just hugged the tree in sub-freezing temperatures.

Then pure silence and just deep snow surrounding you and the tree well.

In the next minute, you realize you are in the red zone of risk and now your OPS training kicks in. Your thoughts wonder if you will ever make it back.

About 30 minutes later, you could hear our team yelling out and blowing their whistles. By now, that bright yellow plastic whistle we all kept around our necks was now being blown louder than ever before.

Finally, as someone from our Team, heard the whistle cadence of distress you could hear their voices getting even closer!

What are you doing down there our leader yelled out! As they threw down the bright orange knotted rope…

So what?

Do you have a “4D” Risk Strategy being utilized in your organization and with your team?

A "4D" Risk Strategy for Survival is only effective if it is operating on a continuous basis. You must create the culture and the due diligence to see that it becomes part of the fabric of your organization internally and with outsourced partners or suppliers.

Only then will the attacker (or nature) realize that this combination to Deter, Detect, Defend and Document is alive and growing in your enterprise. This is when attackers become discouraged, afraid, uncertain and ultimately ready for a new and less formidable adversary.

"Attackers use tools to exploit a vulnerability to create an action on a target that produces an unauthorized result, to obtain their objective. These "4D" lessons should put you on the way to creating a more survivable business.”

Whether you are at 9,000+ feet in the snow capped mountains in a foreign country or you are just sitting in your dark corporate conference room on “Chain Bridge Road” innovating to try and solve todays risk problem-sets does not matter.

Whether you and your particular team, devotes 1 hour, 1 day or 1 week to a potential threat risk to you or your organization training for “What If,” is what truly will make a future difference.

Operational Risk Management (ORM) will determine whether you ultimately just survive, or become:

Extraordinary adjective
1 a : going beyond what is usual, regular, or customary
       extraordinary powers

04 February 2023

Believe: You Are Not Alone...

You have questions just as many will, about why me, why now? The world we live in here on Earth is only a small example of one of our real miracles.

No matter what your future challenges are that await you in your particular life, remember what you have learned so far.

Make your best innovative decisions with the people you love and with faith.

Look up.

When was the last time you looked at the pictures from the James Webb Space Telescope (JWST)?

Our small lives here in our own families are where it all begins. How you as an individual decide to become a better Brother, Sister or even Father, or Mother.

Now take the time machine back to the early-nineties and standing in the driveway on a late afternoon in San Clemente, CA near Halloween, picture a 6-year old Sister and 4-year old Brother, that were showing off their excellent costumes.

In the picture, She has her arms around her younger brother, who is in his “Power Ranger Space Suit” costume and she is modeling in her most Barbie-fashionable off-the-shoulder pant suit.

Remember those times of fun and happiness with family? Even after 25+ years later…it is truly amazing.

“Life is not in our hands. We can only prepare for a life that will be uncertain. Train and learn for those most challenging times. Love and pray for those times that will surprise us.”

What do you think about, when you look at the snapshot of the “Tarantula Nebula” light-years away?

Think back and consider how much you have accomplished, where you have traveled and what you have learned in your journey so far.  Believe.