1 / 9

Strengthening the weakest link: Business Continuity Management for SMEs

Strengthening the weakest link: Business Continuity Management for SMEs. Dr. L. Marinos, ENISA. Essen, 5 October 2010. SME working assumption. SMEs are generated out of entrepreneurship and have low level of resources for “non-productive” investments

alea-rowland
Download Presentation

Strengthening the weakest link: Business Continuity Management for SMEs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Strengthening the weakest link: Business Continuity Management for SMEs Dr. L. Marinos, ENISA Essen, 5 October 2010

  2. SME working assumption • SMEs are generated out of entrepreneurship and have low level of resources for “non-productive” investments • Most of SMUs (esp. owners) have low level of BC knowledge • SMEs are not in the position to fully develop BCP • Even in case that there is some IT-knowledge, availability is usually not part of it • SMEs tend to use standard components (soft- and hardware)

  3. What is Business Continuity? • Business Continuity is the ability to continue the business in an (for the customer) acceptable. • For SMEs needs to be: • Low cost • Simple • Practical • Affordable on the long term

  4. Assess Risks and Impacts Identify the Organisation Initiate BCM Programme Incident Response Plan Incident Management Plan Business Recovery Plan Recovery Support Plan IT Service Continuity Plan Business Resumption Plan Business Continuity (Full version) Interface to other operational and product processes Conduct Business Impact Analysis Design BCM Approach Adapted Risk Management Activities Determine Recov. Options Analyze Results Define BCM Framework Agree Recovery Strategy Deliver BCP Prioritize Recovery Define Critical Resource Requirements Design BCP Assign BCM and Incident Responsibilities Test BCP Define BCM Policy Determine Type of Test Communications and Media Plan Write Test Plan Conduct Test Recurrence Deliver Debrief/Test Report Long term Middle term Sustain BCM Programme Short term Train Staff Maintain and Review BCP Develop Awareness

  5. Problems with BC (..as other sec issues) • Too complicated • Not business oriented • Too focused on technical assets • Too much concentration on threats • Too reliant on estimates of “probability” • Threat and vulnerability assessments too technical • Unrealistic targets • No clear action plan • TOO SLOW! Source: Jeremy Ward

  6. Business Continuity „Light“ • Low expertise in the area of BC • Simply structured • Balance between simplicity and effectiveness • Understandable relations between used terminology • Good basis for knowledge transfer

  7. ENISA-Approach http://www.enisa.europa.eu/act/rm/risk-management-for-smes-and-micro-enterprises

  8. In Conclusion • We see tendencies for simpler approaches • Become business oriented (no technical, threat etc.) • Promote through professional associations • Develop corresponding certification schemes • Promote generation of a relevant “market”

  9. Thank you for your attention louis.marinos@enisa.europa.eu ENISA Risk Management Web Pages: www.enisa.europa.eu/rmra

More Related