November/December

In this issue:

• FEATURE: Blast From the Past: Minneapolis Continuity Planning in Action: A Bridge to Tomorrow, by Doug Sievers
• NEWS: LogMeIn Central: When you can’t get to the office, the office can come to you
• FEATURE: Blast From the Past, part 2: America's Critical Infrastructure Is Crumbling, by Buffy Rojas
• WEBINAR: Data Breach - The Missing Piece in Your Business Continuity Program
• FEATURE: Guest Editorial: The Wild World of Words, by Kevin Burton

FEATURE: Blast From the Past: Minneapolis Continuity Planning in Action: A Bridge to Tomorrow, by Doug Sievers
This month, we're going retro and calling up a few articles from issues past that are still relevant planning topics today. First up, a guest editorial by Doug Sievers.
It may seem uninspiring to spend one's days planning for an undesired event, but it helps to remember that the planning and preparing for a disaster, like the responding and diagnosing, depends on a key intangible that, like the disaster itself, can be difficult to predict, awe-inspiring when it occurs, and life-altering in its effects: the act of giving. Read More.

NEWS: LogMeIn Central - When you can't get to the office, the office can come to you
When you can't get to the office, the office can come to you.
It's easy… as long as you prepare. Simply use LogMeIn Central to deploy remote access to all your computers, giving employees access to their programs and files from anywhere, at anytime.
With LogMeIn Central, you also get a command center to monitor usage and add or delete users on-the-fly. You get the right management tools to stay on-track, even under unique circumstances like a flu outbreak, snowstorm, transit strike or other event that prevents employees from coming to the office.
Keep your business running with remote access.
Start your preparation now with a free 14-day trial of LogMeIn Central. Read More.

FEATURE: Blast From the Past, part 2: America's Critical Infrastructure Is Crumbling, by Buffy Rojas
Most of us drive across at least one bridge on our way to work every day and we don't even think twice about. Well, here's something to think about: one in four bridges is dangerously deteriorated and may be at risk for collapse, according to recent reports. Read More.

WEBINAR: Data Breach - The Missing Piece in Your Business Continuity Program
If your organization holds customer or patient data, you must protect it. If a compromise occurs, you must respond. Having a response plan in place is critical to effective management of the event. This Webinar will instruct attendees on what BC practitioners need know about data breach threats, what the current and proposed federal notification requirements are, how state statutes impact an incident plan, and most importantly, how to get your plan up to speed.

Sponsored by: InfoLaunch/Avalution Consulting
When: Thursday, December 10, 2009 1:00 PM - 2:00 PM EST

Listen Now

FEATURE: Guest Editorial: The Wild World of Words, by Kevin Burton
Imagine a world in which we are free to use terms that make sense as opposed to those that have become status quo because no one cares (or dares) to ask "Why do we call it that?" What if we could use language in our industry that mattered because it made sense?

In my opinion, the business continuity and disaster recovery industry has developed a vernacular that misrepresents what we do. This is because the words we use aren't driven by common sense. With this in mind, I decided to play a "what if" game and ventured out into the wild world of words to take a look. Here's what I can make out, having consulted the American Heritage Dictionary, the Oxford English Dictionary, and Wiktionary.

Defining Risk
The term "risk" is used in both common parlance and technical contexts. Technical senses of the term vary from field to field; the engineer's definition may differ from the insurance company's.

There are at least three common uses of the word risk. First, risk is used generally to refer to being under threat. The second use of risk is that which puts something under threat. Consider the statement: "The heavy rains have put the levies at risk." In this scenario, both of the following are true: "The rains are a risk" and "the levies are a risk." Note that the levies are both at risk and a risk.

The third use case is "risk" as a verb to refer to endangering activity: the act of putting a good under conditions of possible loss. Risking is the action of putting at risk, as in "risking it all" or "to risk your health." Sometimes this act of risking is unintentional. But "to risk" is often to jeopardize intentionally some good for the sake of some greater good.

To sum up, I'll be using "risk" and its cognate forms to denote the state of some good being in danger; something that puts some good in danger; or the act of putting it in danger, often intentionally and for the sake of some other desired good.

In the course of daily life, assets and well-being are regularly at risk. In fact, life's choices often put those assets at risk for the sake of some net gain. Sometimes those choices are ill-advised, other times recommended, and still other times counter-balanced. Simply living is a form of enterprise in which we are daily confronted with choices to hazard loss for the sake of gain. One cannot opt out of the bet.

Presumably, one tends to increase one's risk in this business by proceeding blindly, without foresight or "thought for the future." As any paramedic can attest, the average home is a dangerous place; yet it is more so in the dark.

Other Words
Unlike risk, the words "consequence" and "hazard" are straightforward. The fundamental sense of "consequence" is of something following another on which the first depends. The dependence may be logical or causal. Something that causally depends on another (whether an event or a state) is an effect. For example, as a consequence of being exposed to sun, the newspaper turned yellow. A proposition may logically depend on other propositions where together they entail that proposition. The causal sense is the more typical in talk about risk, and though it is often used contextually with negative connotations of loss, the word itself is not evaluative. A consequence may be good, after all.

"Hazard" has roots in an Arabic word for dice, and as a noun still retains the notion of chance, risk, venture, and, in an extended sense, danger. Used as a verb, to hazard is to take a chance, to put at risk. Of course, in spite of its typically negative overtones, one may intentionally face hazard in order to profit.

Now on to "threat." The word has ancestry in Old English terms for a band, crowd, or troop. Since these often represented forceful influence, the noun came to refer to pressure, compulsion, distress, and danger. Later still, and in keeping with a lot of contemporary usage, threat came to refer to an announcement of infliction of loss conditional upon some action or, in a figurative extension, to refer to an indication of potential loss. Currently, threat is also used widely to denote some condition or actor that puts some good at risk. Semantically speaking, it seems acceptable to say, for instance, that "The heavy rains are a threat to the unprotected topsoil", or "The rebels are a threat to civil society."

Impact or Value?
I'm pretty happy with the way we conduct risk assessments, with the way we discuss threats, hazards, and consequences. What I'm not happy about is that we call an assessment of the businesses we are protecting a business impact assessment or analysis (BIA). If we are to protect value by mitigating risk, isn't the idea to first assess the value we are protecting?

I have to wonder when we got stuck on the BIA–and made the second step in any sound BC/DR program all about loss and impact–when it seems to me we should be talking about value protected from harm. When you think about it, it really changes the whole scope of the average BC/DR Program. Chicken Little shouts "Impacts!" but it's the successful team player who brings value.

Too bad we don't live in that imaginary world where we could stop being the canary in the coal mine and start being the value multipliers we were meant to be. But who am I to say? If the industry wants to hold on to that impact-first view, then so be it. For those who want to continue to sell their programs based on impacts yet to come instead of value protected today, then that's a risk I'll let them take. CI