POWERED BY
INTELLIGENT BRANDS // Enterprise Security
GCC needs stronger resilience
strategies in place, says Booz
Allen Hamilton
/////////////////////////////
Annual spend on data
security breaches is
far ahead of global
average, however GCC
organisations take
longer than European
counterparts to contain a
breach, a report from Booz
Allen Hamilton says.
O
across the entire organisation and to
help with the implementation of risk
management strategies. A sustainable
risk management programme covers
eight focus areas, including governance;
organisation and decision process;
strategy and policy; risk appetite and
tolerance; processes and tools; culture
and communication; performance
monitoring; and business intelligence.
rganisations in the GCC must make
resilience an integral part of their
threat mitigation strategy to ensure
that essential functions are restored after
disruptive events, a report by Booz Allen
Hamilton has revealed. GCC organisations
are already spending approximately
US$3.5million per year on identifying and
restraining data security breaches, far ahead
of the global average of US$2.1million.
Despite such enormous spends, GCC
organisations take longer than their European
counterparts to contain a breach, with the
average reported time in the GCC standing at
260 days, compared to 138 days in Europe. could reduce organisations’ exposure to
threats that result in untoward incidents.
GCC governments have recognised this
and, over the past decade, have begun to
implement systems and programmes to
help navigate uncertainty and enhance
preparedness and response capabilities. But
they need to take this a step further and
make it part of the strategic corporate and
national agenda.”
To reduce this gap, GCC governments are
equipping organisations in the region with
the necessary tools to build resilience across
industries. For example, the UAE’s Regulation
and Supervision Bureau (RSB) published
a set of business continuity management
regulations relating specifically to drinking
water, wastewater and electricity services
in Abu Dhabi. The UAE has also developed
several plans to manage emergencies, such
as the National Emergency Plan for the
Telecom Sector. Booz Allen Hamilton outlines the following
well-conceived ‘resilience equation’ that
protects organisations against potential
shocks; focuses on being proactive; helps to
explore options for dealing with surprises and
changes; and defines resilience objectives
and guiding principles. The resilience
equation comprises Risk Management (RM),
Continuity Management (CM) and Testing
and Exercises (T&E). Together they provide a
holistic view for organisations to thrive and
grow through changes and disruptions.
Jay Townsend, Principal at Booz Allen
Hamilton, said: “Investing in robust threat
mitigation strategies and resilience response 1. Robust risk management programme.
Organisations must consider an RM
programme to identify and assess risks
www.intelligentcio.com
Rosa Donno, Senior Associate at Booz
Allen Hamilton
2. Continuity management. A CM system
is capable of absorbing disruption and
provides backups and fail-safes, including
mechanisms for rapid response designed
to restore operating capacity. It covers
the following key areas – emergency
management plan; crisis management
plan; continuity of operations plan and
IT Disaster Recovery plan.
3. Testing and Exercises. These are T&E
plans and procedures that are capable of
revealing weaknesses and gaps and that
improve organisational co-ordination,
clarify roles and responsibilities, and
create a unique learning environment.
The best way to prepare for the
unforeseen is by assessing strategic
options and tactical plans through
testing and exercises. T&E unlock benefits
associated with building preparedness
and sustaining performance.
Rosa Donno, Senior Associate at Booz
Allen Hamilton, said: “GCC organisations
are already on the right track to building
resilience, but they need to be more
aware of their future threats and current
weaknesses, so that they can take informed
strategic and tactical decisions that can be
applied across the full spectrum of sectors
and industries region-wide, in order to
prepare for risks and respond effectively to
internal and external events.” n
INTELLIGENTCIO
71