developing a crisis management portal

8/3/2019 Developing a Crisis Management Portal

1/4


2/4

Approach

A Portal BasedThe Art of Crisis Management:

In our previous issue of Spotlight on Business, John Ho Chi

discussed the issues and needs for crisis management in

The Art of Crisis Management: The Technology Enabled Approach

With new and unexpected crisis situations appearing, there is

definitely more to crisis management now than we had ever

experienced in even the most severe crises of the past. The

dimensions and stakes are now greater than ever.

This issue: John describes the framework for a crisis management

portal

16

A potential crisis or threat is sometimes

never treated with the same degree of care

and trepidation until it strikes home, or near

home. The recent catastrophic events such

the recent blackout in the US and theSoBig.F virus have increased the awareness

of the need for good crisis management.

The need for it is not a question of good to

have or nice to have, as it can make the

difference between bad or worse.

The United States saw its biggest blackout

in the nations history, which affected

its northeastern region. Cities like New

York grinded to a halt as businesses failedto continue and connectivity, wireless and

wired failed.

Early reports indicated that there were

problems prior to the outage, including

strange voltage fluctuations in the Midwest

power grid hours before its transmission

lines failed. Indicators and warnings werealso given to but perhaps, were not taken

seriously on time.

The blackout that affected eight states, which

started on Thursday, 14 August 2003 and

lingered till Saturday, is estimated to have

cost hundreds of millions of dollars.

The explosive growth of the mobile phone

industry had apparently been the cause ofthe situation where wireless signals

interfered with the emergency radio

frequencies used by the police and fire

fighters - according to public safety agencies.

This in turn has affected rescue efforts in

emergencies where the radio of rescuepersonnel went dead due to overcrowding.

On the cyberfront, the SoBig.F virus spread

from unsuspecting computers when users

open email file attachments with familiar

headings such as, Thank You and

Re: Details. Once opened, the SoBig.F

virus used the infected computer to re-send

itself to the next wave of victims, and

signed the email with a random name andaddress using the computers address book.

And Responding To Worms & Viruses Effectively

Spotlight on Business

TECHOLOGY & SECURITYRISK SERVICES


3/4

The virus, which originated from a sex-

oriented Internet discussion group, spread to

hundreds and thousands of computers and

sent out millions of virus-infected emails,

causing massive traffic congestion problems

for companies network systems. Computer

administrators scrambled to identify the

source of the problem, and email, which is

depended heavily upon, was suspended for

outbound and inbound traffic.

So what sort of a tragedy and ho w many

wil l i t take , for companies to s ta r t

for a crisis, evaluating the potential

type of crisis, taking into account the

probability, setting up a loss event

sys tem, and the mechanisms for :

anticipation (key risk indicators),

d iagnos i s ( s e l f a s se s sment ) ,

development of plans (strategy and

development), training and awareness

(information database).

! The During Stage, is concerned

with the deployment of plans (plan

repository, database) based on the

the r i s k o f los s r esu l t ing f rom

inadequate or failed internal processes,

people and systems or from external

events.

According to the paper, it is important

to note that this definition is based on

the underlying causes of operational risk.

It seeks to identify why a loss happened

and at the broadest level includes the

breakdown by four causes : people ,

processes, systems and external factors.

17

thinking about how they would respond

to a disruptive event? And what lessons

can we learn from them?

FRAMEWORK FOR A CRISISMANAGEMENT PORTAL

The development of a crisis management

plan can be enabled with the use of

t e chnology; us ing a por ta l ba sed

approach that can support the drafting

and build-up of the knowledge, plans,

a s se s sment and moni tor ing of the

effectiveness of the plans when it needs

to be deployed.

The f ramework can be divided into

three stages:

! The Before Stage, which focuses

on the organisation preparing itself

crisis encountered, command centre

reporting, and resuming to normal as

quickly as possible. This calls for

intensive coordination, communication,

reaction and monitoring.

! The After Stage, will focus on the

assessment of the impact, damage and

future prevention; and if possible withearlier anticipation, analysis, learning

from the mis takes and update of

the los s /nea r mis s in to the los s

event system.

DEVELOPING A LOSS EVENTDATABASE

A definition from a paper prepared by the

Risk Management Group of the Basel

Committee, defines operational risk as:

As such, processes will need to be put

in place for the collection and analysis

of loss data. Depending on the nature

of a companys activities, the industry

and the landscape in which it operates,

there does not exist today an industry

standard for collecting and analysing

ope ra t iona l los s da ta . And i t i s

only when such loss data is collectedand s tored in a manne r tha t w i l l

facilitate analysis, can we than design

the Key Risk Indicators (KRIs) and

Control Self Assessment Program. In this

way, the future and respectively the

future events become less unexpected,

unknown and unpredictable.



4/4

DEVELOPING THE PLAN IN THEBEFORE STAGE

The use of t e chnology co l la t ing

information in the development of plans

offers several advantages. For one, it

allows users a single point of access to

submit the information in pre-defined

templates with explanatory notes to

assist them in understanding the required

information to be entered. Depending on

the need, process and dependencies can

also be linked so that the full picture

can be seen.

18

as the steps to be followed based on the

scenarios planned. Multiple tasks from

an occurrence, through response and

recovery, can be guided from the plans

s tored in the por ta l , which can be

accessed via a connected link.

! Standa rd Ope ra t ing Procedure s

(SOPs) integrate with emergency

plans, provide real-time modification

or additions to SOPs as conditions

more effective and efficient channel to

maintain the crisis management plan,

relevant information, and preventive

moni tor ing mechanisms wi th the

ava i lab i l i ty o f a command cen t rereporting when needed.

Regardless of the source of crisis: a

natural phenomenon, human activity or

inactivity. and no matter what type it is:

destructive or not; sudden, emerging or

stable, it goes through several stages.

According to the experts, the number of

those stages differs, ranging between

three and f ive . But the former a re

unanimous in that, crisis management

involves all procedures, initiatives and

activities carried out before, during

and after the crisis event.

However, in the final analysis, it is the

board of direc tors who must e f fec t

policies to ensure that the company is

ac t ing responsibly, and is sui tably

prepared to deal with crises. Critical

success factors will require investment

in the people with the right capabilities,

and deployment through the enterprise

to ensure i t s subs ta inab i l i ty . This

inc ludes focus ing on , no t on ly the

ini t ia t ives tha t a re direc t ly re la ted

to profits, but also those that are related

to reducing risks and preventing chaos

in a crisis - by avoiding the pitfalls

of catastrophe.

John Ho Chi (email :john.ho-chi @sg.ey.com)

is a Pri ncipal of Ernst & Young Technology& Securit y Risk Services

warran t , and au toma t ica l ly log

procedure status to completion;

! Emergency contact l ist mentioned

earlier also provides a log of both

training and certifications of staff and

other organisations personnel who,

when a s s igned , a re r ecorded

automatically in the incident log;

! Dashboa rd t echnology can be

incorporated to create a briefing tool,

showing key indicators of the real-

t ime response capabi l i t ies of the

organisa t ion in both tabular and

graphical formats.

IN CONCLUSION

At the end of the day, the goal of the

portal is not to save money. But allow a

Mil l ions of virus- infected emailscausing massive t ra f f ic congest ionprob lems fo r compan ies ne tworksystems sent computer administratorsscrambling to identify the source oft he problem.

Having stored them in electronic form,

the same single point of access will also

facilitate the search for information

through a menu structure tailored for the

organisation resulti ng in faster access to

information.

In peace time, the simulation testing

of the plans wil l a l low users to befamiliar with the framework, and its use

a l low for f lexibi l i ty of access and

refinement of the specifications needed

to support the crisis.

USING THE PORTAL IN THEDURING AND AFTER STAGE

When a c r i s i s i s me t , the contac t

management database will allow the

Crisis Management Team to identify the

points of contact for activitation, as well


developing a crisis management portal

Documents