5. Business Continuity

5. Business Continuity

I have successfully led a team, prepared and completed coursework and presented to ~40 people on the following topics:


Incident Management

Using frameworks from NIST and NCSC. Completing an incident management plan including triage, analysis, mitigation/containment, remediation/eradication, recovery and review. Reference to and knowledge of governance, response team formation and roles and responsibilities therein.


Business Resilience

Risk management. Reference again to NIST framework and also the 4 phases of business resilience as devised by NCSC: prepare, absorb, recover and adapt. Looking specifically at the importance of business continuity, crisis management and response and the importance of communication, adaptive systems/flexibility and testing.  Cyber supply chain risk management.



Industrial Control Systems/National Critical Infrastructure


ICS (e.g. Purdue model). IT/OT/IiOT/IACS/SCADA/DCS/PLC/RTU. Sensors and actuators and potential vulnerabilities. Regulatory compliance. Knowledge gaps/differences between OT and IT. Restricted access and detection. Research into well known ICS attacks (e.g. Ukraine Power Grid 2015)



Physical Security


Industrial standards. Access and mitigation.Risk (likelihood and impact),.Defence in Depth and controls in all areas, organisational choices, assets/threats/impact/controls.  Theoretical attacks and improved protection, high value sites and existing/required security. Secure destruction of data, ID checks. Vetting, training, essential services protection. Hostile vehicle mitigation, terrorist attacks etc




Share by: