You can’t test absolutely everything; it’s fact that rapidly becomes obvious when you start to put together business continuity test scenarios. Common sense dictates that as a priority you should test the scenarios that have higher risk and that do more damage, all part of the risk and business impact analysis that goes into BC planning. It’s interesting to see that at a recent FICO-hosted (FICO does credit scoring, among other things) meeting in London, financial services organisations considered cyber-attacks to be a major threat as the 2012 Olympic Games in London draw closer. Is that conclusion based on feeling? Or is it a prediction based on scientific analysis?
The way things are going, predictive analysis, meaning the mathematical analysis of data to predict what will happen in the future, will feature more and more in business continuity planning and business continuity test scenarios. Whether or not the organisations above used it before voicing their opinion on threats is another matter, but FICO itself is a provider of analytics and decision management technology. That’s how it makes its credit scorings, the predictions on how creditworthy people will be coming from analysis of how they have performed in the past.
Predictive analysis is already big in a number of different areas, retail organisations being leaders in their use of these techniques to figure out what their customers are likely to buy next and adapting their marketing and merchandising accordingly. FICO’s involvement in mapping out 2012 Olympics threats suggests that business continuity is also a market of interest for predictive analysis vendors. Companies that are already using predictive analysis or more generally data mining techniques for other parts of their business might well consider the possibility of leveraging that expertise to risk and threat analysis, to predict which business continuity test scenarios would be the most appropriate.