TheMagnet® successfully drafted a complete set of documentation on Risk Register, Risk Assessment, Business Continuity Plan, Business Impact Analysis, and Criticality Requirements Assessment for Public Warning System through mobile phones.

TheMagnet® Consulting Advisors team: Periklis G. Theodoridis, Panikos Kalos, Dr. Evagoras D. Constantinides, Mario Panayiotou 

The Client

The Client, Cyprus Civil Defence, is a Department of the Ministry of Interior whose main mission is the protection of the population. It is responsible for taking measures in response to natural or man-made disasters, potentially threatening human life and welfare, or even extensively damaging the island’s environment and natural resources. It is also responsible for protecting the civilian population during periods of armed conflict. The measures taken by the Cyprus Civil Defence include a series of actions regarding disaster prevention, preparation, response, strategic planning, education, mitigation, and rehabilitation at the aftermath of disasters.

Challenge

Cyprus Civil Defense had requested for a Risk Assessment exercise as per Digital Security Authority (DSA) Decision 389/2020 for a Public Warning System.

The main purpose of the Risk Assessment, which includes the Contractor Risk Assessment and the Interdependencies Risk Assessment, is to provide a structured framework to identify and treat the risks involved with planning, design implementation and monitoring of a Public Warning System for the Republic of Cyprus which also takes into consideration Law 389 regulated by the Digital Security Authority.

TheMagnet® Approach

1. Worked on 3 risk assessments:

1. The Client Risk Assessment
2. The Contractor Risk Assessment
3. The Interdependencies Risk Assessment which develops the business continuity management system required

2. Categorized the Risks into the following areas:

1. Geographical coverage risks
2. Cyber Security Risks
3. Network Continuity Risks
4. Physical Risks
5. Natural disaster risks (earthquakes, extreme weather, pandemic, fire, floods)
6. Malicious attacks risks (war, civil war, riots, terrorist attacks)
7. Detection Risks (ability to detect an adverse incident at time of incident)
8. Communication Strategy Risks (the strategy in which person A detects and communicates incident to person B who then initiates the Public Warning System using correct and agreed protocols and authorization levels)
9. Financial Risks (cost of developing the Public Warning System as well as the cost of replacing resources lost during a major incident.)
10. Regulatory Risks (inability to comply)

3. Developed a Business Continuity Plan as well as a Disaster Recovery Plan.

The Business Continuity Plan, along with the Disaster Recovery Plan, describe the procedures to be carried out in the event of a major incident affecting the service of the Public Warning System. The Business Continuity Plan details the overall approach to Business Continuity and provides a framework to document and structure the response to a continuity incident by addressing the requirements for services, processes, and network systems.

Outcome

TheMagnet® successfully drafted a complete set of documentation on Risk Register, Risk Assessment, Business Continuity Plan, Business Impact Analysis, and Criticality Requirements Assessment for Public Warning System through mobile phones.