How Business Continuity, Information Security and Risk Management Collaboration Bolsters Business Performance

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
Next How Business Continuity, Information Security and Risk Management Collaboration Bolsters Business Performance-8 Next

Best Practices

Priorities for Best Practice in Convergence of Business Continuity, Security and Risk Management

When it comes to best practices for convergence of business continuity, organizations should consider their end-to-end ecosystem, including third parties and suppliers, and capitalize on opportunities to leverage and share information and processes with security and risk management teams and disciplines.

  • Share organization and risk frameworks: When mapping business continuity requirements, it is critical to look at organizational hierarchies and processes and evaluate the actual tolerable period of disruption. Impact analysis will prioritize the various processes, and a risk assessment will help in creating a risk register in line with both enterprise risk management and information security.
  • Develop a strategy on determining how to deal with important issues: Maintain, review and exercise plans on an ongoing and continuous basis, and integrate issue management with crisis management processes that are used by security and risk teams.
  • Think through the cascade effects of an incident: For example, business continuity and operational risk teams should understand the risks of security attacks inherited in backups. They should be objective, honest and should view risks from all the angles before planning exercises.

By Yo Delmar, vice president GRC Solutions at MetricStream, and Harvey Betan, associate principal at Risk Masters Inc.

Business continuity programs are often considered on a standalone basis, but recent incidents that involve security breaches highlight how business continuity, disaster recovery, security and risk management teams are compelled to work more closely together in order to understand the true likelihood and impact of potential disruptions to the business. Let's consider the situation, for example, when an IT infrastructure is compromised or made unavailable (e.g., DDoS attack) to an online banking site or an online retailer. Companies that have been impacted by these types of incidents have experienced, in some cases, dramatic effects on their business operations and revenues. To ensure that the business sails smoothly, more and more organizations are beginning to converge IT security, risk management and business continuity teams in order to establish and agree upon a common framework and processes for crisis management.

Today, business continuity planning and management goes beyond the physical continuity of the business, encompassing areas such as e-continuity, as well. We live in an era of e-business, with a growing percentage of business transactions moving through the Internet, extranets, virtual private networks and cloud service providers. The complexity of this ecosystem has given rise to a larger threat surface, with a higher number of threats to digital information and traffic flows. Over the last two to three years, the rise in cyberattacks has driven an integration of security with operational and enterprise risk management. More recently, business continuity and disaster recovery teams have become an increasingly key partner in these collaborative teams as a natural fit in the larger concept of a 360-degree risk management.

 

Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

 
More Slideshows

Five9RemoteEmployees0x 5 Best Practices to Enable Remote Workers

Recent years have seen a significant increase in the remote workforce as developments in technology have given employees the freedom to work anywhere, anytime. ...  More >>

DataM62-190x128 10 Steps for a Proper Data Governance Plan

Establishing a digital governance plan can be a challenge, but with the right education and tools, the job can be made a lot simpler. ...  More >>

PlexxiITRoles0x IT Roles: The New Faces of Network Infrastructure

The newfound emphasis on tools and service integration is shaping a new crop of industry professionals — the actual faces behind the IT infrastructure. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.