How Business Continuity, Information Security and Risk Management Collaboration Bolsters Business Performance

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
Next How Business Continuity, Information Security and Risk Management Collaboration Bolsters Business Performance-6 Next

Evolving Threat Landscape

A huge driver of collaboration is the evolving threat landscape. Teams need to consider the basic question: What increases threats to critical resources, business processes and sensitive or regulated information? Factors may include the physical or electronic availability of information anywhere, anytime accessibility to devices like Internet, smartphones, or BYOD; a lack of transparency in the context of third-party relationships – in particular, cloud service providers; or lack of verifiable controls and testing visibility into control states.

Emerging threats span a wide range of technologies (e.g., mobile computing, social technology) and infrastructures (e.g., critical infrastructure, trust infrastructure, cloud computing and Big Data). One of the most rapidly emerging threats is supply chain interruption – either upstream or downstream or through indirect incidents. An example of an indirect incident is the 2012 volcanic eruption in Iceland. While the eruption itself was isolated to that area, volcanic cloud floated to northeast Europe, affecting air travels and deliveries. Increasingly, internal and external political issues should be considered in the threat landscape. For instance, in post-revolution Egypt, with the change in government, organizations not only had to deal with various supplier issues, but with the government restricting access to the Internet. Human-caused events like lockouts or leadership change in an organization are also being considered more and more in the business continuity threat landscape.

By Yo Delmar, vice president GRC Solutions at MetricStream, and Harvey Betan, associate principal at Risk Masters Inc.

Business continuity programs are often considered on a standalone basis, but recent incidents that involve security breaches highlight how business continuity, disaster recovery, security and risk management teams are compelled to work more closely together in order to understand the true likelihood and impact of potential disruptions to the business. Let's consider the situation, for example, when an IT infrastructure is compromised or made unavailable (e.g., DDoS attack) to an online banking site or an online retailer. Companies that have been impacted by these types of incidents have experienced, in some cases, dramatic effects on their business operations and revenues. To ensure that the business sails smoothly, more and more organizations are beginning to converge IT security, risk management and business continuity teams in order to establish and agree upon a common framework and processes for crisis management.

Today, business continuity planning and management goes beyond the physical continuity of the business, encompassing areas such as e-continuity, as well. We live in an era of e-business, with a growing percentage of business transactions moving through the Internet, extranets, virtual private networks and cloud service providers. The complexity of this ecosystem has given rise to a larger threat surface, with a higher number of threats to digital information and traffic flows. Over the last two to three years, the rise in cyberattacks has driven an integration of security with operational and enterprise risk management. More recently, business continuity and disaster recovery teams have become an increasingly key partner in these collaborative teams as a natural fit in the larger concept of a 360-degree risk management.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

gig economy How the Gig Economy Is Changing the Tech Industry

The gig economy is clearly disrupting the tech industry, both in positive and negative ways. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.