How Business Continuity, Information Security and Risk Management Collaboration Bolsters Business Performance

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
Next How Business Continuity, Information Security and Risk Management Collaboration Bolsters Business Performance-7 Next

The Quintessential Triad in Risk Management

Business continuity management (BCM) is the strategic and tactical capability of the organization to plan and respond to incidents and business disruptions in order to continue business operations at an acceptable, pre-defined level, according to the Business Continuity Institute. Many of the core functions of BCM are foundational with other risk management and compliance disciplines. For example, information security is all about protecting information assets. Operational risk focuses on minimizing losses resulting from inadequate or failed internal processes and systems, human factors or external events. There is a fundamental overlap between the mission and objectives of business continuity, information security and operational risk management.

For example, BCM helps in managing business continuity requirements by mapping organizational hierarchies, conducting business impact analysis and establishing a risk register. That risk register can be extended to include information security risks, and also become part of a larger operational and enterprise risk framework. BCM helps in developing strategy, identifying preventive controls and developing an incident response structure, disaster recovery and communication plan. Again, information security and compliance teams can work from the same control framework, gaining perspectives from other groups' testing, and reusing test results from other teams in analysis. BCM also tests, maintains, reviews and exercises plans. It manages disaster recovery requirements by conducting damage assessments, invoking a disaster recovery plan and initiating recovery activities, all of which flow naturally into operational risk management.

When properly designed, the convergence of IT security, risk management and business continuity can be the quintessential triad in risk management.

By Yo Delmar, vice president GRC Solutions at MetricStream, and Harvey Betan, associate principal at Risk Masters Inc.

Business continuity programs are often considered on a standalone basis, but recent incidents that involve security breaches highlight how business continuity, disaster recovery, security and risk management teams are compelled to work more closely together in order to understand the true likelihood and impact of potential disruptions to the business. Let's consider the situation, for example, when an IT infrastructure is compromised or made unavailable (e.g., DDoS attack) to an online banking site or an online retailer. Companies that have been impacted by these types of incidents have experienced, in some cases, dramatic effects on their business operations and revenues. To ensure that the business sails smoothly, more and more organizations are beginning to converge IT security, risk management and business continuity teams in order to establish and agree upon a common framework and processes for crisis management.

Today, business continuity planning and management goes beyond the physical continuity of the business, encompassing areas such as e-continuity, as well. We live in an era of e-business, with a growing percentage of business transactions moving through the Internet, extranets, virtual private networks and cloud service providers. The complexity of this ecosystem has given rise to a larger threat surface, with a higher number of threats to digital information and traffic flows. Over the last two to three years, the rise in cyberattacks has driven an integration of security with operational and enterprise risk management. More recently, business continuity and disaster recovery teams have become an increasingly key partner in these collaborative teams as a natural fit in the larger concept of a 360-degree risk management.


Related Topics : A Big Market for Big Data Jobs, Midmarket CIO, IT Management Automation, SharePoint, Technology Markets

More Slideshows

gig economy How the Gig Economy Is Changing the Tech Industry

The gig economy is clearly disrupting the tech industry, both in positive and negative ways. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.