The monthly NoticeBored security awareness deliveries continue with the relase of a thoroughly updated and refreshed module on business continuity management.
Do you like the new graphic? It's even more impressive as a poster-sized image!
We started researching and planning this module around ISO/IEC 27002’s coverage of business continuity management, and ended up going well beyond what the standard advises. In our opinion, the standard focuses rather myopically on disaster recovery, largely neglecting other equally significant business continuity controls such as disaster avoidance, resilience and contingency. It talks about business continuity planning and testing the plans, but hardly mentions business continuity preparations and exercises.
Resilience, being the ability to keep critical business processes running right through a disaster, is an important organizational capability that management can proactively develop and enhance, provided they are aware of the possibilities and benefits of resilience. We’re talking here about the use of hot sites and cloud computing, for instance, for the IT systems and services supporting core business processes. Furthermore, the concept of resilience extends to supply chains (e.g. having alternative suppliers for vital supplies) and individuals (e.g. the make-do-and-mend so-called “number 8 wire” mentality recently demonstrated by those amazing Kiwis in Christchurch who get on with things and have a go at fixing stuff up rather than passively waiting around for help from the authorities).
All the best for 2012,