ABSTRACT

After many information security and recovery/contingency

practitioners have enjoyed the success of getting their

programs off the planning board and into reality, they

are then faced with another, possibly more difficult chal-

lenge . . . keeping their organization’s program “alive

and kicking.” More accurately, they seem to be struggling

to keep either or both of these programs (business con-

tinuity and information security) active and effective.