ABSTRACT
The need for information security personnel to be
involved in business continuity management projects
continues to grow as governments, shareholders, clients,
suppliers, and community activist groups seek to ensure
that each organization is prepared to deal with adverse
events and mitigate potential losses to assets or social
services. The main focus of traditional business continu-
ity, from the perspective of the information security
professional, was to ensure that data backups and disaster
recovery plans were ready to facilitate the recovery of IT
processing in the event of system failure. This model has
become increasingly outdated as the role of IT in sup-
porting the organization has changed, and many business
operations today could not function without the avail-
ability of IT systems, data, or controls. Information
technology is not just “another department” in a modern
organization. In most cases, it provides the lifeblood of
communications, critical data, crucial alarm signals, and
functionality that nearly every part of the business needs.
Few departments can run without access to reliable and
stable IT systems.