Information Security
covers the protection of Confidentiality, Integrity and
Availability of information. Loss of Business Continuity
can be caused as a result of any of these. However the main
risk to Business Continuity is the loss of availability
of the Business Infrastructure (e.g. people, computer systems,
buildings and communications).
Risk
Assessment
Before
implementing measures that will ensure Business Continuity,
it is important to determine all areas of risk. You can
do this by carrying out a Risk Assessment.
A simple risk
assessment methodology was detailed in a previous article
but in brief you will need to:
• Determine Business Critical Assets.
• Determine Business Continuity threats to these Assets.
• Determine and rate the likelihood and impact of
the Threats occurring.
• Take the highest ratings first and determine countermeasures
to address the Threats.
Types
of Risk
The
following are some of the Risks that could lead to Business
Continuity failure.
• Computer Systems not accessible (faulty systems,
loss of power, denial of service)
• Networks not accessible (faulty connection, provider
problem)
• Key Persons become unavailable (new job, death,
illness)
• Buildings Destroyed (bomb, natural disaster, fire)
• Buildings Inaccessible (within exclusion zone for
another disaster)
Business
Continuity Plan
Should
Business Continuity become a problem it is important for
you to have a Business Continuity Plan to follow. It is
important that you test the plan and review it on a regular
basis.
Incident
Management
There
may also be Security Incidents that do not pose a threat
to Business Continuity. However you should follow these
up to see if you need to take any action e.g. changing security
practices or taking disciplinary action. To address this
you should have a clear Incident Management procedure that
details how Security Incidents are reported, investigated,
documented and learnt from.
