Security--the topic, and thus the department--sometimes gets pigeonholed as a downer. Maybe from time to time you notice a coworker avoiding getting in the elevator with you. A CSO once told me it's even worse when you get in the elevator and some wiseacre turns to put his hands on the wall--as if expecting you to frisk him.
But just wait until you start talking about disaster recovery too! Then nobody will even sit at your lunch table anymore!
Actually, it's not that uncommon for business continuity and disaster recovery (BC/DR) to get dropped on the security leader's desk.
It shouldn't be a bummer. In fact, it's probably a sign that you're doing a good job, and--dare we hope--even that you are regarded as a business-minded person who will build a program with real business objectives in mind.
But that doesn't mean it's easy to do.
So for this issue of CSO, Lauren Gibbons Paul collects advice from the front lines on how to build a successful business continuity and disaster recovery program.
Paul notes that BC/DR is its own well-developed discipline, both related to and distinct from security and other forms of operational risk management.
She also walks you through quick tips on conducting a business impact analysis, on the necessity of top-level ownership, and other key practical concepts.
Then Bob Violino examines how four of today's technology megatrends (virtualization, cloud, mobile and social) should be incorporated into your BC/DR planning process. For the most part, these four trends are a help rather than a hindrance. There are a few wrinkles that you should know about, however.
As the old saw goes, forewarned is forearmed. These articles should help prepare you for constructive and fruitful engagement with business continuity.
There's really no reason it should end in disaster.