Welcome » IT Booklets » Information Security » II Information Security Program Management » II.C Risk Mitigation » II.C.21 Business Continuity Considerations
Management should do the
Business continuity plans should be reviewed as an integral part
of the security process. Strategies should consider the different
risk environments and the degree of risk mitigation necessary to
protect the institution if continuity plans must be implemented.
Management should train personnel regarding their security roles
during a disaster. Additionally, management should update
technologies and plans for backup sites and communications
networks. These security considerations should be integrated with
the testing of the business continuity plan.
Information security events may trigger activation of the
business continuity plan. Therefore, the institution's plan should
include steps that explicitly address information security incident
response and resilience. Resilience testing should incorporate
information security event scenarios identified by the
Refer to the IT Handbook's "Business Continuity
Planning" booklet for more information.