Is the increasing organizational focus on information security having an effect on the traditional demarcation lines between business continuity and information security management (ISM)?
Continuity Central recently conducted an online survey to find out. 182 responses to the survey were received and it seems that convergence between BCM and ISM has happened in some organizations; while the majority believe that ideally ISM should be the responsbility of a team consisting of representatives from different areas of the organization. The results are as follows:
Do you see information security as a business continuity issue?
64.5% of respondents believe that information security is definitely a business continuity issue, with a further 32% saying that it was partially a business continuity issue. Only 3.5% said that information security is not a business continuity issue at all.
Respondents were asked to explain their answer to this question. The verbatim responses can be read here (PDF).
Does the business continuity team in your organization manage information security threats?
Information security threats are managed by the business continuity team in only 14% of respondents’ organizations. A further 29% of respondents said that the business continuity team was partially responsible for managing information security threats. The remaining respondents said that the business continuity team was not responsible for managing information security threats (55%) or did not know (2%).
Respondents were asked to briefly describe how their organization structures its information security management. The verbatim responses can be read here (PDF).
Source: Continuity Central