Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Champion

Business continuity and cybersecurity - which tail wags the dog?

Hello all.


The BC guys and gals often complain the security folks don't invite them to the party. Security folk complain about how BCP tries to be the directors in the crisis matrix. Nobody (particularly stakeholders and shareholders) wins when the bickering and dickering sours the matrix.


Does anyone have experience or ideas they might share as to how we can 'all just get along'?

12 Replies
Influencer II

> j_M007 (Community Champion) posted a new reply in Industry News on 03-28-2019

> Well BC and DR are two aspects of security to be sure. But the BC and the DR
> worlds (which are also discrete!) have many compliance and statutory bells and
> whistles to ring and tweet.   Why make things easy when you can complexify the
> fuzzification?

Discretion (yes I know it's the wrong discreet) is the better part of ensuring the
enlargement of your corporate mini-empire. Yeah, I know BC is ensuring that
whatever happens *doesn't* interrupt your business, while DR is what you do
*after* your business has been interrupted, but so much of the analysis and so
many of the tools are the same that making a huge distinction between them is
another thing that drives me around the twist ...

====================== (quote inserted randomly by Pegasus Mailer)
Great wits are sure to madness near allied. - John Dryden, 1681


Other posts:

This message may or may not be governed by the terms of or
Community Champion

I like to look at business continuity and security globally in the context of ERM or ORM (organizational risk management).


There are so many little bits and pieces of threats and vulns that can bite you in the @$$ ets 


A BCP person can often broaden the scope of looking at the risks and work in conjunction with organizational security.


Thankfully, the BCDR community are wising up to cyber threats, supply-chain threats, and reputational risk from catastrophes either wrought by humans or (super)natural forces and are trying to have playbooks supporting or working in tandem with information security.


However, I still feel like the guy in Prufrock:


For I have known them all already, known them all:
Have known the evenings, mornings, afternoons,
I have measured out my life with coffee spoons;
I know the voices dying with a dying fall
Beneath the music from a farther room.
               So how should I presume?
He knows how it's all going to go down! 😉
Contributor I

I get you,


I don't understand why so many organisations have two teams rather than having it all in one either, but for whatever reason, that seems to be the norm these days.


But hey ho. I work with what I have in forn tof me, or try to change what's in front of me, given the chance.