Business continuity planning Methodology (Lindstrom, Samuelsson, Hagerfors, 2010) the authors provide insights into how three organizations have structured their continuing planning from an IT security perspective. The authors contend that only 30% of middle and that IT security is a strategic weakness in organizations that must be continually improved upon and kept current to protect information assets. The authors make this point to underscore the critical need for having a that encompasses not just systems, but processes and the roles. One of the major outcomes of their research is the definition of a maturity model that is shown in Figure 1 of this analysis.
Continuity Planning As a Strategic Task
Citing the results of their studies throughout three different organizations that support the hypothesis that contingency planning is only managed at the IT level, not the process or , the authors contend that much greater levels of education and commitment on the part of senior management is needed. There are several studies cited by the authors that show what a difference senior management support and commitment make to the development of an effective business continuity strategy. Underscoring these studies that are corroborated with the author teams’ own research about the lack of commitment, ongoing education and preventative strategies in place within organizations. Another study shows that smaller organizations are also facing comparable challenges in terms of ongoing training and as a result have taken a much more cyclical model to the definition of to enable greater learning (Botha, Von Solms, 2004). This approach to has helped to alleviate the time constraints on companies over time when it comes to managing the process of education and gaining senior management commitment. The smaller incremental gains made in these smaller organizations have actually proven to be more effective at deterring potential threats as knowledge is accumulated over time and change is gradual (Botha, Von Solms, 2004). The studies that are the theoretical foundation of Business continuity planning Methodology (Lindstrom, Samuelsson, Hagerfors, 2010) illustrate what a critical role senior management has in promoting and financing ongoing education of business continuity from the standpoint of IT security and lifecycle planning. The maturity model shown in Figure 1 explains the progression of business continuity from the studies conducted and concludes that ongoing training, a commitment to changing the culture of an organization to support IT security, as a strategic threat is essential. The model also reflects the fact that funding of education programs is vital if an organization is to respond to threats effectively and thoroughly in the future.
Figure 1:
“Staircase” methodology applied on organizational and department level
Source: (Lindstrom, Samuelsson, Hagerfors, 2010, pg. 249)
References
Jacques Botha, & Rossouw Von Solms. (2004). A cyclic approach to business continuity planning. Information Management & Computer Security, 12(4), 328-337.
John Lindstrom, Soren Samuelsson, & Ann Hagerfors. (2010). Business continuity planning methodology. Disaster Prevention and Management, 19(2), 243-255.
