Is there a way to integrate business continuity planning and operational risk management?

I've never been a big fan of trying to wedge certain activities into a somewhat arbitrary document category, like risk assessment and business impact analysis. In reality, you are trying to achieve the same thing with both activities -- it just depends at what stage of the incident you are looking at.

A risk assessment involves trying to understand where potential exposure points are. I recommend looking at the problem from the perspective of a business system, which I describe in my book, The Pragmatic CSO, as a set of networking resources, servers and applications that automate a business process. There are many tools to poke at a business system to see potential areas of exposure, including vulnerability scanners and penetration tests for all system components.

A business impact analysis involves understanding what's going to happen to the business if one of these systems goes down. It can apply to any kind of event or incident. This tends to be more of a qualitative analysis, working with cross-functional teams -- including finance and operations -- to understand what isn't going to happen if a system goes down.

Rate this Tip To rate tips, you must be a member of SearchMidmarketSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Risk assessments and metrics Intelligent threat management podcast Midmarket security managers must push risk acceptance to the business Midmarket security governance: Develop an IT engagement model Assess your security state in five steps Questions to ask when choosing your managed security service provider What are ways to measure security risks, threats and vulnerabilities? RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary risk analysis  (SearchMidmarketSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.