Business Continuity

Most organisations understand the need for risk assessments relating to health and safety and project risk.  However, many do not look at their own information systems as a standalone entity even thought they are business critical systems. It is easy to understand how a fire or flood would affect the business through the destruction of the information system.  However, there are many other reasons an information system could be compromised.  This is why a full IS security risk assessment should form part of the business continuity plan.  A full IS security appraisal will look at the physical environment and the virtual environment.

The benefit from such planning and assessment can only be measured by your organisation and offset by how much appetite for risk they have.  IS security risk assessments is an area that can really add value and offer that something extra over companies just offering a forensic examination.  This should be just one element of an IS security package.