Business Continuity Planning and those related Information Security Projects for most organizations have often been strategies and activities executed as a kind of an insurance policy to cover potential disasters that might happen to that organization.  By having a business continuity strategy or plan in place, management aims to provide mitigation and hopefully, even prevention, of  those problems – both internal and external —  affecting the business in a negative way. 

In an article written by Ian Masters,  and recently posted on the IT BusinessEdge blog, a point is made that looking forward, organizations are demanding more from their business continuity investments.  In other words, business continuity planning efforts along with business continuity software investments must have an additional ROI now presented to management — it is no longer enough to be simply an insurance policy against something going wrong.

Read this article for more information about this growing business continuity requirement trend.

As an organization develops, implements and improves its  business continuity and resilience strategies, more attention is being given to regulatory driven compliance requirements.

There is also a concern to be addressed over the current political environment and the shift in the compliance landscape and compliance enforcement for which organizations need to be prepared.

Such a scenario exists over the growing emphasis of compliance requirements focused on the field of e-discovery.

Legal firms are certainly seeing the same dynamics and as a result, a new legal organization officially was formed and called “The Organization of Legal Professionals.”   The goal of this new group (OLP) is to promote standards and certification for e-discovery professionals and providers and ultimately “…provide the legal community with a means of assuring its clients that its e-discovery professionals possess the requisite level of competence and understanding of e-discovery principles.”

You can read more about this in an article written by Robert J. Ambrogi that was posted on the legal.com blog watch by clicking here.

In a recent survey conducted by the Ponemon Institute, and supported by the security firm Imperva, it was found that 71% of the firms interviewed don’t view the Payment Card Industry Data Security Standard (PCI DSS) as a strategic initiative for their organization(s).

The data in this report states at least the following reasons for the lack of strategic importance linked to PCI DSS: (1) its hard work and requires constant monitoring and maintenance, (2) there is the perception that good security does not increase market share — i.e. consumers do not reward companies when nothing bad happens, and (3) most companies reported that they don’t believe the worst will happen to them — and — even if it does, they anticipate being able to handle the cost of the breach and move on.

Another observations was that 79% of this very same group has experienced a data breach that involved the loss or theft of credit card information.

The data in this report also hints that to incur the cost of a breach is cheaper than paying for what it takes to protect the systems and data.

George Hulme wrote about  more details of this report’s findings in an article posted on the InformationWeek’s Security Weblog — which you can read by clicking here.

You can also access this free report by registering at the following website:

https://www.imperva.com/ld/ponemon.asp