The topic of a potential resurgence of the H1N1 threat this coming Fall season has certainly been in the news for some time.  However, many organizations have implemented disaster recovery and business continuity programs over the years to address not only the H1N1 threat but also many other threats as well.  Therefore, we need to stay current with our understanding of the levels of readiness that may or not exist within both ours as well as other organizations.

To do that, we suggest reading an interview by Tom Field, the Editorial Director at Bank Information Security, with Alan Berman, of DRI International and AnneMarie Staley of the NYSE. 

Click here to read more about this interview….

The term Maximum Tolerable Period of Disruption (MTPOD) appeared in the vernacular of business continuity back in 2007.  Yet, from emails we have received on this topic, we believe that MTPOD remains a misunderstood and often difficult concept to agree upon within the business continuity discipline of most organizations.

Originally introduced as a term within the British Standard 25999-2, the MTPOD determination is an opportunity to get upper management involved very early in the business continuity process.

In a recent article by Jacque Rupert of the Avalution Consulting Group, which was published by Continuity Central, we believe the topic is addressed well and is worth reading. 

Click here to read the article.

We also recommend reading the BSI Committee response to this article which was authored by Malcolm Cornish, FBCI FCA, BSI BCM/1 committee member.

M.E. Kabay, PhD, CISSP-ISSMP has written an article in Network World that summarizes some of the more important research that has been done for security metrics.  In trying to address the question of what should be measured to better understand and manage security issues, Mr. Kabay cites some useful research papers to assist each of us tasked with the responsibility to place controls around security issues affecting business continuity planning, information security or other areas of response to regulatory requirements and compliance management.

Putting the appropriate security control measurements in place within an organization remains an ongoing process requiring periodic review, evaluation and improvement by managment.   

Read this article to help you do just that….