Page 217 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 217

Select your team carefully! You need to strike a balance between
                  representing different points of view and creating a team with

                  explosive personality differences. Your goal should be to create a
                  group that is as diverse as possible and still operates in harmony.

                  Take some time to think about the BCP team membership and who
                  would be appropriate for your organization’s technical, financial,
                  and political environment. Who would you include?



               Each one of the individuals mentioned in the preceding list brings a
               unique perspective to the BCP process and will have individual biases.
               For example, the representatives from each of the operational
               departments will often consider their department the most critical to

               the organization’s continued viability. Although these biases may at
               first seem divisive, the leader of the BCP effort should embrace them
               and harness them in a productive manner. If used effectively, the
               biases will help achieve a healthy balance in the final plan as each
               representative advocates the needs of their department. On the other
               hand, if proper leadership isn’t provided, these biases may devolve

               into destructive turf battles that derail the BCP effort and harm the
               organization as a whole.



                  Senior Management and BCP


                  The role of senior management in the BCP process varies widely
                  from organization to organization and depends on the internal

                  culture of the business, interest in the plan from above, and the
                  legal and regulatory environment in which the business operates.
                  Important roles played by senior management usually include
                  setting priorities, providing staff and financial resources, and
                  arbitrating disputes about the criticality (i.e., relative importance)
                  of services.

                  One of the authors recently completed a BCP consulting

                  engagement with a large nonprofit institution. At the beginning of
                  the engagement, he had a chance to sit down with one of the
                  organization’s senior executives to discuss his goals and objectives
                  for their work together. During that meeting, the senior executive
   212   213   214   215   216   217   218   219   220   221   222