Page 218 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 218
asked him, “Is there anything you need from me to complete this
engagement?”
The senior executive must have expected a perfunctory response
because his eyes widened when the response began with, “Well, as
a matter of fact….” He then learned that his active participation in
the process was critical to its success.
When you work on a business continuity plan, you, as the BCP
team leader, must seek and obtain as active a role as possible from
a senior executive. This conveys the importance of the BCP process
to the entire organization and fosters the active participation of
individuals who might otherwise write BCP off as a waste of time
better spent on operational activities. Furthermore, laws and
regulations might require the active participation of those senior
leaders in the planning process. If you work for a publicly traded
company, you may want to remind executives that the officers and
directors of the firm might be found personally liable if a disaster
cripples the business and they are found not to have exercised due
diligence in their contingency planning.
You may also have to convince management that BCP and DRP
spending should not be viewed as a discretionary expense.
Management’s fiduciary responsibilities to the organization’s
shareholders require them to at least ensure that adequate BCP
measures are in place.
In the case of this BCP engagement, the executive acknowledged
the importance of his support and agreed to participate. He sent an
email to all employees introducing the effort and stating that it had
his full backing. He also attended several of the high-level planning
sessions and mentioned the effort in an organization-wide “town
hall” meeting.
Resource Requirements
After the team validates the business organization analysis, it should
turn to an assessment of the resources required by the BCP effort. This
involves the resources required by three distinct BCP phases.
