Re: Business Continuity Plans for an Information Security Office

["Lovaas,Steven R" <Steven.Lovaas () COLOSTATE EDU>]

Well said, Jim.

BCP is primarily a business activity, so it needs to involve all relevant stakeholders in the business. And that means 
lots of MBAs/CPAs/PhDs at the table, and not so many (fill-in-the-blank-IT-cert)'s. Bottom line? *We* don't get to 
define what's critical to the organization. We merely make the process possible and implement it in architecture, 
policy, hardware, etc...

Steve Lovaas

________________________________
From: Jim Dillon [Jim.Dillon () CUSYS EDU]
Sent: Wednesday, January 10, 2007 3:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Business Continuity Plans for an Information Security Office

To take Steven’s thoughts a step further,

<snip>


- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4122 (lab)
(585) 475-7950 (fax)

"We will have a chance when we are as efficient at communicating information security best practices, as hackers and 
criminals are at sharing attack information"  - Peter Presidio