Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Business Continuity Plans for an Information Security Office
From: "Lovaas,Steven R" <Steven.Lovaas () COLOSTATE EDU>
Date: Wed, 10 Jan 2007 18:35:04 -0700

Well said, Jim.

BCP is primarily a business activity, so it needs to involve all relevant stakeholders in the business. And that means 
lots of MBAs/CPAs/PhDs at the table, and not so many (fill-in-the-blank-IT-cert)'s. Bottom line? *We* don't get to 
define what's critical to the organization. We merely make the process possible and implement it in architecture, 
policy, hardware, etc...

Steve Lovaas

From: Jim Dillon [Jim.Dillon () CUSYS EDU]
Sent: Wednesday, January 10, 2007 3:59 PM
Subject: Re: [SECURITY] Business Continuity Plans for an Information Security Office

To take Steven’s thoughts a step further,


- - - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
(585) 475-5406 (office)
(585) 475-4122 (lab)
(585) 475-7950 (fax)

"We will have a chance when we are as efficient at communicating information security best practices, as hackers and 
criminals are at sharing attack information"  - Peter Presidio

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]