Business Continuity: It's in God's Hands Now

Tuesday, October 26, 2010

Javvad Malik


During a conversation with a data center manager in Dubai, the question arose as to what their BC capabilities were and where their DR site was located.

His response: "There is no need for BC plans or a DR site, it is all in God's hands...if it happens, it happens!"

In many ways, these are the types of responses one comes across when dealing with companies internationally which have different cultures, traditions, beliefs and this directly affects their attitude to risk.


Clearly, having a deep rooted faith in God, this data center manager thought that a natural disaster is outside of his control. Which is correct.

However, security and risk management is precisely about dealing with issues that are outside of your control.

It's the precise reason why no security manager will ever say to his boss that any system or facility is 100% secure because there are too many factors outside of your control.

For example, you can enforce strong passwords on laptops and fully encrypt the hard drive. You can even educate your users on how best to protect the laptop.

What you can't control is a user choosing to ignore your advice, sharing his password or even being bribed into passing over sensitive data.

This can be depicted as two spheres of control. One part which is within your control and the other sphere which is outside of your control.

Good security practices can help you ensure that you can tie down everything within your control whilst recognizing there are aspects outside of your control which can impact these.

So the data center manager is right, a disaster is outside of his control.

But building another site is within his sphere of control and would ensure business functions continue as normal through a disaster scenario.

Cross posted from Quantania

Possibly Related Articles:
Disaster Recovery Business Continuity
Post Rating I Like this!
Mark Gardner Great post. To emphasise what you have said, I would cite BS25999 which is the British soon to be International Standard for Business Continuity. They state using the 27001 risk assessment methodology as the basis for Business Continuity RA.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.