|Thor A. Mollung|
Actually they are one and the same. Business continuity depends on how one responds to disaster so that the business can continue to operate -- whether it is servers going down or a natural disaster. An organization should include physical security systems with their business continuity plans. What is recovery time objective?
It is key to partner with your business continuity and disaster recovery departments in order to determine how long you can without the use of your security systems. This is known as a security systems recovery time objective or RTO. What really determines RTO is two-fold. One is corporate security's perception of how critical they think their applications are and what the maximum amount of time (measured in hours) that they can last without it. The second part is cost. There is an inherent cost associated with how quickly a system can be returned to normal operations. The longer your RTO is, the less expensive it generally is. They have to measure how quickly they want to be up and running and balance that with what the cost is. How do you address all these issues on a budget?
It's planning and partnering. If you don't partner with your people, you won't have an understanding of where you are in terms of how this all fits into place. If you're not in tune with your own organization and the various departments that support your security systems on a day-to-day basis then you will never understand what it takes and what it costs to provide that support. Building these partnerships and getting on the same page is a key part of ensuring your budget is sound. So how do you adequately plan for a budget? A lot of partnering and a lot of team work with those departments that provide the support mentioned earlier. If you can't understand what it is you're budgeting or where the costs are and why, then you will most certainly go off the deep end with bells and whistles you don't need ... or worse, not budget enough for the features that you really do need.