Before addressing continuity, ask yourself this question. What system (service, process, component) is in focus?
Sounds simple but if you stumble here, you won't get far. What is your scope and why does it need to have its continuity protected? Is it within your area of responsibility, do you have the mandate? Does its operational quality matter to your stakeholders? Who will foot the bill?
Stating where your context begins and ends is a great start and sends a signal to others to do their part.
(some of) my events
- 2018-05-28 Informationssäkerhet för ledare (teaching course, Luleå)
- 2018-05-23--25 Teknisk informationssäkerhet (teaching course, Stockholm)
- 2018-05-17 Three Capabilities in a Crisis (guest lecturing at Mid Sweden University, Östersund)
- 2018-05-16 Info.säkerhet är inte "någon annans problem" (lunch seminar at Mid Sweden University, Östersund)
- 2018-04-18--20 Operativ informationssäkerhet (teaching course, Stockholm)