I had the great opportunity to provide analysis for this month’s newly published Cutter Benchmark Review; “Wake Up and Be Prepared: Preventing a Full-Blown Crisis.”
You would think that in this day and age that all organizations would have a documented emergency and disaster plan, wouldn’t you? Well, this survey demonstrates that this is not the case.
For years we’ve heard from industry lobbyists that there should be less laws forcing businesses to do certain information assurance activities and allow businesses to be self-governing with their information assurance responsibilities. However, my analysis of the survey results reveals that an alarming number of organizations do not have documented plans. Those that don’t are overwhelmingly within industries with no legal or regulatory requirements for such plans, or countries with no such legal requirements. So is self-governance truly something that can be relied upon to ensure businesses have appropriate information safeguards and business availability processes in place?
It is also disappointing that so many of the types of businesses without documented plans are in industries, such as consulting and software development, that should know better.
Please give this report a read and let me know what you think.
I look forward to doing more of these survey analyses in the future; thank you Cutter for the opportunity!