Seven facts about Information Security and BCM

Below are seven facts about Information Security and BCM. Information security is an organization’s ability to secure its information based on three pillars: confidentiality, integrity and availability of information and its associated systems. Information security is important because the added value of an organization today increasingly revolves around its data. Business continuity management (BCM) is the ability of an organization to continue to function during a crisis in terms of its key processes, at a predetermined level.In this contribution I write my own opinion, not that of any organization
Author: Manu Steens

Policy documents do not ensure Information Security, nor BCM

Policy documents contain a variety of rules and procedures that encourage employees to handle information responsibly. Security has everything to do with the safe handling of information by people. And that has everything to do with behavior and habits and less to do with rules and procedures. It is important that employees have an ongoing awareness of confidentiality and integrity.

One should always be able send questions, ideas and improvements around Information Security/BCM to the Information Security or BCM manager.

Make safe work easy

Prevention is the best way to secure. Therefore, applications must be built with the principle of confidentiality in mind.
In addition, it is also the supervisor’s responsibility to actively counter any attitude against working in a secure manner. Therefore, make it easy for employees to do their work securely. This makes the work of the supervisor easier as well.

Decisiveness is the best response

If a problem arises, who is the person responsible for raising the alarm? Always make sure that everyone knows who is the person who may raise the alarm and that they recognize themselves in that role. This person is best involved in the process or project. Always provide a replacement as well.

Preparation wins half a crisis

Is the organization prepared for a crisis situation? Does everyone know what to do? Is the right equipment in place? How to use this equipment? Did exercises take place? Serious exercises and repeating activities are necessary:

  • It keeps employees alert;
  • Indirectly, the importance of Information Security and BCM is communicated;
  • It creates an opportunity for employees to test procedures, evaluate them and make improvements as needed.

Hence systematically submitting an incident at an appropriate time through the appropriate tools is necessary.

Information and communication are the best weapons

The words people use are a strong indicator of preparedness and ability to communicate. If they cannot name things using the correct words in certain situations, employees are not yet familiar with the procedure or process. When everyone uses the same language, it means that teams have a grasp of the work, and are capable of communicating quickly, efficiently and accurately.

Learn from everything and everyone

Do not convince yourself that you, the ICT systems and the organization are ‘ready’ or that information and processes are secure in all situations. Always try to improve yourself and colleagues. Take a step forward in the execution of the processes and keep trying to improve the processes.

In this way, a responsible attitude is created among everyone. It is important to reflect on each incident that is about to occur and plan better measures towards the future based on that. Also, make sure to evaluate each time after a crisis.

Information security and BCM are an always-on concern

Concern, awareness and confidentiality are not only important at work. Because one feels- the effects of careless or erroneous dissemination of information also outside the work environment. Information that appears on the Internet stays there forever. Hence it can play a significant role when the information falls into the wrong hands. It affects the organization, colleagues, internal and external customers, image, and damages the trust that citizens place in government.

Therefor you should always take information security and BCM seriously. One should not wait for a disaster scenario to evaluate the processes. Evaluate every aspect, including procedures, preparation, decision, communication, attitude and their continuous improvement. Learn from every opportunity and from every setback, at all times.


These seven facts about Information Security and BCM to better understand about confidentiality, integrity, availability of Information Security and BCM. Creating a behavior in these ways will help to secure your organization bottom up.

Manu Steens

Manu works at the Flemish Government in risk management and Business Continuity Management. On this website, he shares his own opinions regarding these and related fields.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts