Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementSecurity & Business Resilience

How to Add Resiliency to Your Risk Management Strategy

The latest buzzword these days is “Resiliency,” which for all intents and purposes is really nothing more than a new term for business continuity planning (BCP) in the private sector and continuity of operations planning (COP) in the public sector.

By Lynn Mattice
Resiliency
May 1, 2014

The latest buzzword these days is “Resiliency,” which for all intents and purposes is really nothing more than a new term for business continuity planning (BCP) in the private sector and  continuity of operations planning (COP) in the public sector. The dictionary loosely defines Resiliency as:  “An ability to recover from or adjust easily to misfortune or change.”  Any good consultant will tell you that it is important to reinvent programs or create a new term periodically so you can sell the same thing all over again…but just packaged a little differently.

Pundits will argue that resiliency is much broader and more encompassing than simply focusing on continuity alone. However, if you really study the underlying intent of the philosophy upon which BCP and COP are based…it fits squarely within the definition of resiliency. After all, the foundation of BCP and COP programs focuses upon the full range and scope of risks the enterprise faces, the potential impacts of those risks and the factors that can be deployed to mitigate those risks.  

ISO 22301 outlines the international standards for Business Continuity Management Systems (BCMS) required for a company to prepare for a disruptive activity, event or incident. At the end of the day, most will agree that misfortune and change which is the core to the definition of resiliency are definitely disruptive to the norm. The process one utilizes in developing BCP and COP are captured within ISO 22301, so we will focus more on an abbreviated overview of the process rather than providing a complete detailed step-by-step guide. 

Probably the most important first step an organization should take in developing their BCP/COP program is to conduct an inventory of all of the enterprise’s processes, assets and resources (PAR).  No one has the time or resources to boil the ocean, so once the inventory has been completed, the next step involves prioritizing the PAR list from the most critical to the least important. Typically this step in the process breaks the PAR list into three different categories: CRITICAL – a PAR that the enterprise cannot survive for more than a day or two without; IMPORTANT – a PAR that the enterprise must have back in operation within a week or two to provide support to the Critical PARs; and, finally, BENEFICIAL – this final category encompasses the “nice to have” PARs, which the enterprise can function without for a significant period of time. While PARs designated as BENEFICIAL contribute to the overall morale of the workforce or the long-term effectiveness and efficiency of the enterprise, these BENEFICIAL PARs typically encompass areas in which savings can be quickly generated from if the enterprise is forced to find cost savings. In essence, this step of prioritizing PARs is the foundation for conducting a business impact analysis for each item cataloged in the PAR review.

Once the PAR review and criticality assessment/business impact analysis have been completed, the next step is to look at the types of risks that the enterprise faces and how they affect the top two categories of PARs. Many organizations utilize a four by five axis risk matrix that rates both Severity (Negligible to Catastrophic) and Probability (Unlikely to Frequent). The resulting risk matrix identifies those risks which require the most focus for purposes of mitigation. Determining the appropriate level and approach to mitigation involves determining which specific risks that the enterprise invests in countering, which risks that it can transfer to a third party (insure against) and those risks that they simply have to just accept because the nature of the risk.  In cases where the risk is one that they simply have to accept, most enterprises will establish a reserve or contingency fund to deal with the issue should it arise.

It is important to think of resiliency in a holistic manner, which is why the PAR review is so vital in effectively addressing an enterprise’s risk portfolio.  By engaging all elements of the enterprise in the process, the full scope of the risks the organization faces becomes much clearer. Those very same elements must also have a solid understanding of what steps they must take to not only mitigate a given risk, but also to muster the appropriate resources necessary to regain momentum and resume “business as usual” in a timely fashion.

Identifying an enterprise’s most vital processes, assets and resources; understanding their vulnerabilities, building a structure of sound mitigation solutions and crisis response protocols is critical to the viability of the enterprise. Conducting routine exercises and performing at least annual reviews to identify changes that could result in new or different risks results in an enterprise that will not only survive, but will likely thrive. 

 

About the Authors: Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity. 

KEYWORDS: business continuity security education security leadership security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mattice 2016 200px

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • sec feat

    How to Safeguard Your Information Assets

    See More
  • How to Research Your Enterprise's Unique Risks - Security Magazine

    How to Research Your Enterprise's Unique Risks

    See More
  • sec col feat

    How to Manage Physical Asset Risk

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • contemporary.jpg

    Contemporary Security Management, 4th Edition

See More Products

Events

View AllSubmit An Event
  • October 17, 2024

    How to Assess and Hone Your Security Program

    ON DEMAND: In this webinar, Erik Antons, a security risk management executive with more than 20 years of working in the Federal Government, energy, hospitality, and manufacturing sectors, shares his perspective on the building blocks of a successful manufacturing security program.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing