Abstract:

                          
Sometimes security incidents occur and affect the functionality of the organisations’ current activities despite their implemented security systems and preventive measures. The key of recovery after such a negative event is the settlement of a business continuity process that helps the organisations to recover fast and to mitigate the negative impact of the information security incident upon their business activities. In most of these cases, organisations concentrate on the fast recovery process itself and forget to continuously protect also their sensitive information during this critical stage.The authors studied the impact of the existence of information security measures on the business continuity process, because usually in this abnormal and unwanted situation of malfunction of the current activities, the sensitive information of the business may leak and may be disseminated to unauthorised personnel. This may happen because, in such situations usually, the organisations’ main focus is the (re)establishment of the functionality of the processes and business activities and not the preservation of the security of the sensitive information involved in these recovered processes. This issue might cost the organisations, after the processes are restored to their normal functionality, even more than the impact of the initial security incident that triggered the business continuity process.