1. Sean Wrote: The first and most critical success factor is effective commitment and support from top management. The cybersecurity portion of a business continuity plan cannot hope to be successful without leadership buy-in. Because C-Suite members shoulder the ultimate responsibility for the business, the planning and strategy must involve concurrence from company leadership. They must be made to understand the threats to the business, how the threats manifest into risk, and how those risks impact the business process (Hour, 2012). Another reason for top level buy-in is that management will be releasing company resources, to include funding and time, to the creation of the BCP. As strategic planning occurs, stakeholders and other critical designees should participate in relevant policy creation. If a BCP that includes cybersecurity is not relevant or in line with company/management goals, it will not succeed. A Business Impact Analysis (BIA) will assist in providing that focus by identifying key business processes and how their diminished performance affects the bottom line. Additionally, legal and regulatory concerns should be considered during the BIA process (UMUC, 2014). There’s a great quote attributed to Mike Tyson- “Everyone has a plan until they’re punched in the face”- and it describes crisis management. If all of the safety measures put in place to prevent an intrusion have failed, crisis management will drive you to focus on the recovery and resilience of critical business functions (NIST.gov, 2014). In December of 2013, Target and other retailers received a punch in the face when it was reported over 70 million customers had their debit and credit card data stolen by hackers (). Effective strategic communication in Target’s crisis management approach played a critical role in the overall recovery effort. Although the media outlets picked up and ran with this story, the only thing that seems to matter to the American consumer is that it doesn’t happen again. Judging by their stock price and continuing sales numbers, this was nothing more than a bump in the road for Target. Larry wrote: 2. It is first important to understand that the Business Continuity Plan (BCP) is different from the Disaster Recovery Plan (DRP) as the reason for the BCP is to know how to handle a temporary outage of the company’s network and/or business resources. These temporary outages can be the result of power outage, network outage due to a fiber cut or other incident or a major equipment failure resulting in loss of data. (SANS Institute, 2002) The DRP is in preparation of a major disaster in where the facilities are rendered inoperable or completely destroyed. This can occur from hurricanes, tornados or fires resulting in total loss of company assets. It will be part of the BCP being developed to decide when the BCP should be conducted versus when the DRP will be required. There are several important steps that should be included when creating a Busines ...