Business continuity and information system security lessons learned from 9/11 will be an ongoing continuous improvement process.

Occasionally a special report or content entry found on the Internet regarding this continuous improvement learning process will catch the attention of our staff.

Such is the case with a research paper which was recently written by Thomas Virgona, Ph.D.  and entitled “September 11, 2011 in Retrospect;  A Decade On, What Business Continuity and Information Security Lessons Have Been Learned?”  This research paper examines the impact on information systems security from the disaster recovery effort associated with September 11, 2011.

One basic statement by Mr. Virgona clearly sets the tone of his research report — i.e. when he identifies “…information technology is the present day equivalent of electricity in the industrial area.  The internet is the fabric of our lives, a ubiquitous presence.”

Clearly, it can be argued that business continuity and disaster recovery have become more of priority for financial services firms in the years since 9/11.  However, Mr. Virgona arrives at many other conclusions given the input received from the participants in his survey study.

Some of the consistent themes that emerged from the analysis of the interviews and focus groups participating in this study are stated below:

  1. The importance of recognizing the primacy of relationships people have with their families,
  2. Organizations often create elaborate emergency operations plans, but too often fail to develop the capability to implement those plans,
  3. Disaster plans are important, but they are not enough by themselves to assure preparedness,
  4. The most fundamental question of the day on 9/11 could not be answered: “Are we open for business today?”
  5. Information policies cannot be stopped during a crisis, but they need to be relaxed.
  6. Be aware of the risk now created since too often D/R planning is geared for an all-out terrorist attack and ignoring those medium sized crisis which happen on sometimes a weekly basis,
  7. Research indicated a clear and heavy dependence on human intervention in the recovery of information systems,
  8. The fluid nature of management skills that must occur during a crisis – i.e. often totally new and unique management tasks,
  9. Effective emergency managers are called upon to motivate others and to harness their knowledge and contributions for disaster preparedness efforts and activities,
  10. A continued reliance and dependency on humans to resolve disaster incidents which in turn points to the need to have more human intervention included in the design of information systems.

Read the full report by Mr. Virgona to see more of the findings and more details about the summary observation statement shown above … and ….at the end of that exercise let us know if you agree or disagree with his findings and conclusion statements.

Mr. Virgona’s report first appeared on the internet when posted on The Business Continuity Journal website — a website which our staff often references for the great work they do in bringing such topics to the internet.

Photo courtesy of

Pin It on Pinterest