According to the United States Small Business Administration, over 90 per cent of small business struck by a disaster will fail within two years. Failing to plan for business contingency is almost certainly dooming an organization to failure. Information security professionals must understand the mission of an organization and how to ensure it continues.