Both business continuity management (BCM) and risk management (RM) processes are very important to current organizations. The former ensures that the organizations have the ability to limit losses in the events of severe contingencies or disasters. The latter helps organizations identify potential security incidents and adopt cost-effective countermeasures to the incidents. However, current risk management approaches or methodologies usually ignore the different focuses about risks in RM processes and BCM processes. Therefore, even though an organization has established its RM processes, it may need to re-assess the risks for BCM processes. In light of this, we propose a risk management system, called RiskPatrol, to provide an integrative vie,,v about risks for RM and BCM processes. RiskPatrol provides an easy way for people to retain enough information for BCM while they do risk assessment in RM process, and vice versa. As the redundant risk assessment work in RM and BCM processes can be reduced, our system can hopefully contribute to overcome the deficiencies of current risk management approaches.
