An analysis of threats that are considered in most risk assessments should prompt the reader to think of natural and man-made disasters that, when they occur, invokes business contingency plans to assure continuity of critical services. It is not an accident that information security and business continuity planning have a lot in common. Risk assessments are often designed to amply serve both efforts. Indeed, one may argue that business continuity planning is just a branch of information security – the common objective for both is the protection and availability of critical assets and functions.
— Excerpt from CISM All-In-One Study Guide