The U.S. Department of Homeland Security relies on a variety of critical information technology (IT) systems and technologies in order to support its wide-ranging missions, including counterterrorism, border security, and infrastructure protection. DHS must be able to recover its IT systems quickly and effectively following a service disruption or disaster. In order to test its ability to do this, DHS recently conducted the largest cyber security exercise ever organized. Cyber Storm II brought together participants from Federal, State, and local governments; the private sector; and the international community. The exercise simulated a coordinated cyber attack on information technology, communications, chemical and transportation systems, and assets. It centered on a cyber-focused scenario that rapidly escalated to a level that required a coordinated Federal response. When released, the results of this exercise should provide lessons that will enable both government and business to prepare better for recovery planning and continuity of operations. There is also a security focus on the computerized information and operational systems of private business. Businesses must be engaged in the continuous process of assessing business needs, acceptable levels of risk, and responding with business processes and infrastructure capable of maintaining business operations under various attacks. Business continuity management (BCM) focuses on managing the people, processes, and systems that support the business. BCM focuses on identifying all critical business information flow, personnel functions, risk assessment, the composition and work of a BCM team, and periodic reviews of the BCM model. The article concludes with listings of facility, personnel, and IT infrastructure events that may threaten business continuity.