Security Mgt, ISO 27031 business continuity planning (intro)

Descripción

IYM001 Mapa Mental sobre Security Mgt, ISO 27031 business continuity planning (intro), creado por jjanesko el 07/05/2013.
jjanesko
Mapa Mental por jjanesko, actualizado hace más de 1 año
jjanesko
Creado por jjanesko hace más de 11 años
323
2

Resumen del Recurso

Security Mgt, ISO 27031 business continuity planning (intro)
  1. background
    1. organizations are reliant on reliable, safe and secure IT structures
      1. ISO/TC 223 series for Business Continuity Management identifies need
        1. ISO 22301 defines BCM
          1. BCMS - business continuity management system
          2. failures of ICT services
            1. malware
              1. systems intrusion
                1. impacts continuity of business
                2. BCM is dependent on ICT to ensure objectives can continue to be met in times of disruptions
                  1. IRBC - ICT readiness for business continuity
                    1. PDCA in IRBC
                      1. plan
                        1. establish IRBC policy, objectives, targets, processes and procedures relevant to managing risk and improving ICT readiness to deliver resultts in accordance with an org's overall BC policies and objectives
                        2. do
                          1. implement the IRBC policy, controls, processes and procedures
                          2. check
                            1. Assess and, where applicable, measure process performance against IRBC policy, objectives & practical experience, and report the results to mgt for review.
                            2. act
                              1. Take corrective and preventative actions, based on the results of the mgt review, to achieve continual improvement of the IRBC.
                            3. ISO/IEC 24762 - disaster recovery planning
                              1. business continuity management is bigger than just focusing on ICT systems
                              2. role
                                1. respond to changing risk environment
                                  1. ensure continuation of critical business operations
                                    1. be ready to respond before ICT disruption occurs
                                      1. to respond & recover after incidents/disasters and failures
                                        1. BCM framework

                                          Nota:

                                          • https://lh5.googleusercontent.com/-60zQyUvfXXQ/UYiGP35kNxI/AAAAAAAAAg8/JRRIhisEaOA/w800-h480/bcm-framework.png
                                          1. components
                                            1. policies
                                              1. processes
                                                1. people
                                                  1. ICT infrastructure
                                                  2. stages
                                                    1. 1. risk assessment / review of BIA
                                                      1. 2. strategy
                                                        1. 3. BC plan
                                                          1. 4. tests & exercises
                                                            1. 5. awareness
                                                              1. 6. program management & maintenance
                                                              2. ICT output
                                                                1. ICT response & recovery
                                                                  1. ICT risk reduction controls
                                                                  2. desired outcome
                                                                    1. business resiliency
                                                                2. BCM
                                                                  1. activities
                                                                    1. incident preparedness
                                                                      1. operational continuity management
                                                                        1. disaster recovery planning
                                                                          1. risk mitigation
                                                                          2. aims
                                                                            1. improve indicident detection capabilities
                                                                              1. prevent a sudden or drastic failure
                                                                                1. ensure acceptable degredation of operational status should failure be unstoppable
                                                                                  1. shorten recovery time
                                                                                    1. minimize impact upon eventual occurence of the incident
                                                                                  2. IRBC principles
                                                                                    1. incident prevention - protect ICT services from threats
                                                                                      1. incident detection - detecting incidents at earliest opportunity
                                                                                        1. response - respond to an incident in appropriate manner
                                                                                          1. recovery - identify & implement appropriate recovery strategy ensuring timely resumption of services
                                                                                            1. improvment - lessons learned should b documented, analysed & reviewed
                                                                                            2. IRBC elements
                                                                                              1. people
                                                                                                1. facilities
                                                                                                  1. technology
                                                                                                    1. hardware
                                                                                                      1. network
                                                                                                        1. software
                                                                                                        2. data
                                                                                                          1. processes
                                                                                                            1. suppliers
                                                                                                            Mostrar resumen completo Ocultar resumen completo

                                                                                                            Similar

                                                                                                            Security Mgt, ISO 27001, PDCA
                                                                                                            jjanesko
                                                                                                            Exemplary Assignment Answers
                                                                                                            jjanesko
                                                                                                            Security Mgt, Flashcards for ISO 27000 series
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, risk analysis and mgt (part 1)
                                                                                                            jjanesko
                                                                                                            Security Mgt U8, Information Assurance
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, risk analysis & mgt (part 2)
                                                                                                            jjanesko
                                                                                                            Security Mgt U8, Incident Recovery Image
                                                                                                            jjanesko
                                                                                                            Security Mgt U3, BS7799 (Part 2)
                                                                                                            jjanesko
                                                                                                            Security Mgt U3, BS7799 (Part 1)
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                            jjanesko