Security Mgt U8, Information Assurance

information assurance concerned with
1. confidentiality
2. integrity
3. availability
4. legality
business continuity planning (BCP)
1. Tested plans and procedures built into the normal operations processes which allow a business to protect itself against threats
  1. includes
    1. damage limitation
    2. recovery
    3. emergency response
    4. crisis management
    5. monitoring
    6. mitigation
    7. acceptance of residual risk
  2. stakeholders
    1. employees
    2. bankers
    3. suppliers
    4. regulators
    5. finance
    6. competitors
    7. shareholders
  3. goal
    1. recovery reducing the impact from untoward events
  4. things to identify during planning (see attached chart)
    Attachments:
    - Security Mgt U8, Incident Recovery Image
    1. what is "normal" output
    2. minimum acceptable output level for business
    3. how long it will take to get back to full production
    4. steps for replacement and repair
    5. resumption time
      1. this is the time from the incident to the achieving minimal acceptable output level
2. NOT a technical issue
  1. board level accountability
  2. ownership by business and operations
  3. stress test based
3. NOT disaster recovery planning
  1. DRP focuses on technology (limited scope) whereas BCP focuses on business processes
legislation, standards and organizations that provide guidance
1. Nimda
2. Code Red
3. SANS
4. Turnbull compliance
5. Basel 2
6. ISO 17799
why?
1. minimize incident impact on org & recover from loss of information assets to an acceptable level through a combo of preventative and recovery controls

Next up

Security Mgt U8, Information Assurance

Description

Resource summary

Similar

	Created by jjanesko over 11 years ago