73619
Security Mgt, BCP
- business continuity planning
- provides reassurance to the organization tha tin the
vent of a major disaster such as flood, fire or power
outage, the organization would be able to
counteract these disruptions in a timely manner
- helps minimize the impact which such disruptions
would have on identified critical assets and allow for
a timely resumption of such assets
- testing needed
- process for an organization continued operatino despite events
that would otherwise disrupt or halt operations,, maintain
minimum business continuity objectives (MBCO) whilst
restoring full operations - recovery time objectives (RTO) as
fast as possible
- concerned with ensuring the continuity of business
operations in the event of a catastrophic failure tha could
cause not only the inability of operations, but damage to
share value, reputation, brand, customer confidence..
- avoid creep
- where incidents create an
avalanche effect
- where incidents create an
avalanche effect
- focuses on availability of systems
- includes disaster recovery planning,
crisis management, emergency
response, damage limitation...
- takes into consideration stakeholders impacted
- business processes
- people
- premises
- customers
- local community
- competitors
- shareholders
- business processes
- provides reassurance to the organization tha tin the
vent of a major disaster such as flood, fire or power
outage, the organization would be able to
counteract these disruptions in a timely manner
- considerations
- identify core
information assets and
perform risk
assessment
- assets should be
prioritzied in terms
of criticality
- Resources needed to
address incidents must be
assured to be available.
- safety of staff must
be kept in mind
- planning should be
done with impacted
people
- should be
documented
- assess
worse case
scenario
- identify core
information assets and
perform risk
assessment
- examples
- email server down
- impact
- no email with clients
- loss of business deals
- reputation is damaage
- no email with clients
- likelihood = low
- plan
- have offsite server that
replicates onsite system
- have offsite server that
replicates onsite system
- impact
- electricity goes out
- impact
- staff can't work
- servers could
be impacted
- plan
- alternative power supply
- alternative power supply
- staff can't work
- impact
- email server down
- threats
- technical
- hardware and software failures including power and telecom
- hardware and software failures including power and telecom
- social
- human inflicted event
- human inflicted event
- environmentsl
- natural variables such as floods, storms, earthquakes, fire...
- natural variables such as floods, storms, earthquakes, fire...
- technical
- legislation
- Basel II
- FISMA (federal
information security
management act)
- US law intended to prevent governmental
information, operations, assets against
natural and manmade threats
- US law intended to prevent governmental
information, operations, assets against
natural and manmade threats
- Turnbull
- Basel II
- standards
- ISO 22301
- ISO 27031
- ISO27001 control objective A.14
- ISO 22301
- disaster recovery plan
- process by which you resume
business after a disruptive event
- based on a solid
business continuity plan
- focussed on IT systems and the recovery of those
systems in the event of a systems failure that leads
the organization to not be able to function normally
- reacive process triggered by
disruptive impacts to the
organisations's critical technology
infrastructure
- process by which you resume
business after a disruptive event
Want to create your own Mind Maps for free with GoConqr? Learn more.