74191
Security Mgt, ISO 27031
business continuity
planning (intro)
- background
- organizations are reliant on reliable, safe and secure IT structures
- ISO/TC 223 series for Business Continuity Management identifies need
- ISO 22301 defines BCM
- BCMS - business
continuity
management
system
- ISO 22301 defines BCM
- failures of ICT services
- malware
- systems intrusion
- impacts continuity of business
- malware
- BCM is dependent on ICT to ensure objectives can continue to be met in times of disruptions
- IRBC - ICT readiness for business continuity
- PDCA in IRBC
- plan
- establish IRBC policy, objectives, targets, processes and procedures
relevant to managing risk and improving ICT readiness to deliver resultts
in accordance with an org's overall BC policies and objectives
- establish IRBC policy, objectives, targets, processes and procedures
relevant to managing risk and improving ICT readiness to deliver resultts
in accordance with an org's overall BC policies and objectives
- do
- implement the IRBC policy, controls, processes and procedures
- implement the IRBC policy, controls, processes and procedures
- check
- Assess and, where applicable, measure process performance against IRBC
policy, objectives & practical experience, and report the results to mgt for review.
- Assess and, where applicable, measure process performance against IRBC
policy, objectives & practical experience, and report the results to mgt for review.
- act
- Take corrective and preventative actions, based on the results of
the mgt review, to achieve continual improvement of the IRBC.
- Take corrective and preventative actions, based on the results of
the mgt review, to achieve continual improvement of the IRBC.
- plan
- ISO/IEC 24762 - disaster recovery planning
- business continuity management is bigger than just focusing on ICT systems
- organizations are reliant on reliable, safe and secure IT structures
- role
- respond to changing risk environment
- ensure continuation of critical
business operations
- be ready to respond before ICT disruption occurs
- to respond & recover after incidents/disasters and failures
- BCM framework
Annotations:
- https://lh5.googleusercontent.com/-60zQyUvfXXQ/UYiGP35kNxI/AAAAAAAAAg8/JRRIhisEaOA/w800-h480/bcm-framework.png
- components
- policies
- processes
- people
- ICT infrastructure
- policies
- stages
- 1. risk assessment / review of BIA
- 2. strategy
- 3. BC plan
- 4. tests & exercises
- 5. awareness
- 6. program management & maintenance
- 1. risk assessment / review of BIA
- ICT output
- ICT response
& recovery
- ICT risk
reduction controls
- ICT response
& recovery
- desired outcome
- business resiliency
- business resiliency
- respond to changing risk environment
- BCM
- activities
- incident preparedness
- operational continuity management
- disaster recovery planning
- risk mitigation
- incident preparedness
- aims
- improve indicident detection capabilities
- prevent a sudden or drastic failure
- ensure acceptable degredation of operational
status should failure be unstoppable
- shorten recovery time
- minimize impact upon eventual occurence of the incident
- improve indicident detection capabilities
- activities
- IRBC principles
- incident prevention -
protect ICT services
from threats
- incident detection -
detecting incidents at
earliest opportunity
- response - respond to an
incident in appropriate manner
- recovery - identify & implement
appropriate recovery strategy ensuring
timely resumption of services
- improvment - lessons
learned should b documented,
analysed & reviewed
- incident prevention -
protect ICT services
from threats
- IRBC elements
- people
- facilities
- technology
- hardware
- network
- software
- hardware
- data
- processes
- suppliers
- people
Want to create your own Mind Maps for free with GoConqr? Learn more.