Security Mgt, BCP

Descrição

IYM001 Mapa Mental sobre Security Mgt, BCP, criado por jjanesko em 06-05-2013.
jjanesko
Mapa Mental por jjanesko, atualizado more than 1 year ago
jjanesko
Criado por jjanesko mais de 11 anos atrás
98
1

Resumo de Recurso

Security Mgt, BCP
  1. business continuity planning
    1. provides reassurance to the organization tha tin the vent of a major disaster such as flood, fire or power outage, the organization would be able to counteract these disruptions in a timely manner
      1. helps minimize the impact which such disruptions would have on identified critical assets and allow for a timely resumption of such assets
        1. testing needed
          1. process for an organization continued operatino despite events that would otherwise disrupt or halt operations,, maintain minimum business continuity objectives (MBCO) whilst restoring full operations - recovery time objectives (RTO) as fast as possible
            1. concerned with ensuring the continuity of business operations in the event of a catastrophic failure tha could cause not only the inability of operations, but damage to share value, reputation, brand, customer confidence..
              1. avoid creep
                1. where incidents create an avalanche effect
                2. focuses on availability of systems
                  1. includes disaster recovery planning, crisis management, emergency response, damage limitation...
                    1. takes into consideration stakeholders impacted
                      1. business processes
                        1. people
                          1. premises
                            1. customers
                              1. local community
                                1. competitors
                                  1. shareholders
                                2. considerations
                                  1. identify core information assets and perform risk assessment
                                    1. assets should be prioritzied in terms of criticality
                                      1. Resources needed to address incidents must be assured to be available.
                                        1. safety of staff must be kept in mind
                                          1. planning should be done with impacted people
                                            1. should be documented
                                              1. assess worse case scenario
                                              2. examples
                                                1. email server down
                                                  1. impact
                                                    1. no email with clients
                                                      1. loss of business deals
                                                        1. reputation is damaage
                                                        2. likelihood = low
                                                          1. plan
                                                            1. have offsite server that replicates onsite system
                                                          2. electricity goes out
                                                            1. impact
                                                              1. staff can't work
                                                                1. servers could be impacted
                                                                  1. plan
                                                                    1. alternative power supply
                                                              2. threats
                                                                1. technical
                                                                  1. hardware and software failures including power and telecom
                                                                  2. social
                                                                    1. human inflicted event
                                                                    2. environmentsl
                                                                      1. natural variables such as floods, storms, earthquakes, fire...
                                                                    3. legislation
                                                                      1. Basel II
                                                                        1. FISMA (federal information security management act)
                                                                          1. US law intended to prevent governmental information, operations, assets against natural and manmade threats
                                                                          2. Turnbull
                                                                          3. standards
                                                                            1. ISO 22301
                                                                              1. ISO 27031
                                                                                1. ISO27001 control objective A.14
                                                                                2. disaster recovery plan
                                                                                  1. process by which you resume business after a disruptive event
                                                                                    1. based on a solid business continuity plan
                                                                                      1. focussed on IT systems and the recovery of those systems in the event of a systems failure that leads the organization to not be able to function normally
                                                                                        1. reacive process triggered by disruptive impacts to the organisations's critical technology infrastructure

                                                                                        Semelhante

                                                                                        Security Mgt, ISO 27001, PDCA
                                                                                        jjanesko
                                                                                        Exemplary Assignment Answers
                                                                                        jjanesko
                                                                                        Security Mgt, Flashcards for ISO 27000 series
                                                                                        jjanesko
                                                                                        Security Mgt U5, risk analysis and mgt (part 1)
                                                                                        jjanesko
                                                                                        Security Mgt U8, Information Assurance
                                                                                        jjanesko
                                                                                        Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                        jjanesko
                                                                                        Security Mgt U5, risk analysis & mgt (part 2)
                                                                                        jjanesko
                                                                                        Security Mgt U8, Incident Recovery Image
                                                                                        jjanesko
                                                                                        Security Mgt U3, BS7799 (Part 2)
                                                                                        jjanesko
                                                                                        Security Mgt U3, BS7799 (Part 1)
                                                                                        jjanesko
                                                                                        Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                        jjanesko