Security Mgt, ISO 27031 business continuity planning (intro)

Descrição

IYM001 Mapa Mental sobre Security Mgt, ISO 27031 business continuity planning (intro), criado por jjanesko em 07-05-2013.
jjanesko
Mapa Mental por jjanesko, atualizado more than 1 year ago
jjanesko
Criado por jjanesko mais de 11 anos atrás
323
2

Resumo de Recurso

Security Mgt, ISO 27031 business continuity planning (intro)
  1. background
    1. organizations are reliant on reliable, safe and secure IT structures
      1. ISO/TC 223 series for Business Continuity Management identifies need
        1. ISO 22301 defines BCM
          1. BCMS - business continuity management system
          2. failures of ICT services
            1. malware
              1. systems intrusion
                1. impacts continuity of business
                2. BCM is dependent on ICT to ensure objectives can continue to be met in times of disruptions
                  1. IRBC - ICT readiness for business continuity
                    1. PDCA in IRBC
                      1. plan
                        1. establish IRBC policy, objectives, targets, processes and procedures relevant to managing risk and improving ICT readiness to deliver resultts in accordance with an org's overall BC policies and objectives
                        2. do
                          1. implement the IRBC policy, controls, processes and procedures
                          2. check
                            1. Assess and, where applicable, measure process performance against IRBC policy, objectives & practical experience, and report the results to mgt for review.
                            2. act
                              1. Take corrective and preventative actions, based on the results of the mgt review, to achieve continual improvement of the IRBC.
                            3. ISO/IEC 24762 - disaster recovery planning
                              1. business continuity management is bigger than just focusing on ICT systems
                              2. role
                                1. respond to changing risk environment
                                  1. ensure continuation of critical business operations
                                    1. be ready to respond before ICT disruption occurs
                                      1. to respond & recover after incidents/disasters and failures
                                        1. BCM framework

                                          Anotações:

                                          • https://lh5.googleusercontent.com/-60zQyUvfXXQ/UYiGP35kNxI/AAAAAAAAAg8/JRRIhisEaOA/w800-h480/bcm-framework.png
                                          1. components
                                            1. policies
                                              1. processes
                                                1. people
                                                  1. ICT infrastructure
                                                  2. stages
                                                    1. 1. risk assessment / review of BIA
                                                      1. 2. strategy
                                                        1. 3. BC plan
                                                          1. 4. tests & exercises
                                                            1. 5. awareness
                                                              1. 6. program management & maintenance
                                                              2. ICT output
                                                                1. ICT response & recovery
                                                                  1. ICT risk reduction controls
                                                                  2. desired outcome
                                                                    1. business resiliency
                                                                2. BCM
                                                                  1. activities
                                                                    1. incident preparedness
                                                                      1. operational continuity management
                                                                        1. disaster recovery planning
                                                                          1. risk mitigation
                                                                          2. aims
                                                                            1. improve indicident detection capabilities
                                                                              1. prevent a sudden or drastic failure
                                                                                1. ensure acceptable degredation of operational status should failure be unstoppable
                                                                                  1. shorten recovery time
                                                                                    1. minimize impact upon eventual occurence of the incident
                                                                                  2. IRBC principles
                                                                                    1. incident prevention - protect ICT services from threats
                                                                                      1. incident detection - detecting incidents at earliest opportunity
                                                                                        1. response - respond to an incident in appropriate manner
                                                                                          1. recovery - identify & implement appropriate recovery strategy ensuring timely resumption of services
                                                                                            1. improvment - lessons learned should b documented, analysed & reviewed
                                                                                            2. IRBC elements
                                                                                              1. people
                                                                                                1. facilities
                                                                                                  1. technology
                                                                                                    1. hardware
                                                                                                      1. network
                                                                                                        1. software
                                                                                                        2. data
                                                                                                          1. processes
                                                                                                            1. suppliers

                                                                                                            Semelhante

                                                                                                            Security Mgt, ISO 27001, PDCA
                                                                                                            jjanesko
                                                                                                            Exemplary Assignment Answers
                                                                                                            jjanesko
                                                                                                            Security Mgt, Flashcards for ISO 27000 series
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, risk analysis and mgt (part 1)
                                                                                                            jjanesko
                                                                                                            Security Mgt U8, Information Assurance
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, risk analysis & mgt (part 2)
                                                                                                            jjanesko
                                                                                                            Security Mgt U8, Incident Recovery Image
                                                                                                            jjanesko
                                                                                                            Security Mgt U3, BS7799 (Part 2)
                                                                                                            jjanesko
                                                                                                            Security Mgt U3, BS7799 (Part 1)
                                                                                                            jjanesko
                                                                                                            Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                            jjanesko