Security Mgt, BCP

Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt, BCP, created by jjanesko on 05/06/2013.

Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
Security Mgt: Legislation, Organizations, Standards
Security Mgt U5, risk analysis and mgt (part 1)
Unit 2 flashcards
C1:Making Crude Oil Useful (Science-GCSE)
Temi Onas
Security Mgt, ISO 27001, PDCA
Security Mgt U3, BS7799 (Part 1)
Security Mgt, Flashcards for ISO 27000 series
Exemplary Assignment Answers
Security Mgt U5, quantitative risk assessment forumula (image)
Security Mgt, BCP
1 business continuity planning
1.1 provides reassurance to the organization tha tin the vent of a major disaster such as flood, fire or power outage, the organization would be able to counteract these disruptions in a timely manner
1.2 helps minimize the impact which such disruptions would have on identified critical assets and allow for a timely resumption of such assets
1.3 testing needed
1.4 process for an organization continued operatino despite events that would otherwise disrupt or halt operations,, maintain minimum business continuity objectives (MBCO) whilst restoring full operations - recovery time objectives (RTO) as fast as possible
1.5 concerned with ensuring the continuity of business operations in the event of a catastrophic failure tha could cause not only the inability of operations, but damage to share value, reputation, brand, customer confidence..
1.6 avoid creep
1.6.1 where incidents create an avalanche effect
1.7 focuses on availability of systems
1.8 includes disaster recovery planning, crisis management, emergency response, damage limitation...
1.9 takes into consideration stakeholders impacted
1.9.1 business processes
1.9.2 people
1.9.3 premises
1.9.4 customers
1.9.5 local community
1.9.6 competitors
1.9.7 shareholders
2 considerations
2.1 identify core information assets and perform risk assessment
2.2 assets should be prioritzied in terms of criticality
2.3 Resources needed to address incidents must be assured to be available.
2.4 safety of staff must be kept in mind
2.5 planning should be done with impacted people
2.6 should be documented
2.7 assess worse case scenario
3 examples
3.1 email server down
3.1.1 impact no email with clients loss of business deals reputation is damaage
3.1.2 likelihood = low
3.1.3 plan have offsite server that replicates onsite system
3.2 electricity goes out
3.2.1 impact staff can't work servers could be impacted plan alternative power supply
4 threats
4.1 technical
4.1.1 hardware and software failures including power and telecom
4.2 social
4.2.1 human inflicted event
4.3 environmentsl
4.3.1 natural variables such as floods, storms, earthquakes, fire...
5 legislation
5.1 Basel II
5.2 FISMA (federal information security management act)
5.2.1 US law intended to prevent governmental information, operations, assets against natural and manmade threats
5.3 Turnbull
6 standards
6.1 ISO 22301
6.2 ISO 27031
6.3 ISO27001 control objective A.14
7 disaster recovery plan
7.1 process by which you resume business after a disruptive event
7.2 based on a solid business continuity plan
7.3 focussed on IT systems and the recovery of those systems in the event of a systems failure that leads the organization to not be able to function normally
7.4 reacive process triggered by disruptive impacts to the organisations's critical technology infrastructure

Media attachments