Security Mgt, ISO 27031 business continuity planning (intro)


IYM001 Mind Map on Security Mgt, ISO 27031 business continuity planning (intro), created by jjanesko on 05/07/2013.
Mind Map by jjanesko, updated more than 1 year ago
Created by jjanesko about 10 years ago

Resource summary

Security Mgt, ISO 27031 business continuity planning (intro)
  1. background
    1. organizations are reliant on reliable, safe and secure IT structures
      1. ISO/TC 223 series for Business Continuity Management identifies need
        1. ISO 22301 defines BCM
          1. BCMS - business continuity management system
          2. failures of ICT services
            1. malware
              1. systems intrusion
                1. impacts continuity of business
                2. BCM is dependent on ICT to ensure objectives can continue to be met in times of disruptions
                  1. IRBC - ICT readiness for business continuity
                    1. PDCA in IRBC
                      1. plan
                        1. establish IRBC policy, objectives, targets, processes and procedures relevant to managing risk and improving ICT readiness to deliver resultts in accordance with an org's overall BC policies and objectives
                        2. do
                          1. implement the IRBC policy, controls, processes and procedures
                          2. check
                            1. Assess and, where applicable, measure process performance against IRBC policy, objectives & practical experience, and report the results to mgt for review.
                            2. act
                              1. Take corrective and preventative actions, based on the results of the mgt review, to achieve continual improvement of the IRBC.
                            3. ISO/IEC 24762 - disaster recovery planning
                              1. business continuity management is bigger than just focusing on ICT systems
                              2. role
                                1. respond to changing risk environment
                                  1. ensure continuation of critical business operations
                                    1. be ready to respond before ICT disruption occurs
                                      1. to respond & recover after incidents/disasters and failures
                                        1. BCM framework


                                          1. components
                                            1. policies
                                              1. processes
                                                1. people
                                                  1. ICT infrastructure
                                                  2. stages
                                                    1. 1. risk assessment / review of BIA
                                                      1. 2. strategy
                                                        1. 3. BC plan
                                                          1. 4. tests & exercises
                                                            1. 5. awareness
                                                              1. 6. program management & maintenance
                                                              2. ICT output
                                                                1. ICT response & recovery
                                                                  1. ICT risk reduction controls
                                                                  2. desired outcome
                                                                    1. business resiliency
                                                                2. BCM
                                                                  1. activities
                                                                    1. incident preparedness
                                                                      1. operational continuity management
                                                                        1. disaster recovery planning
                                                                          1. risk mitigation
                                                                          2. aims
                                                                            1. improve indicident detection capabilities
                                                                              1. prevent a sudden or drastic failure
                                                                                1. ensure acceptable degredation of operational status should failure be unstoppable
                                                                                  1. shorten recovery time
                                                                                    1. minimize impact upon eventual occurence of the incident
                                                                                  2. IRBC principles
                                                                                    1. incident prevention - protect ICT services from threats
                                                                                      1. incident detection - detecting incidents at earliest opportunity
                                                                                        1. response - respond to an incident in appropriate manner
                                                                                          1. recovery - identify & implement appropriate recovery strategy ensuring timely resumption of services
                                                                                            1. improvment - lessons learned should b documented, analysed & reviewed
                                                                                            2. IRBC elements
                                                                                              1. people
                                                                                                1. facilities
                                                                                                  1. technology
                                                                                                    1. hardware
                                                                                                      1. network
                                                                                                        1. software
                                                                                                        2. data
                                                                                                          1. processes
                                                                                                            1. suppliers
                                                                                                            Show full summary Hide full summary


                                                                                                            Security Mgt, ISO 27001, PDCA
                                                                                                            Exemplary Assignment Answers
                                                                                                            Security Mgt, Flashcards for ISO 27000 series
                                                                                                            Security Mgt U3, BS7799 (Part 1)
                                                                                                            Security Mgt U3, BS7799 (Part 2)
                                                                                                            Security Mgt U5, risk analysis and mgt (part 1)
                                                                                                            Security Mgt U5, Risk Analysis Methods and Tools (image)
                                                                                                            Security Mgt U5, quantitative risk assessment forumula (image)
                                                                                                            Security Mgt U8, Information Assurance
                                                                                                            Security Mgt U8, Incident Recovery Image
                                                                                                            Security Mgt U5, risk analysis & mgt (part 2)