Security Mgt, ISO 27031 business continuity planning (intro)

jjanesko
Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt, ISO 27031 business continuity planning (intro), created by jjanesko on 05/07/2013.

237
2
0
Tags
jjanesko
Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
jjanesko
Security Mgt U5, risk analysis and mgt (part 1)
jjanesko
Security Mgt: Legislation, Organizations, Standards
jjanesko
Prep Like a Pro with GoConqr's Revision Timetable
Mike Nervo
TISSUE TYPES
Missi Shoup
Security Mgt, ISO 27001, PDCA
jjanesko
Security Mgt U3, BS7799 (Part 1)
jjanesko
Security Mgt, Flashcards for ISO 27000 series
jjanesko
Exemplary Assignment Answers
jjanesko
Security Mgt U5, quantitative risk assessment forumula (image)
jjanesko
Security Mgt, ISO 27031 business continuity planning (intro)
1 background
1.1 organizations are reliant on reliable, safe and secure IT structures
1.2 ISO/TC 223 series for Business Continuity Management identifies need
1.2.1 ISO 22301 defines BCM
1.2.2 BCMS - business continuity management system
1.3 failures of ICT services
1.3.1 malware
1.3.2 systems intrusion
1.3.3 impacts continuity of business
1.4 BCM is dependent on ICT to ensure objectives can continue to be met in times of disruptions
1.5 IRBC - ICT readiness for business continuity
1.6 PDCA in IRBC
1.6.1 plan
1.6.1.1 establish IRBC policy, objectives, targets, processes and procedures relevant to managing risk and improving ICT readiness to deliver resultts in accordance with an org's overall BC policies and objectives
1.6.2 do
1.6.2.1 implement the IRBC policy, controls, processes and procedures
1.6.3 check
1.6.3.1 Assess and, where applicable, measure process performance against IRBC policy, objectives & practical experience, and report the results to mgt for review.
1.6.4 act
1.6.4.1 Take corrective and preventative actions, based on the results of the mgt review, to achieve continual improvement of the IRBC.
1.7 ISO/IEC 24762 - disaster recovery planning
1.8 business continuity management is bigger than just focusing on ICT systems
2 role
2.1 respond to changing risk environment
2.2 ensure continuation of critical business operations
2.3 be ready to respond before ICT disruption occurs
2.4 to respond & recover after incidents/disasters and failures
2.5 BCM framework

Annotations:

  • https://lh5.googleusercontent.com/-60zQyUvfXXQ/UYiGP35kNxI/AAAAAAAAAg8/JRRIhisEaOA/w800-h480/bcm-framework.png
2.5.1 components
2.5.1.1 policies
2.5.1.2 processes
2.5.1.3 people
2.5.1.4 ICT infrastructure
2.5.2 stages
2.5.2.1 1. risk assessment / review of BIA
2.5.2.2 2. strategy
2.5.2.3 3. BC plan
2.5.2.4 4. tests & exercises
2.5.2.5 5. awareness
2.5.2.6 6. program management & maintenance
2.5.3 ICT output
2.5.3.1 ICT response & recovery
2.5.3.2 ICT risk reduction controls
2.5.4 desired outcome
2.5.4.1 business resiliency
3 BCM
3.1 activities
3.1.1 incident preparedness
3.1.2 operational continuity management
3.1.3 disaster recovery planning
3.1.4 risk mitigation
3.2 aims
3.2.1 improve indicident detection capabilities
3.2.2 prevent a sudden or drastic failure
3.2.3 ensure acceptable degredation of operational status should failure be unstoppable
3.2.4 shorten recovery time
3.2.5 minimize impact upon eventual occurence of the incident
4 IRBC principles
4.1 incident prevention - protect ICT services from threats
4.2 incident detection - detecting incidents at earliest opportunity
4.3 response - respond to an incident in appropriate manner
4.4 recovery - identify & implement appropriate recovery strategy ensuring timely resumption of services
4.5 improvment - lessons learned should b documented, analysed & reviewed
5 IRBC elements
5.1 people
5.2 facilities
5.3 technology
5.3.1 hardware
5.3.2 network
5.3.3 software
5.4 data
5.5 processes
5.6 suppliers

Media attachments