Security Mgt, ISO 27031 business continuity planning (intro)

Mind Map by , created over 6 years ago

IYM001 Mind Map on Security Mgt, ISO 27031 business continuity planning (intro), created by jjanesko on 05/07/2013.

Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
Security Mgt U5, risk analysis and mgt (part 1)
Security Mgt: Legislation, Organizations, Standards
Prep Like a Pro with GoConqr's Revision Timetable
Mike Nervo
Missi Shoup
Security Mgt, ISO 27001, PDCA
Security Mgt U3, BS7799 (Part 1)
Security Mgt, Flashcards for ISO 27000 series
Exemplary Assignment Answers
Security Mgt U5, quantitative risk assessment forumula (image)
Security Mgt, ISO 27031 business continuity planning (intro)
1 background
1.1 organizations are reliant on reliable, safe and secure IT structures
1.2 ISO/TC 223 series for Business Continuity Management identifies need
1.2.1 ISO 22301 defines BCM
1.2.2 BCMS - business continuity management system
1.3 failures of ICT services
1.3.1 malware
1.3.2 systems intrusion
1.3.3 impacts continuity of business
1.4 BCM is dependent on ICT to ensure objectives can continue to be met in times of disruptions
1.5 IRBC - ICT readiness for business continuity
1.6 PDCA in IRBC
1.6.1 plan establish IRBC policy, objectives, targets, processes and procedures relevant to managing risk and improving ICT readiness to deliver resultts in accordance with an org's overall BC policies and objectives
1.6.2 do implement the IRBC policy, controls, processes and procedures
1.6.3 check Assess and, where applicable, measure process performance against IRBC policy, objectives & practical experience, and report the results to mgt for review.
1.6.4 act Take corrective and preventative actions, based on the results of the mgt review, to achieve continual improvement of the IRBC.
1.7 ISO/IEC 24762 - disaster recovery planning
1.8 business continuity management is bigger than just focusing on ICT systems
2 role
2.1 respond to changing risk environment
2.2 ensure continuation of critical business operations
2.3 be ready to respond before ICT disruption occurs
2.4 to respond & recover after incidents/disasters and failures
2.5 BCM framework


2.5.1 components policies processes people ICT infrastructure
2.5.2 stages 1. risk assessment / review of BIA 2. strategy 3. BC plan 4. tests & exercises 5. awareness 6. program management & maintenance
2.5.3 ICT output ICT response & recovery ICT risk reduction controls
2.5.4 desired outcome business resiliency
3.1 activities
3.1.1 incident preparedness
3.1.2 operational continuity management
3.1.3 disaster recovery planning
3.1.4 risk mitigation
3.2 aims
3.2.1 improve indicident detection capabilities
3.2.2 prevent a sudden or drastic failure
3.2.3 ensure acceptable degredation of operational status should failure be unstoppable
3.2.4 shorten recovery time
3.2.5 minimize impact upon eventual occurence of the incident
4 IRBC principles
4.1 incident prevention - protect ICT services from threats
4.2 incident detection - detecting incidents at earliest opportunity
4.3 response - respond to an incident in appropriate manner
4.4 recovery - identify & implement appropriate recovery strategy ensuring timely resumption of services
4.5 improvment - lessons learned should b documented, analysed & reviewed
5 IRBC elements
5.1 people
5.2 facilities
5.3 technology
5.3.1 hardware
5.3.2 network
5.3.3 software
5.4 data
5.5 processes
5.6 suppliers

Media attachments