Business Continuity Management:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
=='''Business Continuity Management'''==
=='''Business Continuity Management'''==
ISO 27001 defines Business Continuity Management objectives to counteract interruptions to business and protect critical business processes from the effects of major failures or disasters. This section provides templates for Information Security standards that are required to comply with ISO Business Continuity Management objectives and support the objectives established in the Asset Protection Policy, and Threat Assessment and Monitoring Policy.<br>
ISO 27001 defines Business Continuity Management objectives to counteract interruptions to business and protect critical business processes from the effects of major failures or disasters. This section provides templates for Information Security standards that are required to comply with ISO Business Continuity Management objectives and support the objectives established in the Asset Protection Policy, and Threat Assessment and Monitoring Policy.<br>
<br>
<br>
Line 11: Line 12:
:The Incident Response Standard is required to comply with ISO Business Continuity Management and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for developing and exercising formal plans, and associated metrics, for responding to security incidents and intrusions.<br>
:The Incident Response Standard is required to comply with ISO Business Continuity Management and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for developing and exercising formal plans, and associated metrics, for responding to security incidents and intrusions.<br>
<br>
<br>
=='''IT Service Continuity Management'''==
IT Service Continuity Management helps to ensure the availability and rapid restoration of IT services in the event of a disaster. The high level activities are [[Risk Analysis]], [[Manage Plan Management]], [[Contingency Plan Testing]], and [[Risk Management]].
==References==
See: [[Continuity Management]]

Revision as of 16:48, 20 March 2007

Business Continuity Management

ISO 27001 defines Business Continuity Management objectives to counteract interruptions to business and protect critical business processes from the effects of major failures or disasters. This section provides templates for Information Security standards that are required to comply with ISO Business Continuity Management objectives and support the objectives established in the Asset Protection Policy, and Threat Assessment and Monitoring Policy.

1. Sample ISO Availability Protection Standard
The Availability Protection Standard is required to comply with ISO Business Continuity Management objectives and builds on the objectives established in the Asset Protection Policy by providing specific requirements for protecting the availability of information assets.


2. Sample ISO Threat Monitoring Standard
The Threat Monitoring Standard is required to comply with ISO Business Continuity Management objectives and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for periodically identifying, analyzing, and prioritizing threats to sensitive information such as health information pertaining to individuals. The Threat Monitoring Standard provides specific requirements for performing real-time intrusion detection monitoring and periodic intrusion detection analysis to detect threat and intrusion activity.


3. Sample ISO Incident Response Standard
The Incident Response Standard is required to comply with ISO Business Continuity Management and builds on the objectives established in the Threat Assessment and Monitoring Policy by providing specific requirements for developing and exercising formal plans, and associated metrics, for responding to security incidents and intrusions.


IT Service Continuity Management

IT Service Continuity Management helps to ensure the availability and rapid restoration of IT services in the event of a disaster. The high level activities are Risk Analysis, Manage Plan Management, Contingency Plan Testing, and Risk Management.

References

See: Continuity Management