Source: http://compliancehome.com/
Nossa Caixa bank, the third-largest public Brazilian bank, has become the first financial institution in the world to achieve BS 25999 certification. The bank was assisted by Modulo, which provided consultancy services and software. www.nossacaixa.com.br
Posted in BS 25999 | No Comments »
Business Continuity Articles for Beginners
Overcoming preparedness fatigue
In the absence of an event or other external mandate, how do you keep management engaged and willing to continuously invest in organizational preparedness?
http://www.continuitycentral.com/feature0561.htm
• Region US/World
Business discontinuity – five common mistakes and how to avoid them
Brian Davey provide some hints and tips on how to avoid five false assumptions organisations can make when implementing their business continuity management programme.
http://www.continuitycentral.com/feature0560.htm
• Region UK/World
Business continuity’s role in supply chain resilience
How to effectively manage supply chain risks. By Charlie Maclean-Bristol.
http://www.continuitycentral.com/feature0558.htm
• Region:UK
Business Continuity Articles for Professionals
Business continuity case study: Watson Wyatt
Continuity Central has been frequently asked for case studies showing business continuity ‘in action’. This is the first in a series of such studies.
http://www.continuitycentral.com/feature0557.htm
• Region:UK
The importance of the network in IT disaster recovery planning
Too many companies are inadequately prepared to deal with adverse events relating to their business and network operations, says Dr. Jim Kennedy.
http://www.continuitycentral.com/feature0554.htm
• Region:US/World
Business resumption safety tips from the American Society of Safety Engineers
To help businesses resume operations safely after a natural disaster, the American Society of Safety Engineers (ASSE) has written a business resumption checklist.
http://www.continuitycentral.com/feature0551.htm
• Region:US
Project risk management: a practical and effective approach
Vicki Wrona provides a practical and effective framework for managing the specific risks associated with projects.
http://www.continuitycentral.com/feature0547.htm
• Region:US/World
Business Continuity Articles for BC-Geeks
How to safely virtualize your IT environment
Virtualization presents risks as well as benefits; Nick Turnbull, provides a list of items that businesses need to consider before virtualizing their environments.
http://www.continuitycentral.com/feature0542.htm
• Region:World
Crisis monitoring : the art of preparation
Proactive threat monitoring is an important aspect of risk management. Steven Burns explains.
http://www.continuitycentral.com/feature0538.htm
• Region: US/World
New ISO standard for IT disaster recovery published
‘ISO/IEC 24762:2008, Information technology – Security techniques – Guidelines for information and communications technology disaster recovery services.’
http://www.continuitycentral.com/news03805.htm
• Region:World
European Network and Information Security Agency issues service continuity report
‘Business and IT Continuity: Overview and Implementation Principles’.
http://www.continuitycentral.com/news03795.htm
• Region:UK/W.Europe
BS 25999 pocket guide published
Gives ‘quick study’ introduction to best practice business continuity management.
http://www.continuitycentral.com/news03796.htm
• Region:UK
Businesses need to understand ‘unique and complex’ Asian terrorism threat
According to Lloyd’s new report ‘Terrorism in Asia: What does it mean for business?’
http://www.continuitycentral.com/news03777.htm
• Region: Various
New ISO standard for state-of-the-art biometric authentication
ISO 19092:2008, Financial services – Biometrics – Security framework, establishes the security requirements for the implementation and management of state-of-the-art biometric identification technology within the financial industry.
http://www.continuitycentral.com/news03756.htm
• Region: World
Posted in BS 25999, Business Continuity Management, Disaster Recovery, General | No Comments »
Let me explain.
BS 25999 was launched in December 2006 (part 1, code of practice) and November 2007 (part 2, specification). It outlines how to implement a business continuity management programme in an organisation and advocates use of a technique called business impact analysis.
Among other things, business impact analysis attempts to understand an organisation’s critical activities and the resources required, including IT systems and services, to keep those activities running at an acceptable level should a serious incident, such as a malicious act causing destructive loss of premises, occur.
A gap analysis is then conducted to determine any differences between the resources the business needs over time from the point of the incident, and the current recovery capability. In effect, the analysis identifies the recovery time objectives and recovery point objectives. The former describe how soon after an outage each system or service needs to be operational, while the latter identify the pre-incident point in time the data needs to be recovered to.
The recovery time and point objectives define the availability requirements of the business, which is an essential element of information security management.
Potential solutions are then explored to fill any gaps discovered. The gap analysis provides a good appreciation of how IT systems and services could be adversely affected by an incident and addresses any misconceptions the business may have regarding the IT department’s ability to recover systems and services.
In my experience as a consultant, such misconceptions are common yet can have major implications for the organisation’s wellbeing. Should a serious incident occur, and the business be unable to recover its critical activities quickly enough to keep impacts within acceptable levels, the consequent loss of credibility, direct financial loss, breach of contracts, and so on, could ultimately damage the bottom line.
The business impact analysis helps business managers gain a better understanding of the extent to which they rely on IT systems and services. The gap analysis allows the IT department to propose ways of filling any existing gaps in recovery time objectives or recovery point objectives through targeted solutions.
Senior management can then either accept the current risk exposure where gaps exist or else provide the IT department with the necessary budget to close the gaps. Either way, senior management will understand the IT recovery capability and how it relates to business need, eliminating any misconceptions.
BS 25999 is the fastest-selling British standard ever. When part 2 was launched, 100 companies had already pre-registered for an accreditation audit. If your organisation doesn’t yet have a business continuity management programme in place, then you should recommend it implements one. The benefits to be gained by the IT department - indeed, the organisation as a whole - make the standard a powerful management tool, with the business impact analysis element helping to improve information security.
Embrace BS 25999. It’s your new best friend.
Posted in BS 25999, General | No Comments »
|
Just as with the Y2K crisis of seven years ago, IT workers are being
called upon to don superhero suits and save the enterprise from
impending technology trouble. But this time, IT will be sifting through
the complexities of the federal Sarbanes-Oxley Act of 2002
Will your SMB be Ready?
|
