Wednesday, April 16th, 2008
The National Institute of Standards and Technology (NIST) has released the second public draft of NIST Special Publication 800-39, ‘Managing Risk from Information Systems: An Organizational Perspective’, for comment. This is the flagship publication in a series of standards and guidelines developed by NIST that relate to the Federal Information Security Management Act.
Special Publication 800-39 provides a framework for managing the risk arising from the operation and use of information systems and is built upon a common foundation of best security practices. The target audience for this publication includes agency heads, chief information officers, information system designers, developers and administrators, auditors and inspectors general.
The public comment period is from April 7-30, 2008. Comments should be emailed to sec-cert@nist.gov
Download a copy of the publication here (PDF).
Posted in Disaster Recovery, Information Security | No Comments »
Thursday, April 10th, 2008
Since 2000, our world has seen dramatic changes that have caused an evolution in business continuity thinking. It used to be that recovery-minded organizations focused on preventing and avoiding disasters. Today, it seems inevitable that nearly everyone will be faced with unexpected “bumps” in the terrain from time to time. The focus is changing from avoidance of threat to “landing on your feet” in spite of it.
In other words, organizations have found it necessary to become better prepared and be more proactive about risk management. While the imagined “disaster” in a disaster recovery scenario used to be an environmental one – fire, flood, or tornado – thus far in the 21st century we’ve seen likely examples of “disaster” expand to include terrorist attacks with global political implications; strings of powerful hurricanes; international power grid failure; threats such as data worms and hackers; and ordinary business events such as mergers and acquisitions, increased outsourcing of business processes, and application process failures.
The bottom line these days is that if it’s disruptive to your organization, it’s a crisis, regardless of the cause. And the pressures for risk management planning are both internal and external.
At the midpoint of the first decade of the 21st century, certain trends in business continuity thinking have been established. A consideration of them, as well as several emerging trends, may help clarify what organizations need to consider today in order to prepare themselves for tomorrow.
>>>>>>>> Click Here to Read the Entire Article <<<<<<<<<<<
Posted in Business Continuity Management, Disaster Recovery, General | No Comments »
Tuesday, March 18th, 2008
When we think of disaster, we tend to think of fires, floods, hurricanes, earthquakes, and now terrorism. But an event does not need to be large-scale or catastrophic to qualify as a disaster. Human error, malicious behavior, and even the complexity of the systems themselves can bring about high-impact outages that affect your service levels and business operations. In order to build a resilient communications network that can survive any type of disaster, organizations must create a contingency plan that considers the people, hardware, operating and escalation plans, and, ultimately, the money to put it all together and keep it running.
Developing an Uptime Plan
Developing an uptime management plan provides organizations with a structured way to assess critical processes and threats, and to build a program of detection, notification, restoration, and recovery to implement when a disaster or major disruption occurs.
The National Institute of Standards and Technology (NIST) has produced a Contingency Planning Guide for Information Technology Systems which is an invaluable resource to help any organization with this goal. It outlines a seven-step approach:
>>>>>>>> Click Here to Read the Entire Article <<<<<<<<<<<
Posted in Business Continuity Management, Disaster Recovery | No Comments »
