Enviar búsqueda
Cargar
27ian2011 silensec
•
1 recomendación
•
375 vistas
A
Agora Group
Seguir
Denunciar
Compartir
Denunciar
Compartir
1 de 21
Descargar ahora
Descargar para leer sin conexión
Recomendados
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in Telecoms
Global Risk Forum GRFDavos
Iso27001 Approach
Iso27001 Approach
tschraider
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
CONFENIS 2012
A folder sysem for uks 2008 2011
A folder sysem for uks 2008 2011
Clive Burgess
Iso27001 Audit Services
Iso27001 Audit Services
tschraider
General maintenance procedures
General maintenance procedures
Eugenio maldonado
Reinventing business requirements with decision management
Reinventing business requirements with decision management
Decision Management Solutions
Net challenge training_material_performance management_v05
Net challenge training_material_performance management_v05
netchallenge
Recomendados
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in Telecoms
Global Risk Forum GRFDavos
Iso27001 Approach
Iso27001 Approach
tschraider
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
CONFENIS 2012
A folder sysem for uks 2008 2011
A folder sysem for uks 2008 2011
Clive Burgess
Iso27001 Audit Services
Iso27001 Audit Services
tschraider
General maintenance procedures
General maintenance procedures
Eugenio maldonado
Reinventing business requirements with decision management
Reinventing business requirements with decision management
Decision Management Solutions
Net challenge training_material_performance management_v05
Net challenge training_material_performance management_v05
netchallenge
Business Continuity Audit
Business Continuity Audit
Institute for Business Continuity Training
Ict Into Iso 9001 X Framework
Ict Into Iso 9001 X Framework
John Wachira
Bs25999 business continuity implementation
Bs25999 business continuity implementation
iso27001consulting
Understanding The Business Continuity Management Expectations And Good Practices
Understanding The Business Continuity Management Expectations And Good Practices
Enterprise Security Risk Management
Qms 2008 vs2015 - 1.3
Qms 2008 vs2015 - 1.3
SHASHI P MISHRA
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
PECB
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
Ahmed Riad .
Sample ISO 13485 Quality Manual & Procedures Package
Sample ISO 13485 Quality Manual & Procedures Package
ComplianceOnline
Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...
BSI British Standards Institution
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
Operational Excellence Consulting
Iso 22301
Iso 22301
Craig Willetts ISO Expert
Integrating sms and isms
Integrating sms and isms
Septafiansyah P
TMC Quality Manual
TMC Quality Manual
Doug Taber
IFRS Implementation in Canada - February 2008
IFRS Implementation in Canada - February 2008
Antonello Dessanti
Quality manual for small and medium companies
Quality manual for small and medium companies
billwillis66
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
Credit Policies
Credit Policies
Nirmal Pandya
Business Continuity Management
Business Continuity Management
ECC International
Awareness of iatf 16949
Awareness of iatf 16949
Pavan Patil
Dynamic Strategies Iso Implementation Corporate Presentation Ii
Dynamic Strategies Iso Implementation Corporate Presentation Ii
dynamic67
How to Digitally Transform and Stay Competitive with a Zero-code Digital Busi...
How to Digitally Transform and Stay Competitive with a Zero-code Digital Busi...
Agora Group
Microservicii reutilizabile in arhitecturi bazate pe procese
Microservicii reutilizabile in arhitecturi bazate pe procese
Agora Group
Más contenido relacionado
Similar a 27ian2011 silensec
Business Continuity Audit
Business Continuity Audit
Institute for Business Continuity Training
Ict Into Iso 9001 X Framework
Ict Into Iso 9001 X Framework
John Wachira
Bs25999 business continuity implementation
Bs25999 business continuity implementation
iso27001consulting
Understanding The Business Continuity Management Expectations And Good Practices
Understanding The Business Continuity Management Expectations And Good Practices
Enterprise Security Risk Management
Qms 2008 vs2015 - 1.3
Qms 2008 vs2015 - 1.3
SHASHI P MISHRA
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
PECB
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
Ahmed Riad .
Sample ISO 13485 Quality Manual & Procedures Package
Sample ISO 13485 Quality Manual & Procedures Package
ComplianceOnline
Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...
BSI British Standards Institution
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
Operational Excellence Consulting
Iso 22301
Iso 22301
Craig Willetts ISO Expert
Integrating sms and isms
Integrating sms and isms
Septafiansyah P
TMC Quality Manual
TMC Quality Manual
Doug Taber
IFRS Implementation in Canada - February 2008
IFRS Implementation in Canada - February 2008
Antonello Dessanti
Quality manual for small and medium companies
Quality manual for small and medium companies
billwillis66
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
Credit Policies
Credit Policies
Nirmal Pandya
Business Continuity Management
Business Continuity Management
ECC International
Awareness of iatf 16949
Awareness of iatf 16949
Pavan Patil
Dynamic Strategies Iso Implementation Corporate Presentation Ii
Dynamic Strategies Iso Implementation Corporate Presentation Ii
dynamic67
Similar a 27ian2011 silensec
(20)
Business Continuity Audit
Business Continuity Audit
Ict Into Iso 9001 X Framework
Ict Into Iso 9001 X Framework
Bs25999 business continuity implementation
Bs25999 business continuity implementation
Understanding The Business Continuity Management Expectations And Good Practices
Understanding The Business Continuity Management Expectations And Good Practices
Qms 2008 vs2015 - 1.3
Qms 2008 vs2015 - 1.3
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
Sample ISO 13485 Quality Manual & Procedures Package
Sample ISO 13485 Quality Manual & Procedures Package
Technical Briefing: Business Impact Analysis: understanding what is required ...
Technical Briefing: Business Impact Analysis: understanding what is required ...
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
Iso 22301
Iso 22301
Integrating sms and isms
Integrating sms and isms
TMC Quality Manual
TMC Quality Manual
IFRS Implementation in Canada - February 2008
IFRS Implementation in Canada - February 2008
Quality manual for small and medium companies
Quality manual for small and medium companies
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Credit Policies
Credit Policies
Business Continuity Management
Business Continuity Management
Awareness of iatf 16949
Awareness of iatf 16949
Dynamic Strategies Iso Implementation Corporate Presentation Ii
Dynamic Strategies Iso Implementation Corporate Presentation Ii
Más de Agora Group
How to Digitally Transform and Stay Competitive with a Zero-code Digital Busi...
How to Digitally Transform and Stay Competitive with a Zero-code Digital Busi...
Agora Group
Microservicii reutilizabile in arhitecturi bazate pe procese
Microservicii reutilizabile in arhitecturi bazate pe procese
Agora Group
The role of BPM in Paradigms Shift
The role of BPM in Paradigms Shift
Agora Group
Prezentare Ensight_BPM-20171004
Prezentare Ensight_BPM-20171004
Agora Group
Curs OSINT
Curs OSINT
Agora Group
Curs Digital Forensics
Curs Digital Forensics
Agora Group
The next generation of Companies management: state of the art in BPM
The next generation of Companies management: state of the art in BPM
Agora Group
Speed Dialing the Enterprise
Speed Dialing the Enterprise
Agora Group
ABPMP Romania
ABPMP Romania
Agora Group
Arhitectura proceselor în Sistemul Informațional de Sănătate
Arhitectura proceselor în Sistemul Informațional de Sănătate
Agora Group
IBM’s Smarter Process Reinvent Business
IBM’s Smarter Process Reinvent Business
Agora Group
eHealth 2014_Radu Dop
eHealth 2014_Radu Dop
Agora Group
Importanța registrelor pentru pacienți
Importanța registrelor pentru pacienți
Agora Group
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
Agora Group
Perspective naționale și internaționale ale informaticii și standardelor medi...
Perspective naționale și internaționale ale informaticii și standardelor medi...
Agora Group
UTI_Dosarul electronic de sanatate
UTI_Dosarul electronic de sanatate
Agora Group
Class IT - Enemy inside the wire
Class IT - Enemy inside the wire
Agora Group
Infologica - auditarea aplicatiilor mobile
Infologica - auditarea aplicatiilor mobile
Agora Group
Agora Securitate yugo neumorni
Agora Securitate yugo neumorni
Agora Group
Security threats in the LAN
Security threats in the LAN
Agora Group
Más de Agora Group
(20)
How to Digitally Transform and Stay Competitive with a Zero-code Digital Busi...
How to Digitally Transform and Stay Competitive with a Zero-code Digital Busi...
Microservicii reutilizabile in arhitecturi bazate pe procese
Microservicii reutilizabile in arhitecturi bazate pe procese
The role of BPM in Paradigms Shift
The role of BPM in Paradigms Shift
Prezentare Ensight_BPM-20171004
Prezentare Ensight_BPM-20171004
Curs OSINT
Curs OSINT
Curs Digital Forensics
Curs Digital Forensics
The next generation of Companies management: state of the art in BPM
The next generation of Companies management: state of the art in BPM
Speed Dialing the Enterprise
Speed Dialing the Enterprise
ABPMP Romania
ABPMP Romania
Arhitectura proceselor în Sistemul Informațional de Sănătate
Arhitectura proceselor în Sistemul Informațional de Sănătate
IBM’s Smarter Process Reinvent Business
IBM’s Smarter Process Reinvent Business
eHealth 2014_Radu Dop
eHealth 2014_Radu Dop
Importanța registrelor pentru pacienți
Importanța registrelor pentru pacienți
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
CYBERCRIME AND THE HEALTHCARE INDUSTRY: Sistemul de sănătate, noua țintă a at...
Perspective naționale și internaționale ale informaticii și standardelor medi...
Perspective naționale și internaționale ale informaticii și standardelor medi...
UTI_Dosarul electronic de sanatate
UTI_Dosarul electronic de sanatate
Class IT - Enemy inside the wire
Class IT - Enemy inside the wire
Infologica - auditarea aplicatiilor mobile
Infologica - auditarea aplicatiilor mobile
Agora Securitate yugo neumorni
Agora Securitate yugo neumorni
Security threats in the LAN
Security threats in the LAN
27ian2011 silensec
1.
Managing Business Continuity
with BS25999 – Beyond Technologies Dr. Almerindo Graziano CEO, Silensec al@silensec.com © 2011
2.
About Silensec • IT
Governance – Approved BSI Associate Consultants • Penetration Testing • Security Training • E-fraud and Cybercrime Services • Computer Forensics Services © 2011
3.
Offices
Sheffield (UK) Bucharest (Romania) Nairobi (Kenya) © 2011
4.
Business Continuity
Strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level © 2011
5.
BCM and Incident
Management © 2011
6.
BCM is NOT
Disaster Recovery • Disaster Recovery is an integral part of a Business Continuity plan – REACTIVE process focused on restoring the organization to business as usual after a disaster occurs • Business Continuity is PROACTIVE – its focus is to avoid or mitigate the impact of a risk © 2011
7.
BCMS • A Business
Continuity Management System (BCMS) is the set of processes, people and controls aimed at guaranteeing the continuity of a business in case of a disaster © 2011
8.
BS25999-2 • Business continuity
management – Part 2: Specification (Nov 2007) • Specifies requirements for: – planning, establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented BCMS within the context of managing an organization’s overall business risks It can be used for assessment and certification © 2011
9.
BS25999-1 • Business continuity
management – Part 1: Code of practice (Dec 2006) • Provides guidance on the implementation of the standard It cannot be used for assessment and certification © 2011
10.
BS25999-2 management clauses 3
Planning the business continuity management system 4 Implementing and operating the BCMS 5 Monitoring and reviewing the BCMS 6 Maintaining and improving the BCMS © 2011
11.
BS25999-2 Implementation 3 Planning
the business continuity management system 4 Implementing and 3.1 General 3.2 Establishing and managing the BCMS operating the BCMS 3.2.1 Scope and objectives of the BCMS 3.2.2 BCM Policy 5 Monitoring and 3.2.3 Provision of resources 3.2.4 Competency of BCM personnel reviewing the BCMS 3.3. Embedding BCM in the organization’s culture 3.4 BCMS documentation and records 6 Maintaining and 3.4.1 General 3.4.2 Control of BCMS records improving the BCMS 3.4.3 Control of BCMS documentation © 2011
12.
BS25999-2 Implementation 3 Planning
the business continuity management 4.1 Understanding the organization system 4.1.1 Business impact analysis 4.1.2 Risk assessment 4.1.3 Determining choices 4 Implementing and 4.2 Determining business continuity strategy 4.3 Developing and implementing a BCM response operating the BCMS 4.3.1 General 4.3.2 Incident response structure 5 Monitoring and reviewing 4.3.3 Business continuity plans and incident management plans the BCMS 4.4 Exercising, maintaining and reviewing BCM arrangements 6 Maintaining and improving 4.4.1 General 4.4.2 BCM exercising the BCMS 4.4.3 Maintaining and reviewing BCM arrangements © 2011
13.
4.1 Understanding the
Organization Output Identify Whom do we want to satisfy? Stakeholders What are they interested in? Identify Key What are the required activities, Products & Services assets and resources? What is the impact of disruption to Business Impact those activities? 4.1.1 Analysis (BIA) What are the critical activities? What are the risks to those activities 4.1.2 Risk Assessment (especially to the critical ones) What are the chosen risk 4.1.3 Determine Choices treatments? © 2011
14.
BS25999-2 Implementation 3 Planning
the business continuity management system 4 Implementing and operating the BCMS 5 Monitoring and reviewing the BCMS 6 Maintaining and improving the BCMS 5.1 Internal audit 5.2 Management review of the BCMS 5.2.1 General 5.2.2 Review input 5.2.2 Review output © 2011
15.
BS25999-2 Implementation 3 Planning
the business continuity management system 4 Implementing and operating the BCMS 5 Monitoring and reviewing the BCMS 6 Maintaining and improving the BCMS 6.1 Preventive and corrective actions 6.1.1 General 6.1.2 Preventive action 6.1.3 Corrective action 6.2 Continual improvement © 2011
16.
BCM Documentation Scope and
objectives of the BCMS and procedures BCM policy Provision of resource Competency of BCM personnel and associated training records Business impact analysis Risk assessment Business continuity strategy Incident response structure Business continuity plans and incident management plans BCM exercising Maintenance and review of BCM arrangements Internal audit Management review of the BCMS Preventive and corrective actions Continual improvement BS25999-2 Clause 3.4.1 © 2011
17.
ISO/IEC 27001:2005 controls
for BCP Annex A – Control Objective A.14 – Business Continuity Management Process – Business Continuity and Risk Assessment – Developing and Implementing Continuity Plans – Business Continuity Planning Framework – Testing, Maintaining and Reassessing Business Continuity Plans • ISO/IEC 27031 Information technology - Security techniques - Guidelines for information and communications technology readiness for business continuity (FDIS – Final Draft International Standard) © 2011
18.
Benefits of BS25999
Certification • Most highly recognized BCM standard – Competitive advantage, image, improved client confidence • Ensure effective and efficient use of business continuity technologies • Compliance with legal, regulatory, contractual requirements © 2011
19.
BS/ISO Guidelines • BS
25777:2008, Information and communications technology continuity management - Code of practice ($) • BS ISO/IEC 24762:2008, Information technology - Security techniques - Guidelines for information and Communications technology disaster recovery services ($) • ISO/PAS 22399:2007 – Guideline for incident preparedness and operational continuity management ($) © 2011
20.
BCM Related Standards
and Guidelines (1) • Australia Standards/New Zeland Standars – AS/NZS 5050 : Business Continuity Managing disruption-related risk (Jun 2010) ($) – HB 221:2004 – Business Continuity Management Handbook ($) • Part One: What is Business Continuity Management • Part Two: The BCM Manual – HB 292-2006 – A practitioners guide to business continuity management – HB 293-2006 – Executive guide to business continuity management © 2011
21.
BCM Related Standards
and Guidelines (2) • North America – National Fire Protection Association (NFPA) 1600:2007 Standard on Disaster/Emergency Management and Business Continuity Programs – American Society for Industrial Security ASIS SPC.1-2009 Organizational Resilience: Security Preparedness, and Continuity Management Systems • Singapore – SS540:2008 – Singapore Standard for Business continuity management (BCM) ($) © 2011
Descargar ahora