Developing an Enterprise Continuity Program

✍ Scribed by Sergei Petrenko

Year: 2021
Tongue: English
Leaves: 586
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

The book discusses the activities involved in developing an Enterprise ContinuityProgram (ECP) that will cover both Business Continuity Management (BCM) as wellas Disaster Recovery Management (DRM). The creation of quantitative metrics for BCM are discussed as well as several models and methods that correspond to the goals and objectives of the International Standards Organization (ISO) Technical Committee ISO/TC 292"Security and resilience." Significantly, the book contains the results of not only qualitative, but also quantitative, measures of Cyber Resilience which for the first time regulates organizations' activities on protecting their critical information infrastructure. The book discusses the recommendations of the ISO 22301: 2019 standard "Security and resilience -- Business continuity management systems -- Requirements" for improving the BCM of organizations based on the well-known "Plan-Do-Check-Act" (PDCA) model. It also discusses the recommendations of the following ISO management systems standards that are widely used to support BCM. The ISO 9001 standard "Quality Management Systems"; ISO 14001 "Environmental Management Systems"; ISO 31000 "Risk Management", ISO/IEC 20000-1 "Information Technology - Service Management", ISO/IEC 27001 "Information Management security systems", ISO 28000 "Specification for security management systems for the supply chain", ASIS ORM.1-2017, NIST SP800-34, NFPA 1600: 2019, COBIT 2019, RESILIA, ITIL V4 and MOF 4.0, etc. The book expands on the best practices of the British Business Continuity Institute's Good Practice Guidelines (2018 Edition), along with guidance from the Disaster Recovery Institute's Professional Practices for Business Continuity Management (2017 Edition). Possible methods of conducting ECP projects in the field of BCM are considered in detail. Based on the practical experience of the author there are examples of Risk Assessment(RA) and Business Impact Analysis (BIA), examples of Business Continuity Plans(BCP) & Disaster Recovery Plans (DRP) and relevant BCP & DRP testingplans. This book will be useful to Chief Information Security Officers, internal and external Certified Information Systems Auditors, senior managers within companies who are responsible for ensuring business continuity and cyberstability, as well as teachers and students of MBA's, CIO and CSO programs.

✦ Table of Contents

Cover
Title
Half title
Copyrights
Contents
Foreword
Preface
Acknowledgements
List of Figures
List of Tables
List of Abbreviations
Glossary
Introduction
1 ECP Relevance
1.1 Motivation and Achievable Benefits
1.1.1 Examples of Incidents
1.1.2 The Main Reasons
1.1.3 Economic Feasibility
1.1.4 Additional Advantages
1.2 ECP Content and Structure
1.2.1 Background
1.2.2 Cloud Perspectives
1.2.3 ECP Practice
1.3 Example of Task Statement
1.3.1 The Purpose and Objectives of Work
1.3.2 Work Duration
1.4 Analysis of BCM Technologies
1.4.1 General Approaches and Directions
1.4.2 Infrastructure Decisions
1.4.3 Software
1.5 Business Continuity and Cyber Resilience
1.5.1 Basic Concepts and Definitions of Cyber Resilience
1.5.2 Cyber Transformation Trends
1.5.3 Mathematical Problem Definition
2 BCM Best Practice
2.1 The International ISO 22301:2019 Standard
2.1.1 First Version of the Standard
2.1.2 Second Version of Standard
2.2 BCI Practice
2.2.1 Activity Directions
2.2.2 Main Results
2.3 DRI Practice
2.3.1 Direction of Activity
2.3.2 Features of the Approach
2.4 SANS Institute Practice
2.4.1 BCP Development
2.4.2 BCP Testing
2.5 AS/NZS 5050:2010 Standard
2.5.1 Basic Recommendations
2.5.2 The Application Specifics
2.6 Risk Management Practices
2.6.1 ISO 31000 Family of Standards
2.6.2 Managing Cyber Risks
2.6.3 The NIST SP 800-30 Standard
2.6.4 OCTAVE Methodology
2.6.5 MG-2 Lifecycle
2.6.6 COBIT 2019 Standard
2.6.7 SA-CMM Maturity Model
2.7 Business Process Description Practices
2.7.1 Process Modeling
2.7.2 NGOSS Methodology
2.8 COBIT Standard® 2019
2.8.1 Description of the DSS04 process
2.8.2 DSS04 Maturity Levels
2.9 ITIL V4 Library
2.9.1 The ITSCM Process
2.9.2 ITSCM Implementation
2.10 ISO/IEC 27001:2013 andISO/IEC 27031:2011 Standards
2.10.1 BCM Aspects
2.10.2 BCP Development and Implementation
2.11 Possible Measures and Metrics
2.11.1 Introducing a Passport System for Programs
2.11.2 Intellectual Cyber Resilience Orchestration
3 BC Project Management
3.1 Accenture Practice
3.1.1 RA and BIA
3.1.2 Definition of BC Strategy
3.1.3 Improving the BC Strategy
3.2 Ernst & Young (E&Y) Experience
3.2.1 ECP Program Maturity Assessment
3.2.2 Developing a BCM Strategy
3.2.3 Implementing a BCM Strategy
3.3 IBM Practice
3.3.1 Methods of Work Performance
3.3.2 IBM BCRS Approach
3.3.3 Services IBM BCRS
3.3.4 Example of a Solution Selection
3.3.5 Example of Task Statement
3.4 Hewlett-Packard Practice
3.4.1 Evaluating the Current ECP State
3.4.2 Developing a BCM Strategy
3.4.3 Implementing a BCM Strategy
3.5 EMC Practice
3.5.1 Type of Work
3.5.2 EMC Methodology
3.6 Microsoft Practice
3.6.1 Characteristics of the Approach
3.6.2 ITCM Function
4 ECP Development Samples
4.1 Characteristics of the Research Object
4.1.1 Current Active Directory Architecture
4.1.2 Target Active Directory Architecture
4.2 BIA Example
4.2.1 Classification of Active Directory Processes andServices
4.2.2 Calculating RTO and RPO
4.2.3 Active Directory Interrupt Scenarios
4.3 Defining BC Strategies
4.3.1 General Requirements
4.3.2 Detailed Reading of RTO and RPO
4.3.3 Selection of Technical Solutions
4.3.4 Possible Recovery Strategies
4.3.5 Restoring the IT Service
4.3.6 The Business Recovery
4.4 BCP Example
4.4.1 Requirements Analysis
4.4.2 BCP Content and Structure
4.4.3 Management Procedure
4.4.4 BCP Testing
Conclusion
References
Index
About the Author

📜 SIMILAR VOLUMES

Building an Enterprise-Wide Business Con

📁 Building an Enterprise-Wide Business Continuity Program

✍ Kelley Okolita 📂 Library 📅 2009 🏛 Auerbach Publications 🌐 English

If you had to evacuate from your building right now and were told you couldn’t get back in for two weeks, would you know what to do to ensure your business continues to operate? Would your staff? Would every person who works for your organization? Increasing threats to business operations, both n

Building an Enterprise-Wide Business Con

📁 Building an Enterprise-Wide Business Continuity Program

✍ Kelley Okolita (Author) 📂 Library 📅 2010 🏛 Auerbach Publications

<p>If you had to evacuate from your building right now and were told you couldn`t get back in for two weeks, would you know what to do to ensure your business continues to operate? Would your staff? Would every person who works for your organization? Increasing threats to business operations, both n

Developing an Enterprise Continuity Prog

📁 Developing an Enterprise Continuity Program (River Publishers Series in Information Science and Technology)

✍ Sergei Petrenko 📂 Library 📅 2021 🏛 River Publishers 🌐 English

<p>The book discusses the activities involved in developing an Enterprise ContinuityProgram (ECP) that will cover both Business Continuity Management (BCM) as wellas Disaster Recovery Management (DRM).</p>

Continuous Enterprise Development in Jav

📁 Continuous Enterprise Development in Java

✍ Knutsen, Aslak;Rubinger, Andrew Lee 📂 Library 📅 2014 🏛 O'Reilly Media 🌐 English

Learn a use-case approach for developing Java enterprise applications in a continuously test-driven fashion. With this hands-on guide, authors and JBoss project leaders Andrew Lee Rubinger and Aslak Knutsen show you how to build high-level components, from persistent storage to the user interface, u

Continuous Enterprise Development in Jav

📁 Continuous Enterprise Development in Java

✍ Andrew Lee Rubinger and Aslak Knutsen 📂 Library 📅 2014 🏛 O'Reilly Media 🌐 English

Continuous Enterprise Development in Jav

📁 Continuous Enterprise Development in Java

✍ Andrew Lee Rubinger and Aslak Knutsen 📂 Library 📅 2014 🏛 O'Reilly Media 🌐 English