Welcome to this, the seventh edition of The ISO17799 newsletter, designed to keep you abreast of updates and developments with respect to the ISO 17799 information security standard.
The information contained in this newsletter is free to our subscribers and provides guidance on practical issues, plus commentary on recent Information Security incidents.
Included in this issue are the following topics:
BUSINESS CONTINUITY FOCUS INCREASES
Section 11 of ISO 17799 devotes itself solely to Business Continuity. This alone gives a clear indication of the growing importance to businesses of having a well structured contingency plan to be implemented in the event of an unexpected disaster or disruptive event.
The process revolves around assessing the risks to the business and identifying the weaknesses and dependencies. Once this process is completed it is necessary to set up back up procedures and processes that can be brought into play when the need arises. The level of sophistication involved in these back up processes and the speed that they can be implemented in an emergency situation will probably determine their costs. Speed and availability are the two critical issues in this scenario.
Developing a comprehensive back up plan from scratch is normally an expensive and time consuming task that can divert scarce resources from other activities. The scale of the task can also be daunting and for many organisations the sheer size of the task often prevents the work from starting. The attitude often becomes “It surely won’t happen to us anyway, will it?……..”
More and more organisations are therefore looking for assistance in setting up these business continuity plans. Fortunately, to provide this help there are now low cost products available. The most popular is probably The BCP Generator, which includes hundreds of pre-designed templates that just have to be completed to produce a coherent plan (see http://www.disaster-recovery-guide.com for information on this and others).
Whatever approach is adopted however, the lack of a living business continuity plan could easily prove to be an Achilles heel. If you haven't got one, WE WOULD STRONGLY ADVISE THAT ONE IS DEVELOPED.