Welcome to the ninth issue of ISO 17799 News, designed to keep you abreast of developments and news with respect to ISO17799 and information security.
The newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Included in this edition are the following topics:
BCP/DRP IS NOT JUST AN ACADEMIC EXERCISE
The recent disastrous events in the United Kingdom and the United States, when the electricity supply was interrupted without warning, has emphasized the urgency of the need for all organizations to prepare a Disaster Recovery Plan. Disaster Recovery Planning (DRP) is essential for the continuation of key business services, in the event of an unexpected occurrence that seriously disrupts the business process.
One information security issue when initiating the plan is that there may well be a lack of commitment from the Board or top management to formalize the BCP/DRP in terms of development, and if this is the case, it is likely to result in an inadequate process. For the DRP project to be effective, it is advised that a structured process is followed when initiating the plan and that the Board or Governing Body itself actually approves the project initiation formally and ensures that their will be adequate resources available to manage the project.
The importance of this level of commitment from the very top cannot be over emphasized.
A risk assessment should then be carried out to analyze the DRP security threat and analyses the nature of such unexpected occurrences, the potential impact it may cause, and the likelihood of these occurrences becoming serious incidents.