Information security aspects of business continuity management

Authors

DOI:

https://doi.org/10.20535/2411-1031.2019.7.2.190555

Keywords:

Information security, business continuity management, process approach, risk assessment, maximum tolerable period of disruption, recovery time objective, recovery point objective.

Abstract

Most of modern enterprises use information infrastructure and corporate information systems to organize their businesses. Continuity of business processes, availability and integrity of data and the activity of the organization as a whole depend directly on the reliability and security of their functioning. The article deals with the issues of ensuring the sustainability of basic business processes and information security of organizations to the negative impacts of natural, man-made, economic, social nature emergencies, as well as the issue of recovery of business and the necessary level of continuity in information security during and after situations that hindered the regular functioning of the organization, taking into account the nature and extent of their impact. In the first case, the task of managing business continuity is preventing a risky event, developing and implementing preventative measures. In the second case, the task of managing business continuity is reducing the impact of negative consequences, that caused interruption of activity of organization, reducing the time it takes to replace assets, and reducing the costs related to the replacement. The evolution of approaches to ensure the continuity of the business is described. An overview of standards and other regulations, where best practices in building business continuity management systems are reflected, are done. In the context of the process model of management, the main stages of business continuity management, which consist in the sequential implementation of the closed cycle “Plan – Do – Check – Act”, namely: the processes of planning, implementation, maintenance, monitoring, analyzing and improving the performance of business continuity management system, are considered. Attention is drawn to the fact that organizations within this system must develop, document, implement and maintain security procedures and security measures to ensure the necessary level of information security continuity in the face of threats and destabilizing factors of various nature. Conclusions have been made regarding the benefits that organizations gained due to developed and implemented a business continuity management system that has measures for information security.

Author Biographies

Nataliia Kukharska, Lviv state university of life safety, Lviv,

candidate of physical and mathematical
sciences, associate professor, associate
professor of information security
academic department

Orest Polotai, Lviv state university of life safety, Lviv,

candidate of technical sciences,
associate professor of information
security academic department

References

N.N. Taleb, The Black Swan: The Impact of the Highly Improbable. New York, USA: Random House Publishing Group, 2007.

The One Essential Guide to Disaster Recovery: How to Insure IT and Business Continuity. [Online]. Available: https://www.pax8.com/resource/display/1499. Accessed on: May 02, 2019.

DRP & BCP. Disaster Recovery and Business Continuity Plan. Exclusive research 2018 from IDC. [Online]. https://www.business-solutions.telefonica.com/media/2207/drp_bcp-white-paper-may18-web.pdf. Accessed on: May 02, 2019.

International Organization for Standardization. (2012, May 15). ISO 22301. Societal security. Business continuity management systems. Requirements. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:50038:en. Accessed on: May 02, 2019.

A. Hiles, The Definitive Handbook of Business Continuity Management. Chichester, England: John Wiley & Sons, 2011.

S. Snedaker, Business Continuity and Disaster Recovery for IT Professionals. Burlington, USA: Syngress Publishing, 2013.

J. Rittinghouse, and J. Ransome, Business Continuity and Disaster Recovery for InfoSec Managers. Oxford, USA: Elsevier, 2005.

M. Wieczorek, U. Naujoks, and B. Bartlett, Business Continuity: IT Risk Management for International. Berlin, Germany: Springer, 2002.

S. Akhtar, and S. Afsar, Business Continuity Planning Methodology. Mississauga, Canada: Sentryx, 2004.

Business Continuity Preparedness Handbook. AT&T Believes. 2016. [Online]. Available: https://www.attbelieves.com/ecms/dam/pages/disaster_relief/AT&T%20BCH.pdf. Accessed on: May 02, 2019.

С.А. Петренко, и А.В. Беляев, Управление непрерывностью бизнеса. Ваш бизнес будет продолжаться. Информационные технологии для инженеров. Москва, Российская Федерация: ДМК Пресс, 2018.

Kurt J. Engemann, The Routledge Companion to Risk, Crisis and Security in Business. New York, USA: Routledge, 2018.

Enhancing business continuity management to address changing business realities. New York, USA: IBM Corporation, 2017. [Online]. Available: https://www.ibm.com/downloads/ cas/ZGLEMLRR. Accessed on: May 02, 2019.

В.В. Якубовський, “Сучасні підходи та моделі в менеджменті безперервності бізнесу”, Актуальні проблеми міжнародних відносин, вип. 126, ч. ІІ, с. 91-100, 2015.

International Organization for Standardization. (2011, Dec. 15). ISO 22313. Societal security. Business continuity management systems. Guidance. [Online]. https://www.iso.org/standard/ 50050.html. Accessed on: May 02, 2019.

International Organization for Standardization. (2011, March 01). ISO/IEC 27031. Information Technology. Security Techniques. Guidelines for Information and Communication Technology Readiness for Business Continuity. [Online]. https://www.iso.org/obp/ui/#iso:std:iso-iec:27031:ed-1:v1:en. Accessed on: May 02, 2019.

Н.П. Кухарська, “IRBC – взаємозв’язок процесів управління інформаційною безпекою і безперервністю діяльності організацій”, на І Міжнар. наук.-техн. конф. Інформаційна безпека в сучасному суспільстві, Львів, 2014, с. 35-37.

International Organization for Standardization. (2013, Okt. 01). ISO/IEC 27001. Information technology. Security techniques. Information security management systems. Requirements. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en. Accessed on: May 02, 2019.

International Organization for Standardization. (2018, June 06). ISO/IEC 27005. Information technology. Security techniques. Information security risk management. [Online]. https://www.iso.org/ru/standard/75281.html. Accessed on: May 02, 2019.

Н.П. Кухарська, та А.Е. Лагун, “Інформаційна безпека процесу управління безперервністю бізнесу”, на наук.-практ. конф. Актуальні проблеми управління інформаційною безпекою держави, Київ, 2015, с. 440-443.

А.В. Дорофеев, и А.С. Марков, “Планирование обеспечения непрерывности бизнеса и восстановления”, Вопросы кибербезопасности, № 3 (11), с. 68-73, 2015. [Электронный ресурс]. Доступно: https://cyberrus.com/wp-content/uploads/2015/09/vkb_11_9.pdf. Дата обращения: Май 02, 2019.

How to Cite

Kukharska, N., & Polotai, O. (2019). Information security aspects of business continuity management. Collection "Information Technology and Security", 7(2), 126–136. https://doi.org/10.20535/2411-1031.2019.7.2.190555

Issue

Section

INFORMATION SECURITY