Information security aspects of business continuity management
DOI:
https://doi.org/10.20535/2411-1031.2019.7.2.190555Keywords:
Information security, business continuity management, process approach, risk assessment, maximum tolerable period of disruption, recovery time objective, recovery point objective.Abstract
Most of modern enterprises use information infrastructure and corporate information systems to organize their businesses. Continuity of business processes, availability and integrity of data and the activity of the organization as a whole depend directly on the reliability and security of their functioning. The article deals with the issues of ensuring the sustainability of basic business processes and information security of organizations to the negative impacts of natural, man-made, economic, social nature emergencies, as well as the issue of recovery of business and the necessary level of continuity in information security during and after situations that hindered the regular functioning of the organization, taking into account the nature and extent of their impact. In the first case, the task of managing business continuity is preventing a risky event, developing and implementing preventative measures. In the second case, the task of managing business continuity is reducing the impact of negative consequences, that caused interruption of activity of organization, reducing the time it takes to replace assets, and reducing the costs related to the replacement. The evolution of approaches to ensure the continuity of the business is described. An overview of standards and other regulations, where best practices in building business continuity management systems are reflected, are done. In the context of the process model of management, the main stages of business continuity management, which consist in the sequential implementation of the closed cycle “Plan – Do – Check – Act”, namely: the processes of planning, implementation, maintenance, monitoring, analyzing and improving the performance of business continuity management system, are considered. Attention is drawn to the fact that organizations within this system must develop, document, implement and maintain security procedures and security measures to ensure the necessary level of information security continuity in the face of threats and destabilizing factors of various nature. Conclusions have been made regarding the benefits that organizations gained due to developed and implemented a business continuity management system that has measures for information security.
References
N.N. Taleb, The Black Swan: The Impact of the Highly Improbable. New York, USA: Random House Publishing Group, 2007.
The One Essential Guide to Disaster Recovery: How to Insure IT and Business Continuity. [Online]. Available: https://www.pax8.com/resource/display/1499. Accessed on: May 02, 2019.
DRP & BCP. Disaster Recovery and Business Continuity Plan. Exclusive research 2018 from IDC. [Online]. https://www.business-solutions.telefonica.com/media/2207/drp_bcp-white-paper-may18-web.pdf. Accessed on: May 02, 2019.
International Organization for Standardization. (2012, May 15). ISO 22301. Societal security. Business continuity management systems. Requirements. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:50038:en. Accessed on: May 02, 2019.
A. Hiles, The Definitive Handbook of Business Continuity Management. Chichester, England: John Wiley & Sons, 2011.
S. Snedaker, Business Continuity and Disaster Recovery for IT Professionals. Burlington, USA: Syngress Publishing, 2013.
J. Rittinghouse, and J. Ransome, Business Continuity and Disaster Recovery for InfoSec Managers. Oxford, USA: Elsevier, 2005.
M. Wieczorek, U. Naujoks, and B. Bartlett, Business Continuity: IT Risk Management for International. Berlin, Germany: Springer, 2002.
S. Akhtar, and S. Afsar, Business Continuity Planning Methodology. Mississauga, Canada: Sentryx, 2004.
Business Continuity Preparedness Handbook. AT&T Believes. 2016. [Online]. Available: https://www.attbelieves.com/ecms/dam/pages/disaster_relief/AT&T%20BCH.pdf. Accessed on: May 02, 2019.
С.А. Петренко, и А.В. Беляев, Управление непрерывностью бизнеса. Ваш бизнес будет продолжаться. Информационные технологии для инженеров. Москва, Российская Федерация: ДМК Пресс, 2018.
Kurt J. Engemann, The Routledge Companion to Risk, Crisis and Security in Business. New York, USA: Routledge, 2018.
Enhancing business continuity management to address changing business realities. New York, USA: IBM Corporation, 2017. [Online]. Available: https://www.ibm.com/downloads/ cas/ZGLEMLRR. Accessed on: May 02, 2019.
В.В. Якубовський, “Сучасні підходи та моделі в менеджменті безперервності бізнесу”, Актуальні проблеми міжнародних відносин, вип. 126, ч. ІІ, с. 91-100, 2015.
International Organization for Standardization. (2011, Dec. 15). ISO 22313. Societal security. Business continuity management systems. Guidance. [Online]. https://www.iso.org/standard/ 50050.html. Accessed on: May 02, 2019.
International Organization for Standardization. (2011, March 01). ISO/IEC 27031. Information Technology. Security Techniques. Guidelines for Information and Communication Technology Readiness for Business Continuity. [Online]. https://www.iso.org/obp/ui/#iso:std:iso-iec:27031:ed-1:v1:en. Accessed on: May 02, 2019.
Н.П. Кухарська, “IRBC – взаємозв’язок процесів управління інформаційною безпекою і безперервністю діяльності організацій”, на І Міжнар. наук.-техн. конф. Інформаційна безпека в сучасному суспільстві, Львів, 2014, с. 35-37.
International Organization for Standardization. (2013, Okt. 01). ISO/IEC 27001. Information technology. Security techniques. Information security management systems. Requirements. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en. Accessed on: May 02, 2019.
International Organization for Standardization. (2018, June 06). ISO/IEC 27005. Information technology. Security techniques. Information security risk management. [Online]. https://www.iso.org/ru/standard/75281.html. Accessed on: May 02, 2019.
Н.П. Кухарська, та А.Е. Лагун, “Інформаційна безпека процесу управління безперервністю бізнесу”, на наук.-практ. конф. Актуальні проблеми управління інформаційною безпекою держави, Київ, 2015, с. 440-443.
А.В. Дорофеев, и А.С. Марков, “Планирование обеспечения непрерывности бизнеса и восстановления”, Вопросы кибербезопасности, № 3 (11), с. 68-73, 2015. [Электронный ресурс]. Доступно: https://cyberrus.com/wp-content/uploads/2015/09/vkb_11_9.pdf. Дата обращения: Май 02, 2019.
Downloads
How to Cite
Issue
Section
License
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).