Guest user Created: Mar 22, 2017 Last commented: Mar 22, 2017

Performing BIA and protecting privacy

Our xxxxx has been hiring a consultant every two years to assist them in 'updating' our BIA. Our xxxxx department is using the xxxxx tool and our CIO reviews our Cyber Security self assessment and then there's me who is putting the finishing touches on our xxxxx tool. It is time to update our BIA and looking at a DIY tool to use going forward. Our CIO is interested in a consultant or firm to assist in mapping GLBA and Cyber Security to move toward certification. Looking to find a place to start and build a roadmap.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 22, 2017

Answer: Considering your need for a DIY tool for BIA, I recommend you to take a look at these articles:
- How to implement business impact analysis (BIA) according to ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-implement-business-impact-analysis-bia-according-to-iso-22301/
- Five Tips for Successful Business Impact Analysis https://advisera.com/27001academy/blog/2010/06/10/five-tips-for-successful-business-impact-analysis/

I also recommend you to take a look at the free demo of our ISO 22301 Business Impact A nalysis Toolkit at this link https://advisera.com/27001academy/iso22301-business-impact-analysis-documentation-toolkit/ (you only have to scroll down the screen a little to find the free demo tab)

In this toolkit you have templates for Business Impact Analysis Methodology, and Business Impact Analysis Questionnaire, which can help you perform a business impact analysis according ISO 22301, the ISO standard for business continuity.

With this toolkit you also have access to business impact analysis video tutorials that will help you fill the documents and perform the BIA.

Regarding mapping GLBA and Cyber Security, unfortunately we do not cover this specific issue. We are focused in ISO standards, but since main concern of GLBA is protection of private information of individuals, by implementing an ISMS based on ISO 27001, and complemented by ISO 27018, we can ensure you will have a pretty strong base to develop your security controls.

This article will provide you further explanation about ISO 27001 and ISO 27018:
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
- What is an Information Security Management System (ISMS) according to ISO 27001? https://advisera.com/27001academy/blog/2016/05/23/information-security-management-system-isms-according-iso-27001/

These materials will also help you regarding business impact analysis and ISMS implementation:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Implementing Business Impact Analysis according to ISO 22301 [free webinar] https://advisera.com/27001academy/webinar/implementing-business-impact-analysis-according-to-iso-22301-free-webinar/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 22, 2017

Expert Advice Community