Planning information security continuity
Assign topic to the user
Are you able to please help me?
Answer: This control requires an organization to determine its requirements for information security and ensure the continuity of information security management during a crisis or disaster.
A good example is the access control to a datacenter. Datacenters are generally classified as sensitive in the risk assessment, due to the volume or sensitivity of the information they store/process, and organizations implement controls such as electronic locks to prevent unauthorized access (the requirement). When planning information security continuity, an organization should consider how to maintain access control in case of an event that may disable the electronic locks (e.g., a long power outage). For example, the organization can implement a lock that can be also manually used.
This artic le will provide you further explanation about planning information security continuity:
- Business Continuity Management vs. Information Security vs. IT Disaster Recovery https://advisera.com/27001academy/blog/2017/02/27/business-continuity-management-vs-information-security-vs-it-disaster-recovery/
These materials will also help you regarding planning information security continuity:
- Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Writing a business continuity plan according to ISO 22301 [free webinar on demand] https://advisera.com/27001academy/webinar/writing-a-business-continuity-plan-according-to-iso-22301-free-webinar-on-demand/
Comment as guest or Sign in
May 22, 2018