USAGE OF STANDARDS IN INFORMATION SECURITY

1
USAGE OF STANDARDS IN INFORMATION SECURITY

• BUSINESS CONTINUITY MANAGEMENT
• BY
• PRABHA RAMANATHAN (CBCP, MBCS, MSCS)

2
BIODATA Prabha Ramanathan

• Managing Consultant, BKI Professional Services
  Sdn Bhd
• 9 years of BCP / DRP experience
• Certified Business Continuity Professional (5
  yr)
• Chairperson, BCM Framework Development Committee
• BCP exposure in the following sectors-
• Banking, Insurance, Stockbroking, Manufacturing,
  Telecommunication
• Undertaking Masters in Risk, Crisis Disaster
  Mgmt with University of Leicester, UK

3
What is BCM? PAS 562003

• holistic management process that identifies
  potential impacts that threaten an organisation
  and provides a framework for building resilience
  and the capability for an effective response that
  safeguards the interests of its key stakeholders,
  reputation, brand and value-creating activities

4
What is BCM? HB2212003

• provides the availability of processes and
  resource in order to ensure the continued
  achievement of critical objectives

5
PAS 56 Guide to BCM
BUSINESS CONTINUITY MANAGEMENT (BCM)
6
Who needs BCM?
Large Corporations
SMI /SME
Regulatory Bodies
Service Industries
Emergency Public Services
Government Agencies
EVERYONE
7
Why do they need it?

• Change in World Climate more natural disasters
• Change in the working environment faster pace
  , more competition, higher integration
• Technology driven advancements increased
  dependencies
• Growing unrest and unhealthy mental attitudes
  kiasu attitudes , quick easy money
• Changing Environment climate change, more
  natural phenomenon,
• Regulatory Requirements KLSE, BNM, SC,
  ISO14000, ISO17799, etc

8
ISO 17799 BCM Requirements
11.1 Aspects of business continuity
management Control objective To counteract
interruptions to business activities and to
protect critical business processes from the
effects of major failures or disasters.
9
ISO 17799 BCM Controls
11.1.1 Business continuity management
process There shall be a managed process in place
for developing and maintaining business
continuity throughout the organization. 11.1.2
Business continuity and impact analysis A
strategy plan, based on appropriate risk
assessment, shall be developed for the overall
approach to business continuity. 11.1.3 Writing
and implementing continuity plans Plans shall be
developed to maintain or restore business
operations in a timely manner following
interruption to, or failure of, critical business
processes. 11.1.4 Business continuity planning
framework A single framework of business
continuity plans shall be maintained to ensure
that all plans are consistent, and to identify
priorities for testing and maintenance. 11.1.5
Testing, maintaining and re-assessing business
continuity plans Business continuity plans shall
be tested regularly and maintained by regular
reviews to ensure that they are up to date and
effective.
10
Benefits of using Standard

• Common standard of practice
• Increase level of confidence
• Easy interface with other organisation
• Easier maintenance and upgrades
• Easier to monitor and control

11
THANK YOU

• Contact Details -
• Tel 012 3160609
• E-mail prabhar_at_bki.com.my

If you FAIL to PLAN then you should PLAN to FAIL