ENISA - Business and IT Continuity: Overview and Implementation Principles

Il 4 marzo 2008 la European Network and Information Security Agency (ENISA) ha pubblicato un rapporto dedicato ai temi dalla Continuità  del servizio da punto di vista IT: si tratta di "Business and IT Continuity: Overview and Implementation Principles" (pdf, 2.2 M, 179 pp) che sintetizza ed illustra i principali standard per la gestione di rischi dei processi aziendali critici.

Perchè la business continuity è importante?

"A fronte di eventi distruttivi" ha sottolineato Andrea Pirotti direttore esecutivo di ENISA "quali attacchi IT o perdita di dati le aziende devono esser in grado di continuare a garantire i prorpi servizi critici; il business continuity plan è un passo verso la corretta direzione e ciò rappresenta anche un beneficio economico perché elemento di valutazione positiva sia da parte delle compagnie assicuratrici sia da parte degli stakeholder."

FAQ sulla Business Continuity

ENISA ha anche predisposto un documento relativo alle domande più frequenti (frequently asked questions) sulla Business e IT Service Continuity (pdf, 31 K, 3 pp)

Indice documento

Contents
1 INTRODUCTION
2 SCOPE
3 ASSUMPTIONS
4 APPROACH
5 STRUCTURE AND TARGET GROUPS OF THIS DOCUMENT
6 BUSINESS CONTINUITY - INTERFACE WITH RELATED DISCIPLINES
7 THE BUSINESS CONTINUITY PROCESS
7.1 OVERVIEW OF THE BUSINESS CONTINUITY PROCESS
7.1.1 Define BCM Framework
7.1.2 Conduct Business Impact Analysis
7.1.3 Design BCM Approach
7.1.4 Deliver BCP
7.1.5 Test BCP
7.1.6 Sustain BCM Programme
7.2 RELATIONSHIP BETWEEN IT RISK MANAGEMENT AND BUSINESS CONTINUITY24
8 DEFINE BCM FRAMEWORK
8.1 INITIATE A BCM PROGRAMME
8.2 IDENTIFY THE ORGANISATION
8.3 ASSIGN BCM RESPONSIBILITIES
8.3.1 Business Continuity Management Team
8.3.2 Business Continuity Steering Committee
8.4 ASSIGN INCIDENT TEAMS
8.4.1 Senior Management Team (Gold Team)
8.4.2 Incident Management Team (Silver Team)
8.4.3 Business Unit Management Team (Bronze Team)
8.4.4 Incident Response Team
8.4.5 Example of how the three-tier incident response would operate
8.5 DEFINE BCM POLICY
8.5.1 Define Scope
8.5.2 Define BC Drivers
8.5.3 Define Stakeholders
9 CONDUCT BUSINESS IMPACT ANALYSIS
9.1 ASSESS RISKS AND IMPACTS
9.2 ANALYSE RESULTS
9.3 PRIORITISE RECOVERY/DEFINE CRITICAL RESOURCE REQUIREMENTS
10 DESIGN BCM APPROACH
10.1 DETERMINE RECOVERY OPTIONS
10.2 AGREEMENT ON RECOVERY STRATEGY
10.3 DESIGN BCP
10.3.1 Suite of Documents
11 DELIVER BCP
11.1 INCIDENT RESPONSE PLAN
11.2 INCIDENT MANAGEMENT PLAN
11.3 BUSINESS RECOVERY PLANS
11.4 RECOVERY SUPPORT PLANS
11.5 COMMUNICATIONS AND MEDIA PLAN
11.6 IT SERVICE CONTINUITY PLAN
11.7 BUSINESS RESUMPTION PLAN
11.8 SUPPORTING DOCUMENTS
11.8.1 IT Requirements & Gap Analysis
11.8.2 Risk Registers
12 TEST BCP
12.1 DETERMINE TYPE OF TEST
12.2 WRITE TEST PLAN
12.3 CONDUCT TEST
12.4 DELIVER DEBRIEF AND TEST REPORT
13 SUSTAIN BCM PROGRAMME
13.1 TRAIN STAFF
13.2 MAINTAIN AND REVIEW BCP
13.2.1 Change Management
13.2.2 Continuous Improvement
13.3 DEVELOP AWARENESS
14 BIBLIOGRAPHY
14.1 STANDARDS UNDER DEVELOPMENT
15 WEBSITES
APPENDIX A: BUSINESS CONTINUITY FOR SMES ESSENTIALS
A.1 INTRODUCTION
A.2 IMPLEMENTING BUSINESS CONTINUITY
A.3 BIBLIOGRAPHY
APPENDIX B: EXAMPLE OF BUSINESS CONTINUITY MANAGEMENT POLICY
B.1 INTRODUCTION
B.2 SCOPE
B.3 BCP DRIVERS
B.4 BCP OBJECTIVES
B.5 STAKEHOLDERS
B.6 ACTIVITIES
B.7 BCM OPERATIONAL FRAMEWORK
B.8 INVOCATION
B.9 GLOSSARY
B.10 BIBLIOGRAPHY
APPENDIX C: APPLICATION FORM FOR METHODS
C.1 PRODUCT IDENTITY CARD
C.2 SCOPE
C.3 USERS VIEWPOINT
APPENDIX D: APPLICATION FORM FOR TOOLS
D.1 IDENTITY CARD
D.2 SCOPE
D.3 USERS VIEWPOINT
D.4 GUIDANCE FOR BUSINESS CONTINUITY PLANNING TOOLS
APPENDIX E: PROCESS MAPS OF METHODS AND GOOD PRACTICES FROM AROUND THE WORLD
E.1 HB 292
E.2 HB 221
E.3 AUSTRALIAN PRUDENTIAL STANDARD APS 232
E.4 BS 25999-1
E.5 BCI GOOD PRACTICE GUIDELINES
E.6 PAS 77
E.7 NIST SP 800-34
E.8 FEMA 141
E.9 NFPA 1600
E.10 ITIL V3
E.11 COBIT V4
E.12 BSI 100-2
E.13 TR 19
APPENDIX F: GLOSSARY

Articoli collegati in questo sito

Link

Vota quest'articolo

 Ti è piaciuto l'articolo? Votalo su Oknotizie 

AG-Vocabolario: