Advertisement

Validation of the Software Supporting Information Security and Business Continuity Management Processes

  • Jacek Baginski
  • Andrzej Białas
Conference paper
Part of the Advances in Intelligent and Soft Computing book series (AINSC, volume 170)

Abstract

The chapter presents the OSCAD tool supporting the business continuity (according to BS 25999) and information security management (according to ISO/IEC 27001) processes in organizations. First, the subject of the validation, i.e. the OSCAD software is presented, next the goal and range of the validation are briefly described. The validation is focused on the key management process related to risk analyses. A business-oriented, two-stage risk analysis method implemented in the tool assumes a business processes criticality assessment at the first stage and detailed analysis of threats and vulnerabilities for most critical processes at the second stage of the risk analysis. The main objective of the validation is to answer how to integrate those two management systems in the most efficient way.

Keywords

Risk Analysis Business Process Information Security Security Measure Loss Level 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    BS 25999-1:2006 Business Continuity Management – Code of PracticeGoogle Scholar
  2. 2.
    BS 25999-2:2007 Business Continuity Management – Specification for Business Continuity ManagementGoogle Scholar
  3. 3.
    ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – RequirementsGoogle Scholar
  4. 4.
    ISO/IEC 27002:2005 – Information technology - Security techniques - Code of practice for information security management (formerly ISO/IEC 17799) Google Scholar
  5. 5.
    Institute EMAG (2010-2011) Reports of a specific-targeted project “Computer-supported business continuity management system – OSCAD”Google Scholar
  6. 6.
    LDRPS, http://www.availability.sungard.com (accessed January 05, 2012)
  7. 7.
  8. 8.
    Resilient Business Software Toolkit ROBUST, https://robust.riscauthority.co.uk (accessed January 05, 2012)
  9. 9.
    RPX Recovery planner, http://www.recoveryplanner.com (accessed January 05, 2012)
  10. 10.
    Cobra, http://www.riskworld.net (accessed January 09, 2012)
  11. 11.
    Cora, http://www.ist-usa.com (accessed January 09, 2012)
  12. 12.
    Coras, http://coras.sourceforge.net (accessed January 09, 2012)
  13. 13.
    Ebios, http://www.ssi.gouv.fr (accessed January 09, 2012)
  14. 14.
    Ezrisk, http://www.25999continuity.com/ezrisk.htm (accessed January 09, 2012)
  15. 15.
    Mehari, http://www.clusif.asso.fr (accessed January 09, 2012)
  16. 16.
    Risicare, http://www.risicare.fr (accessed January 09, 2012)
  17. 17.
    Octave, http://www.sei.cmu.edu (accessed January 09, 2012)
  18. 18.
    Lancelot, http://www.wck-grc.com (accessed January 09, 2012)
  19. 19.
    Bialas, A.: Security Trade-off – Ontological Approach. In: Akbar Hussain, D.M. (ed.) Advances in Computer Science and IT, pp. 39–64. In-Tech, Vienna – Austria (2009) ISBN 978-953-7619-51-0, http://sciyo.com/articles/show/title/security-trade-off-ontological-approach?PHPSESSID=kkl5c72nt1g3qc4t98de5shhc2 (accessed January 10, 2012) Google Scholar
  20. 20.
    ValueSec Project, http://www.valuesec.eu (accessed January 10, 2012)
  21. 21.
    Białas, A.: Development of an Integrated, Risk-Based Platform for Information and E-Services Security. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 316–329. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    BS PAS 99:2006 Specification of common management system requirements as a framework for integrationGoogle Scholar
  23. 23.
    Białas, A.: Integrated system for business continuity and information security management – summary of the project results oriented towards of the construction of system models. In: Mechanizacja i Automatyzacja Górnictwa, vol. 11(489), pp. 18–38. Instytut Technik Innowacyjnych “EMAG”, Katowice (2011)Google Scholar
  24. 24.
    Bialas, A.: Computer Support in Business Continuity and Information Security Management. In: Kapczyński, A., Tkacz, E., Rostanski, M. (eds.) Internet - Technical Developments and Applications 2. AISC, vol. 118, pp. 161–176. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  25. 25.
    Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-30 (July 2002)Google Scholar
  26. 26.
    Białas, A., Lisek, K.: Integrated, business-oriented, two-stage risk analysis. Journal of Information Assurance and Security 2(3) (September 2007) ISSN 1554-10 Google Scholar
  27. 27.
    Bagiński, J., Rostański, M.: The modeling of Business Impact Analysis for the loss of integrity, confidentiality and availability in business processes and data. Theoretical and Applied Informatics 23(1), 73–82 (2011) ISSN 1896-5334CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Institute of Innovative Technologies EMAGKatowicePoland

Personalised recommendations