Abstract
The chapter presents the OSCAD tool supporting the business continuity (according to BS 25999) and information security management (according to ISO/IEC 27001) processes in organizations. First, the subject of the validation, i.e. the OSCAD software is presented, next the goal and range of the validation are briefly described. The validation is focused on the key management process related to risk analyses. A business-oriented, two-stage risk analysis method implemented in the tool assumes a business processes criticality assessment at the first stage and detailed analysis of threats and vulnerabilities for most critical processes at the second stage of the risk analysis. The main objective of the validation is to answer how to integrate those two management systems in the most efficient way.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
BS 25999-1:2006 Business Continuity Management – Code of Practice
BS 25999-2:2007 Business Continuity Management – Specification for Business Continuity Management
ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements
ISO/IEC 27002:2005 – Information technology - Security techniques - Code of practice for information security management (formerly ISO/IEC 17799)
Institute EMAG (2010-2011) Reports of a specific-targeted project “Computer-supported business continuity management system – OSCAD”
LDRPS, http://www.availability.sungard.com (accessed January 05, 2012)
ErLogix, http://www.erlogix.com/disaster_recovery_plan_example.asp (accessed January 05, 2012)
Resilient Business Software Toolkit ROBUST, https://robust.riscauthority.co.uk (accessed January 05, 2012)
RPX Recovery planner, http://www.recoveryplanner.com (accessed January 05, 2012)
Cobra, http://www.riskworld.net (accessed January 09, 2012)
Cora, http://www.ist-usa.com (accessed January 09, 2012)
Coras, http://coras.sourceforge.net (accessed January 09, 2012)
Ebios, http://www.ssi.gouv.fr (accessed January 09, 2012)
Ezrisk, http://www.25999continuity.com/ezrisk.htm (accessed January 09, 2012)
Mehari, http://www.clusif.asso.fr (accessed January 09, 2012)
Risicare, http://www.risicare.fr (accessed January 09, 2012)
Octave, http://www.sei.cmu.edu (accessed January 09, 2012)
Lancelot, http://www.wck-grc.com (accessed January 09, 2012)
Bialas, A.: Security Trade-off – Ontological Approach. In: Akbar Hussain, D.M. (ed.) Advances in Computer Science and IT, pp. 39–64. In-Tech, Vienna – Austria (2009) ISBN 978-953-7619-51-0, http://sciyo.com/articles/show/title/security-trade-off-ontological-approach?PHPSESSID=kkl5c72nt1g3qc4t98de5shhc2 (accessed January 10, 2012)
ValueSec Project, http://www.valuesec.eu (accessed January 10, 2012)
Białas, A.: Development of an Integrated, Risk-Based Platform for Information and E-Services Security. In: Górski, J. (ed.) SAFECOMP 2006. LNCS, vol. 4166, pp. 316–329. Springer, Heidelberg (2006)
BS PAS 99:2006 Specification of common management system requirements as a framework for integration
Białas, A.: Integrated system for business continuity and information security management – summary of the project results oriented towards of the construction of system models. In: Mechanizacja i Automatyzacja Górnictwa, vol. 11(489), pp. 18–38. Instytut Technik Innowacyjnych “EMAG”, Katowice (2011)
Bialas, A.: Computer Support in Business Continuity and Information Security Management. In: Kapczyński, A., Tkacz, E., Rostanski, M. (eds.) Internet - Technical Developments and Applications 2. AISC, vol. 118, pp. 161–176. Springer, Heidelberg (2012)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-30 (July 2002)
Białas, A., Lisek, K.: Integrated, business-oriented, two-stage risk analysis. Journal of Information Assurance and Security 2(3) (September 2007) ISSN 1554-10
Bagiński, J., Rostański, M.: The modeling of Business Impact Analysis for the loss of integrity, confidentiality and availability in business processes and data. Theoretical and Applied Informatics 23(1), 73–82 (2011) ISSN 1896-5334
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Baginski, J., Białas, A. (2013). Validation of the Software Supporting Information Security and Business Continuity Management Processes. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Complex Systems and Dependability. Advances in Intelligent and Soft Computing, vol 170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30662-4_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-30662-4_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30661-7
Online ISBN: 978-3-642-30662-4
eBook Packages: EngineeringEngineering (R0)