May 05 2025

Security and resilience. Business continuity management systems. Requirements

Category: BCP,Cyber resilience — disc7 @ 1:08 pm

1. Purpose and Scope:
The concept of business continuity in management systems focuses on preparing organizations to respond effectively to disruptions. Its primary goal is to ensure that essential business functions can continue during and after incidents such as cyberattacks, natural disasters, or system failures. Business continuity planning is an integral part of an organization’s broader risk management and security posture.

2. Integration with Management Systems:
Business continuity must be embedded into the overall management system, aligning with standards like ISO 22301. This integration ensures that continuity planning, implementation, and testing are not isolated activities but coordinated with information security, quality management, and operational strategies. It emphasizes a risk-based approach and continuous improvement.

3. Key Components:
A robust business continuity framework includes a business impact analysis (BIA), risk assessment, recovery strategies, and response plans. These elements help identify critical processes, assess vulnerabilities, and define acceptable downtime and recovery objectives. Regular training, awareness programs, and incident response drills support readiness and resilience.

4. Communication and Leadership Commitment:
Effective business continuity management depends on top-level commitment and clear communication channels. Leadership must allocate resources, define roles, and ensure all employees understand their responsibilities during a crisis. Internal and external communication strategies are also essential to maintain trust and manage stakeholder expectations.

5. Testing and Continuous Improvement:
To ensure resilience, organizations must regularly test and review their business continuity plans. Simulations, audits, and after-action reviews help identify gaps and improve preparedness. Lessons learned from real incidents or exercises should feed into an ongoing cycle of improvement, reinforcing the organization’s ability to adapt and recover quickly.

BS EN ISO 22301:2019+A1:2024 – TC

BS EN ISO 22301 is the international standard which specifies the requirements for a business continuity management system (BCMS). It helps you to identify potential threats to your business and build the capacity to deal with unforeseen events.

It enables an organization to have a more effective response and a quicker recovery, thereby reducing any impact on people, products and the organization’s bottom line.

**What are the benefits of BS EN ISO 22301 – Business continuity management systems?**

BS EN ISO 22301 empowers organizations to put in place a business continuity management system. By implementing its principles and guidelines in your organization, your business can benefit from:

Reduced frequency and impact of disruptions
Ability to return to “business as usual” as swiftly as possible
Cost savings on reducing the impact of disruptions
Confidence that your plans are robust and ensures you are resilient and well-placed to deal with change
Increased stakeholder confidence and trust
Lower insurance premiums

Cyber Resilience – Defence-in-depth principles

Becoming Resilient – The Definitive Guide to ISO 22301 Implementation: The Plain English, Step-by-Step Handbook for Business Continuity Practitioners

ISO 22301:2019 and business continuity management – Understand how to plan, implement and enhance a business continuity management system (BCMS)

ISO 22301 Free to read

Tags: BCMS, ISO 22301

Comments (1)

May 11 2022

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

Category: BCP — DISC @ 8:37 am

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline.

The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide.

DarkSide is an example of what’s known as RaaS, short for ransomware-as-a-service, where a small core team of criminals create the malware and handle any extortion payments from victims, but don’t perform the actual network attacks where the malware gets unleashed.

Teams of “affiliates” (field technicians, you might say), sign up to carry out the attacks, usually in return for the lion’s share of any blackmail money extracted from victims.

The core criminals lurk less visibly in the background, running what is effectively a franchise operation in which they typically pocket 30% (or so they say) of every payment, almost as though they looked to legitimate online services such as Apple’s iTunes or Google Play for a percentage that the market was familiar with.

The front-line attack teams typically:

Perform reconnaissance to find targets they think they can breach.
Break in to selected companies with vulnerabilities they know how to exploit.
Wrangle their way to administrative powers so they are level with the official sysadmins.
Map out the network to find every desktop and server system they can.
Locate and often neutralise existing backups.
Exfiltrate confidential corporate data for extra blackmail leverage.
Open up network backdoors so they can sneak back quickly if they’re spotted this time.
Gently probe existing malware defences looking for weak or unprotected spots.
Turn off or reduce security settings that are getting in their way.
Pick a particularly troublesome time of day or night…

…and then they automatically unleash the ransomware code they were supplied with by the core gang members, sometimes scrambling all (or almost all) computers on the network within just a few minutes.

What IT security teams can learn from the Colonial Pipeline ransomware attack

The Disaster Recovery Handbook: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets

Business Continuity Planning & Disaster Recovery (ISO 22301)

👇 Please Follow our LI page…

DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: BCP, Disaster Recovery Handbook, DR, ISO 22301

Comments (0)

Mar 31 2022

Every Day Should be World Backup Day

Category: BCP,Security Awareness — DISC @ 1:09 pm

World-Backup-Day-1 | Tips for Backing up your Data! GoldPhish | Cyber Security Awareness Download

Modern Data Protection: Ensuring Recoverability of All Modern Workloads

Tags: Backup Day, data archive, data protection, data storage

Comments (0)

Apr 20 2021

The cost of a cyber attack in 2021

Category: BCP,Cyber Attack — DISC @ 9:58 pm

The cost of a cyber attack in 2021

It’s been rough sailing for organisations in the past year or so. In addition to the ongoing challenges of COVID-19, there are the effects of Brexit, increasing public awareness of privacy rights and regulatory pressure to improve data protection practices.

And, of course, there is the threat of cyber attacks. According to a UK government survey, 39% of UK businesses came under attack in the first quarter of 2021, with many incidents causing significant damage.

The specific costs will depend on the sophistication of the attack and how well executed it was.

For example, a DDoS (distributed denial-of-service) attack could knock systems offline for a few hours, creating a frustrated workforce and unhappy customers – but otherwise the cost would be comparatively low.

By contrast, an attacker who infects an organisation’s systems with ransomware could cripple them for days or even weeks. The cost of recovery, not to mention the ransom payment (if the organisation pays up) could result in losses of several million pounds.

For an estimate of how much cyber security incidents cost, a Ponemon Institute study found that organisations spend $3.86 million (about £2.9 million) per incident.

However, it notes that organisations can cut this cost dramatically by addressing four key factors:

Incident detection

By implementing measures such as audit logs and forensics analysis, you will be able to spot breaches sooner and identify the full extent of the damage. The faster you do this, the less damage the attacker can cause.

Lost business

This relates to both the direct damage caused by the breach – such as system downtime preventing you from completing processes – as well as long-term damage, such as customer churn and reputational loss.

Organisations that are better equipped to continue operating while under attack will be able to reduce lost business.

Notification

This relates to the costs involved in disclosing incidents. For example, organisations may be required to contact affected data subjects, report the breach to their data protection authority and consult with outside experts.

Ex-post response

These are the costs associated with recompensing affected data subjects, as well as the legal ramifications of the incident. It includes credit monitoring services for victims, legal expenses, product discounts and regulatory fines.

Recognise, respond, recover

Navigating the cyber threat landscape has never been harder, but you will make life a lot easier by planning for disaster before it occurs.

The Cyber Security Breaches Survey 2021 found that directors and senior staff are placing a greater emphasis on data protection, but that doesn’t just mean preventing breaches. It also requires organizations to create processes to recognize, respond to and recover from incidents.

If the path to safety has been mapped out in advance, you can remain calm in the face of disaster and follow processes and policies that you have worked on and can trust.

If you’re looking for help creating that documentation, IT Governance can help steer you in the right direction. We offer a range of data protection and cyber security training, tools, software and consultancy services – all of which can be delivered remotely.

You may be particularly interested in our Business Continuity Pandemic Response Service, which is tailored to help you address cyber attacks and other disruptions while operating with a dispersed workforce.

Whether your workforce is cautious about returning to the office as lockdown ends or you’re offering staff the opportunity to work remotely on a permanent basis, we have you covered.

Tags: Business Continuity Pandemic Response Service

Comments (0)

Feb 17 2021

Black Start: Preparedness for Any Situation

Category: BCP,Information Security — DISC @ 11:45 pm

Black Start: Preparedness for Any Situation

In Stephen King’s 1994 made-for-TV movie “The Stand,” most of the human race is wiped out by a deadly virus. As a result, power stations are unmanned and Americans are left without electricity for months. That is, until a husband and wife team works engineering magic at a power plant, flipping the right switches to bring the entire grid back online.

Anyone familiar with the black start process knows that in real life, it doesn’t happen with quite so much Hollywood pizzazz. But black start is a remarkable process and the controls and instrumentation used during a black start must operate with the utmost precision and speed.

A black start unit is one that can start its own power without support from the grid in the event of a major system collapse or a system-wide blackout. In the U.S., every region within the North American Electric Reliability Corp. (NERC) has its own black start plan and procedures. Each region also designates certain plants as black start units. The controls used on a black start unit include a DC auxiliary support system, an ignition source, a gas turbine and a diesel generator.

Carlo Barrera, senior consulting engineer at PAL Turbine Services LLC, has overseen several conversions of gas turbines to have black start capabilities, including projects for Puget Sound Energy and Massachusetts Municipal Wholesale Electric Co. For the city of Gardner, Kan., PAL installed its own programmable logic controller for turbine control. At a later date, black start capability was incorporated and proved out using a load bank.

Barrera said the DC auxiliary support system is perhaps the most important part of the control system. The battery system must have enough capability to provide DC power for multiple start attempts in case the gas turbine fails to start or fire the first time. “The battery systems need to have the capability in reserve power for two or three firing attempts if a true blackout emergency happens, since gas turbines don’t always start on the first attempt in a blackout situation,” Barrera said.

When the loss of AC power in the grid is noticed on a black-start turbine, an undervoltage relay initiates the start of numerous DC motor-driven auxiliaries. Devices like the turbine lube oil pump, liquid fuel forwarding pump, atomizing air compressor, starting clutch, diesel starting motor and shaft turning ratchet all require DC power to operate. DC auxiliary support system suppliers include GE, Siemens and ABB.

Source: Black Start: Preparedness for Any Situation

Comments (0)

Apr 03 2020

Coronavirus Business Continuity Management Bundle

Category: BCP — DISC @ 4:00 pm

#Coronavirus Business Continuity Management (#BCM) Bundle

Ensure your organisation can survive in the face of disaster; learn how to create and implement an effective business continuity plan.

Webinar: Business Continuity Management: Impact Analysis and Risk Assessment
httpv://www.youtube.com/watch?v=awLn7yZDKXs

Subscribe to DISC InfoSec blog by Email

Tags: BCMS, Business continuity planning, business impact assessment, Pandemic assessment

Comments (0)

Aug 08 2017

Cyber Resilience Guidance Standards Kit

Category: BCP,cyber security,DRP — DISC @ 4:22 pm

The standards in the Cyber Resilience Guidance Standards Kit provide expert guidance on cyber security and business continuity. These standards will help you build on the guidance of the standards in the Cyber Resilience Core Standards Kit.

The standards included in this kit are:

PAS 555:2013:- This Publicly Available Specification (PAS) document from BSI details what good cyber security looks like.
ISO/IEC 27031:2011:- ISO/IEC 27031 outlines processes that will help you prevent, detect and manage IT incidents.
ISO/IEC 27032:2012:- Provides guidance on improving the state of cyber security.

Why should I buy this kit?

If you have purchased the standards in the Cyber Resilience Core Standards Kit and want to get more expert guidance on ensuring the continuity of your organization in case of a cyber security incident, the standards in this kit are key.

Cyber Security Standards & Books

Tags: Cyber Resilience

Comments (0)

Apr 27 2016

Why you should care about ISO 22301?

Category: BCP — DISC @ 9:48 pm

Business Continuity is the term now given to mean the strategies and planning by which an organization prepares to respond to catastrophic events such as fires, floods, cyber-attacks, or more common human errors and accidents

Business Continuity Management System (BCMS) puts such a program in the context of an ISO Management Systems, and ISO 22301:2012 sets a certifiable standard for a BCMS. It is the first and most recognized international standard for business continuity.

Several other standards, particularly BS 25999 have had wide international acceptance, however, they are now largely supplanted by ISO 22301.

The obvious benefits to an organization having a robust, mature business continuity program have been outlined in this Newsletter previously (April, 2015). They center on being able to respond to disruptions so an organization stays in business and meets its obligations and commitments to all stakeholders.

However, there are additional ways that an organization can benefit from adhering to a business continuity standard, particularly ISO 22301. These benefits can accrue from obtaining certification to the Standard, and also from formally aligning to the Standard without actual certification.

For more on additional benefits: So, why should you care about 22301?

Steps in ISO 22301 implementation are the following:
1. Obtain management support
2. Identify all applicable requirements
3. Develop top-level Business Continuity Policy and objectives
4. Write documents that support the management system
5. Perform risk assessment and treatment
6. Perform business impact analysis
7. Develop business continuity strategy
8. Write the business continuity plan(s)
9. Implement training and awareness programs
10. Maintain the documentation
11. Perform exercising and testing
12. Perform post-incident reviews
13. Communicate continuously with the interested parties
14. Measure and evaluate the BCMS
15. Perform internal audit
16. Implement all the necessary corrective and preventive actions, and
17. Perform the management review

Tags: BCMS, ISO 22301

Comments (0)

May 15 2014

Cyber Resilience Implementation Suite

Category: BCP,Information Security,ISO 27k — DISC @ 11:15 am

Cyber security is not enough – you need to become cyber resilient

The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Whether you know it or not, your organization is under cyber attack. Sooner or later, a hacker or cyber criminal will get through, so you need to ensure that you have the systems in place to resist such breaches and minimize the damage caused to your organization’s infrastructure, and reputation.

You need to develop a system that is cyber resilient – combining the best practice from the international cyber security and business continuity standards ISO22301 and ISO27001.

This specially-priced bundle of eBooks and documentation toolkits gives you all the tools you need to develop a cyber-resilient system that will both fend off cyber attacks, and minimize the damage of any that get through your cyber defenses.

The books in this suite will provide you with the knowledge to plan and start your project, identify your organization’s own requirements and help you to apply these international standards.

The document toolkits – created by experienced cyber security and business continuity professionals – provide you with all the document templates you’ll need to achieve compliance, whilst the supporting guidance will make sure you find the fastest route to completing your project.

Download your copy today

This suite includes:

Tags: business continuity, Computer security, Cyber Resilience, cyberwarfare, ISO/IEC 27001

Comments (0)

Mar 06 2014

Business Downtime and Disaster Recovery

Category: BCP,DRP — DISC @ 10:53 pm

Infographic: Business Downtime and Disaster Recovery

The Internet is the largest store of information ever created, and those who can harness its power stand to reap tremendous rewards. However, handling data is also a significant responsibility, and disasters can cause severe problems. Here are a few facts about downtime and how to recover from disasters.

Causes of Downtime

The most common cause of downtime is UPS battery failure, which is attributable to power failures. Many of these failures begin at the power plant, but some can be created by faulty wiring. Errors are a close second for causing downtime, and cyber attacks and equipment failure trail after them. Most causes of downtime are preventable through better security and better power management.

Effects of Downtime

Downtime has a clear effect on businesses that operate online. Customers cannot place orders when websites are down, and clients cannot rely on services hosted by offline servers. The long-term effects can be even more damaging. Customers may choose to make their purchases elsewhere, and clients may move to a different provider who promises better reliability.

How to Implement a Disaster Recovery Plan (DRP)

The most effective way to deal with disasters is to use servers provided by experts. One option is to purchase a hosted dedicated server that is rated to handle problems gracefully and effectively. Those who choose to host their own servers will want to ensure that data is kept safe through RAID arrays and periodic backups. It is important to ensure that backups are also stored in a remote location where they will not be destroyed by local disasters.

Businesses will also need to ensure that everyone knows what to do when disaster strikes. UPS batteries provide a limited amount of time to respond, but they are worthless if employees don’t know what to do. Automation can help, but there are certain tasks and decisions people will have to make.

Data is the lifeblood of online businesses, and high uptime ratings are essential for keeping customers and clients happy. However, many companies still fail to plan for disasters effectively, and many have been bitten by small mistakes that led to disastrous results. Fortunately, there are a number of options available for handling disasters effectively and preventing greater harm.

Why achieve a Disaster Recovery and Business Continuity plan

Comments (0)

Feb 07 2014

Why achieve a Disaster Recovery and Business Continuity plan

Category: BCP,DRP — DISC @ 1:34 pm

What would you do if your systems were hacked or compromised by a virus? How would your IT systems cope in the event of flooding or an explosion?

What if your IT systems simply stopped working?

IT has brought many benefits to business. However, IT failures can seriously damage your ability to deliver products and services, harm your company’s reputation, and jeopardize your relationship with your customers. In short, poorly managed IT problems could threaten the survival of your business.

Create a Survival Plan

If you want to protect your business, you need to put in place a business continuity (BC) and disaster recovery (DR) plan to help your business survive. Disaster Recovery and Business Continuity, a quick guide for organizations and business managers shows you how to develop a plan that will:

•keep your information safe
•safeguard your company from viruses and phishing scams.
•store data safely, and prevent years of work from being lost by accident.
•ensure your communication links are secure, and keep you connected when disaster strikes
•bomb-proof your data
•protect your data in the event of fire or flood.

Read BCP/DRP practical guide and start building a business survival plan today

Comments (1)

Jan 15 2013

Management System Toolkits

Category: BCP,ISO 27k — DISC @ 11:19 am

For 10 years IT Governance has been helping businesses build robust cyber defences, deliver improved IT services and comply with international and regulatory standards.

ITG understand that information technology is at the heart of every modern organisation. That is why ITG source, create and deliver IT products and services that meet the real world needs of today’s organisations, managers and practitioners.

ITG toolkits help small and medium organizations quickly adapt best management practice in technology governance, risk management and compliance. You don’t have to take ITG word for it. Download the demo and see if it fits your organizational needs.

ITG offer free trials of all our best-selling toolkits. These toolkits contain all the documents, templates and tools to help organizations quickly and cost-effectively implement a management system or IT standard.

Take a free toolkit demo today

ISO22301 Business Continuity Management System Documentation Toolkit

ISO27001 Cyber Security ISMS Documentation Toolkit

ITSM, ITIL & ISO20000 Implementation Toolkit

ISO9001 Quality Management System Documentation Toolkit

Business Transformation Toolkit

Comments (0)

Dec 21 2012

How about considering a proper business continuity plan?

Category: BCP — DISC @ 12:34 pm

As the world didn’t end on Dec 21, 2012, how about considering a proper business continuity plan for 2013?

ISO22301:2012 (ISO22301) Business Continuity Management Systems (BCSMS) – Requirements is the international business continuity standard.

Launched in May 2012 it replaced British Standard BS25999-2 and set outs the requirements for a Buisiness Continuity Management System (BCMS). ISO22301 is based on the ‘Plan-Do-Check-Act’ model as found in other management system standards.

Order a copy of the new ISO22301 Standard today

Order a copy of the new ISO22301 Toolkit today

Business Continuity Planning books from Amazon

Business Continuity Planning books from eBay

“BCP is the creation and validation of a practiced logistical plan for how organization will recover and restore partially or completely interrupted critical functions within a predetermine time after a disaster or extended disruption”

The first step in business continuity process is to consider the potential impact of each disaster or disruption. Next step is to determine the likelihood of the disruption or how likely this disruption will occur within a year and how many times. Both impact and likelihood will determine the risk to the organization critical asset in a sense if impact of the disruption is high the risk is high or if likelihood of the incident is high the risk is high. High risk disruption will attract more attention during planning process.

Risk Analysis:
• Understand the function of probabilities and risk reduction
• Identify potential risks to the organization
• Identify outside expertise required
• Identify vulnerabilities / threats / exposures
• Identify risk reduction / mitigation alternatives
• Identify credible information sources
• Interface with management to determine acceptable risk levels
• Document and present findings

BCP Plan:
• Understand clear objectives, available alternatives, their advantages, disadvantages, and cost ranges, including mitigation as a recovery strategy
• Identify viable recovery strategies with business functional areas
• Consolidate strategies
• Identify off-site storage requirements and alternative facilities
• Develop business unit consensus
• Present strategies to management to obtain commitment

Assessing the Effectiveness of a BCP Plan for an Individual Business Unit:
Business unit contingency planning was never more important than now. The success of BCP planning depends upon the feasibility and appropriateness of the plan. However, only comprehensive TESTING of the contingency plans could validate that and everyone hates testing. It is important that the Contingency Plan clearly identify those responsible for declaring a disaster and executing the plan. ISO22301 is the specification for implementing, establishing, and improving a business continuity management system (BCMS) within an organization.

The requirements in the standard are generic and are intended to be applicable to all organizations, regardless of type, size and nature of business. The extent of application of these requirements depends on the organization’s operating environment and complexity. ISO22301 can be used by internal and external parties, including certification bodies, to assess an organization’s ability to meet its own business continuity needs, as well as any customer, legal or regulatory needs.

Comments (0)

Nov 06 2012

New Tools for IT and Security professionals

Category: BCP,Information Security — DISC @ 11:40 am

IT Governance continually striving to create, source and deliver products that can help IT and Information Security professionals in the real world. Check out their latest on Business Continuity, ITIL & ITSM and Information Security products below to help you in your current and future projects. This is a perfect time of the year to start adding some of these tools in your wish list and stay abreast in your area of expertise.

ISO22301 BCMS Implementation Toolkit
New release

ITIL Lite: A Road Map to Full or Partial ITIL Implementation – ITIL 2011 Edition
New release

ITIL Foundation Essentials: The exam facts you need
Published on 6th November

Resilient Thinking: Protecting Organisations in the 21st Century
Published on 8th November

ISO19770 SAM Process Guidance: A kick-start to your SAM programme
Published 13th November

How to build an asset inventory for 27001 (infosecblog.antonaylward.com)
Free calculator: Duration of ISO 27001/ISO 22301 implementation (net-security.org)
ISO 27001 Securing offices and facilities (deurainfosec.com)
Build resilience into your management system (deurainfosec.com)

Tags: Business, business continuity, Information Security, Information Technology, Information Technology Infrastructure Library, it service management, SAM, Software asset management

Comments (0)

Jul 11 2012

Comprehensive business continuity guide

Category: BCP — DISC @ 3:01 pm

IT Governance Publishing, the specialist publishing arm of IT Governance, has launched its latest book on business continuity and disaster recovery planning Everything you want to know about Business Continuity

The book focuses particularly on the new ISO/IEC 22301:2012 standard and provides practical guidance on how to implement best practice business continuity management within your organisation.

Everything you want to know about Business Continuity will show you how business continuity management can help your organisation to:

* Carry out realistic risk identification and assessment and focus on assets which need BCP

* Put in place a cost-effective, ‘fit-for-purpose’ business continuity plan to be more competitive

* Enjoy greater customer loyalty and return on investment

* Conform to the legal requirements in terms of accountability, compliance, risk awareness

* Return to ‘business as usual’ as quickly as possible after an unforeseen incident.

The author, Tony Drewitt, held a number of technical, commercial and senior management positions before becoming a full-time management consultant 10 years ago. He was one of the first consultants in the UK to achieve full certification under BS25999-2 and has been a practising business continuity consultant, trainer and technical expert since 2001.

Comments (0)

Jun 22 2010

Symantec: SMBs Change Security Approach with Growing Threats

Category: BCP,Malware — DISC @ 1:50 am

: Image via CrunchBase

By: Brian Prince

A survey of small to midsize businesses from 28 different countries by Symantec found that companies are focusing more on information protection and backup and recovery. Driving these changes is a fear of losing data.

Today’s small to midsize businesses (SMBs) are facing a growing threat from cyber-attacks, and are changing their behavior to keep up.

In a May poll of 2,152 executives and IT decision makers at companies with between 10 and 499 employees, Symantec found SMBs are now spending two-thirds of their time dealing with things related to information protection, such as computer security, backup and archival tasks, and disaster preparedness. Eighty-seven percent said they have a disaster preparedness plan, but just 23 percent rate it as “pretty good” or “excellent.”

Driving the push for these plans, as well as the interest in backup and recovery, is the fear of losing data. Some 42 percent reported having lost confidential or proprietary information in the past, and all of those reported experiencing revenue loss or increased costs as a result. Almost two-thirds of the respondents said they lost devices such as smartphones, laptops or iPads in the past 12 months, and all the participants reported having devices that lacked password protection and could not be remotely wiped if lost or stolen.

In the past, SMBs would settle for having antivirus technology, said Bernard Laroche, senior director of product marketing at Symantec. Now, however, they are starting to realize the threat landscape is changing, he said.

“If you look at endpoint usage … in most SMBs that’s the only place where the information resides because people were not backing up … so if somebody would lose a laptop at the airport or somebody steals the laptop in the back of car or something, then your information is obviously at risk and that can bring a lot of financial impact to small business,” he said.

The survey also found SMBs are spending an average of about $51,000 on information protection. The financial damage for those who suffer cyber-attacks can be significant. Cyber-attacks cost an average of $188,242 annually, according to the survey. Seventy-three percent said they were victims of cyber-attacks in the past year, and 30 percent of those attacks were deemed “somewhat/extremely successful.” All of the attack victims suffered losses, such as downtime, theft of customer or employee information, or credit card data, Symantec reported.

“The concept of, ‘I’ve got an antivirus solution, I’m fully protected,’ I think those days are gone,” Laroche said.

Detail information on Symantec SMBs Suites:

Symantec Endpoint Protection Small Business Edition 12.0

Symantec Protection Suite Small Business Edition 3.0

Tags: Backup, Business, Computer security, Credit card, Emergency Management, Small business, SMB, SMB suites, Symantec, Warfare and Conflict

Comments (0)

Feb 18 2009

Economic turmoil and BCP

Category: BCP,Information Security — DISC @ 6:42 pm

Due to economic insecurity all the warning signs are pointing that this year is going to top the record for information security and privacy incidents. Organizations may not be in a position to take business limiting risk and bypass security fundamental like Business Continuity Planning (BCP). During this economic uncertainty organizations have to pay more attention to liability, regulatory penalties and negative PR which might cause an irrecoverable damage to business in today’s market.

“BCP is the creation and validation of a practiced logistical plan for how organization will recover and restore partially or completely interrupted critical functions within a predetermine time after a disaster or extended disruption”

Assessing the Effectiveness of a BCP Plan for an Individual Business Unit:
Business unit contingency planning was never more important than now. The success of BCP planning depends upon the feasibility and appropriateness of the plan. However, only comprehensive TESTING of the contingency plans could validate that and everyone hates testing. It is important that the Contingency Plan clearly identify those responsible for declaring a disaster and executing the plan. BS 25999-2:2007 is the specification for implementing, establishing, and improving a business continuity management system (BCMS) within an organization.

The requirements in the standard are generic and are intended to be applicable to all organizations, regardless of type, size and nature of business. The extent of application of these requirements depends on the organization’s operating environment and complexity. BS 25999-2 can be used by internal and external parties, including certification bodies, to assess an organization’s ability to meet its own business continuity needs, as well as any customer, legal or regulatory needs.

Purchase BS25999-2:2007 online today and prove business resilience to customers and partners.

[TABLE=16]

BSI – What is Business Continuity Management?
httpv://www.youtube.com/watch?v=DkQsmSg1PFU&NR=1

Tags: Business, Business continuity planning, Business Services, Contingency plan, Emergency Management, Fire and Security, Information Security, Risk management

Comments (2)

DISC InfoSec blog

Security and resilience. Business continuity management systems. Requirements

**What are the benefits of BS EN ISO 22301 – Business continuity management systems?**

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

DISC InfoSec

Every Day Should be World Backup Day

The cost of a cyber attack in 2021

Recognise, respond, recover

Black Start: Preparedness for Any Situation

Coronavirus Business Continuity Management Bundle

#Coronavirus Business Continuity Management (#BCM) Bundle