Dyson College of Arts and Sciences
Issue link: http://dysoncollege.uberflip.com/i/128987
Seidenberg School of Computer Sciences and Information Systems Business Continuity Management: An Informal Framework for Planning Dr. Bel G. Raggad, Co-director, Seidenberg CyberSecurity Institute Dr. Constance A. Knapp, Co-director, Seidenberg CyberSecurity Institute, Pace University, Pleasantville, NY Abstract There have been several business continuity guides and national standards that have not been officially internationalized. The final version of the ISO standard for business continuity remains still unconfirmed. While we are still awaiting the ISO 22301 we propose an informal framework for managing business activity based merely on previous local standards like PAS 56 and BS 25999. This framework does not adopt the specification requirements proposed in Part II of the ISO 22301 but embraces some of the definitional delineations followed in those guides. This article however adopts some of the activities defined in the business continuity methodology described with greater detail. (Continuity Forum; Credit Research Foundation; Resilience, 2011). Keywords: Business continuity, disaster recovery, business continuity plan, PAS 56, BS 23999, ISO 22301, Business Impact Analysis Introduction We can see disasters taking place all over the world causing human loss and causing businesses to disappear without the possibility of recovery (Software Engineering Institute, 2012; Computer Security Institute, 2007; Computer Security Institute, 2007; Whiteneck). While the availability of standards and regulations for security planning and auditing have been very useful in protecting our computing environments, we find ourselves helpless when it comes to the planning of business continuity and disaster recovery. Particularly, the ISO (International Organization for Standardization) 27000 family and NIST (National Institute of Science and Technology) 800 series have been very valuable in achieving our security objectives. Unfortunately, when it comes to business continuity and disaster recovery, we remain vulnerable to all sorts of natural and/or manmade catastrophes and undesired incidents (ASIS International, 2012). At Pace University's Summit on Resilience conference on January 11, 2012, we spent a day where every minute was a "real-world" learning minute. Speakers had seen it all and saved lives and businesses in live situations. They presented and specified real situation-driven methods very rich in knowledge and actionable information support. What can theories add to what those first-line defenders and front officers accumulated and parsed out to make what has become for them instinctual practices? This paper will add the literature presenting valuable international standards that can be studied and recommended for organizations and for their IT and business experts to adopt in planning, developing, implementing, and evaluating their business continuity management systems. 55