Educause Security Discussion mailing list archives
Re: Business Continuity Plans for an Information Security Office
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Tue, 9 Jan 2007 17:59:32 -0700
I would bring to your attention a draft of a "Business Continuity Planning Model" available at www.CampusRelief.org. More resources on this topic are also available at http://www.educause.edu/Browse/645?PARENT_ID=142 We are in the process of adding more resources to this website so any further sharing of information in response to Jim's request would be most welcome. Finally, just a reminder that a new list on Business Continuity has been set up (http://www.educause.edu/12480) with over 300 subscribers in just a few weeks so it is likely to be a good source of information. Thanks, -Rodney -------------------------------------------------- Rodney J. Petersen, J.D. Government Relations Officer & Security Task Force Coordinator EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 (202) 872-4318 (FAX) EDUCAUSE/Internet2 Security Task Force www.educause.edu/security <http://www.educause.edu/security> -------------------------------------------------- ________________________________ From: James Moore [mailto:jhmiso () RIT EDU] Sent: Tuesday, January 09, 2007 5:44 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Business Continuity Plans for an Information Security Office I admit that my own business continuity plans were on my "to do" list for longer than I would like. Does anyone have or know of a template that I can start with for business continuity planning of the Information Security Office. The easy thing is to say that we have to do the same things that we always do, but differently. Risk Assessment - Only a subset of functionality will come back on line. Some will have been reviewed for risk, and others not. There will have to be some dynamic risk assessment. Communications - The natural thing to do is to relax security in the different environment so that as much functionality as possible can be achieved. Users find allies, etc. Communications will need to integrate with Business Continuity communications, but still will have a role to guide people to safe business resumption. Communications to executive leadership is also regular, but concentrates on service restoration. Budgets / Administrative - Need to continue, as resources are available. Strategic - May be for rebuilding. Or may shift to standards enforcement for existing standards. Investigations / Forensics - Needed for when things go wrong, and are noticed This is a high level. And what I wondered is if anyone had a detailed business continuity plan for their office/role. Thanks Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio
Current thread:
- Business Continuity Plans for an Information Security Office James Moore (Jan 09)
- <Possible follow-ups>
- Re: Business Continuity Plans for an Information Security Office Rodney Petersen (Jan 09)
- Re: Business Continuity Plans for an Information Security Office Brad Judy (Jan 10)
- Re: Business Continuity Plans for an Information Security Office James Moore (Jan 10)
- Re: Business Continuity Plans for an Information Security Office Lovaas,Steven R (Jan 10)
- Re: Business Continuity Plans for an Information Security Office Brad Judy (Jan 10)
- Re: Business Continuity Plans for an Information Security Office Jim Dillon (Jan 10)
- Re: Business Continuity Plans for an Information Security Office Lovaas,Steven R (Jan 10)