Developing an Enterprise Continuity Program

The book discusses the activities involved in developing an Enterprise ContinuityProgram (ECP) that will cover both Business Continuity Management (BCM) as wellas Disaster Recovery Management (DRM). The creation of quantitative metrics for BCM are discussed as well as several models and methods that correspond to the goals and objectives of the International Standards Organization (ISO) Technical Committee ISO/TC 292"Security and resilience." Significantly, the book contains the results of not only qualitative, but also quantitative, measures of Cyber Resilience which for the first time regulates organizations' activities on protecting their critical information infrastructure. The book discusses the recommendations of the ISO 22301: 2019 standard "Security and resilience -- Business continuity management systems -- Requirements" for improving the BCM of organizations based on the well-known "Plan-Do-Check-Act" (PDCA) model. It also discusses the recommendations of the following ISO management systems standards that are widely used to support BCM. The ISO 9001 standard "Quality Management Systems"; ISO 14001 "Environmental Management Systems"; ISO 31000 "Risk Management", ISO/IEC 20000-1 "Information Technology - Service Management", ISO/IEC 27001 "Information Management security systems", ISO 28000 "Specification for security management systems for the supply chain", ASIS ORM.1-2017, NIST SP800-34, NFPA 1600: 2019, COBIT 2019, RESILIA, ITIL V4 and MOF 4.0, etc. The book expands on the best practices of the British Business Continuity Institute's Good Practice Guidelines (2018 Edition), along with guidance from the Disaster Recovery Institute's Professional Practices for Business Continuity Management (2017 Edition). Possible methods of conducting ECP projects in the field of BCM are considered in detail. Based on the practical experience of the author there are examples of Risk Assessment(RA) and Business Impact Analysis (BIA), examples of Business Continuity Plans(BCP) & Disaster Recovery Plans (DRP) and relevant BCP & DRP testingplans. This book will be useful to Chief Information Security Officers, internal and external Certified Information Systems Auditors, senior managers within companies who are responsible for ensuring business continuity and cyberstability, as well as teachers and students of MBA's, CIO and CSO programs.