Disaster recovery. A disaster recovery plan (DRP) is a documented process or set of procedures to recover and protect a business IT infrastructure in the event of a disaster.[1] Such plan, ordinarily documented in written form, specifies procedures an organization is to follow in the event of a disaster.
It is "a comprehensive statement of consistent actions to be taken before, during and after a disaster. "[2] The disaster could be natural, environmental or man-made. Business continuity planning. Business continuity planning life cycle Business continuity planning (BCP, also called business continuity and resiliency planning BCRP) identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity A business continuity plan is a roadmap for continuing operations under adverse conditions such as a storm or a crime.
In the US, governmental entities refer to the process as continuity of operations planning (COOP). Any event that could impact operations is included, such as supply chain interruption, loss of or damage to critical infrastructure (major machinery or computing/network resource). In December 2006, the British Standards Institution (BSI) released an independent standard for BCP — BS 25999-1. This document was superseded in November 2012 by the British standard BS ISO22301:2012. [4] Public-key infrastructure. Diagram of a public-key infrastructure A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.[1] In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA).
The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of CA. The binding is established through the registration and issuance process, which, depending on the assurance level of the binding, may be carried out by software at a CA or under human supervision. Overview[edit] Public-key cryptography is a cryptographic technique that enables users to securely communicate on an insecure public network, and reliably verify the identity of a user via digital signatures.[2] A PKI consists of:[4][6][7] Data loss prevention software. Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage).
In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry. The terms "data loss" and "data leak" are closely related and are often used interchangeably, though they are somewhat different.[1] Data loss incidents turn into data leak incidents in cases where media containing sensitive information is lost and subsequently acquired by unauthorized party. DLP Categories[edit] Standard security measures[edit] COBIT - IT Governance Framework - Information Assurance Control. COBIT 5 consolidates and integrates the COBIT 4.1, Val IT 2.0 and Risk IT frameworks and also draws significantly from the Business Model for Information Security (BMIS) and ITAF.
Learn More Successful organizations understand the benefits of information technology (IT) and use this knowledge to drive their shareholders' value. They recognize the critical dependence of many business processes on IT, the need to comply with increasing regulatory compliance demands and the benefits of managing risk effectively. COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT 4.1 Online Access COBIT 4.1 Online Questions? If you have questions about COBIT publications and ongoing research, please contact: National Institute of Standards and Technology. The National Institute of Standards and Technology (NIST), known between 1901 and 1988 as the National Bureau of Standards (NBS), is a measurement standards laboratory, also known as a National Metrological Institute (NMI), which is a non-regulatory agency of the United States Department of Commerce.
The institute's official mission is to:[1] Promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST had an operating budget for fiscal year 2007 (October 1, 2006-September 30, 2007) of about $843.3 million. NIST's 2009 budget was $992 million, and it also received $610 million as part of the American Recovery and Reinvestment Act.[2] NIST employs about 2,900 scientists, engineers, technicians, and support and administrative personnel. History[edit] Initial mandate[edit] ISO 27000 - ISO 27001 and ISO 27002 Standards.