Is your business prepared for network and information security threats? ENISA report on Business and IT Service Continuity provides global perspective on emerging and existing standards for mitigating security risks to critical processes
Building on its previous work in the area of risk management, the European Network and Information Security Agency (ENISA) issued a report today bringing together business and IT service continuity best practice, methods and tools to enhance organisations’ capability for dealing with network and information security (NIS) threats. Firms are provided a single point from which they can assess how to implement business continuity management within their organisations. This will enable them to identify potential NIS risks to critical business processes and the infrastructure needed to restore and keep them running. While the UK, USA, Canada, Australia, New Zealand and Singapore continue to be innovators in this field, ENISA found little information on current practices in Central Europe. The report therefore equips other countries with knowledge about best practice from around the world and encourages the take-up of state-of-the-art solutions.
Business continuity implies management processes and integrated plans which maintain the continuity of an organisation’s critical processes in the case of a disruptive event. There are a number of emerging, and overlapping, business continuity standards. ENISA’s report utilises the knowledge of these various methods and tools, represents them on an overview process diagramme and compares them to enable organisations to understand which approach and infrastructure best suits their needs. In an effort to overcome the lack of common language across the different standards, the Agency has also produced a glossary which cross references different terms with similar elements.
Why is business continuity important? Emphasising the ever-increasing reliance on ICT in critical business processes, the Agency explains the integral role business continuity plays in good management practice and corporate governance: "Disruptive incidents, such as malicious IT attacks or even a simple loss of critical data, call into question an organisation’s ability to continue to provide its key services. Business needs tools to mitigate risk and having an NIS business continuity plan is one step in the right direction." In addition to being better prepared in the event of a crisis, business continuity has financial benefits. For example, many insurance companies offer discounts to firms with risk assessment and management plans while investors are more attracted to companies able to curb NIS risks.