Business continuity planning methodology

– The purpose of this paper is to present a multi‐usable business continuity planning methodology. It comprises business continuity planning on the organizational and departmental levels., – The methodology has been developed, tested and confirmed in three comprehensive cases. Senior management, IT managers and employees in the three case organizations have participated in this action research effort during the development, implementation or training on business continuity plans and planning., – The methodology has been tested and confirmed, and is suitable for explaining business continuity planning to senior managements and employees in both public and private sector organizations., – The methodology description can be used for explaining the issues to senior managements and forms the foundation for a business continuity plan, which is part of an organization's IT‐ and information security program. It may also be used to explain business continuity planning to other staff in an organization. The methodology can also be used to model business continuity planning, as a basis for training planning, and as support in different training contexts to achieve individual and organizational learning on business continuity plans and activities., – The methodology of using a staircase or capability maturity model is a commonly used concept and can be adapted to any organization.

[1]  Jim Goldman,et al.  Metrics based security assessment (MBSA): combining the ISO 17799 standard with the systems security engineering capability maturity model (SSE-CMM) , 2004 .

[2]  Robert D. Gilbreath PLANNING FOR THE UNEXPECTED , 1987 .

[3]  W. Roberts Business Continuity Planning for Disasters is Just Good Planning , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[4]  Mikko T. Siponen,et al.  Information security management standards: Problems and solutions , 2009, Inf. Manag..

[5]  Michael R. Grimaila Maximizing business information security's educational value , 2004, IEEE Security & Privacy Magazine.

[6]  Christopher W. Johnson,et al.  What are emergent properties and how do they affect the engineering of complex systems? , 2006, Reliab. Eng. Syst. Saf..

[7]  John Lindström,et al.  A MODEL FOR EXPLAINING STRATEGIC IT- AND INFORMATION SECURITY TO SENIOR MANAGEMENT , 2009 .

[8]  Malcolm W. Warren Training for Results; a Systems Approach to the Development of Human Resources in Industry , 1969 .

[9]  Nancy G. Leveson,et al.  An Approach to Design for Safety in Complex Systems , 2004 .

[10]  Timothy Grance,et al.  Contingency Planning Guide For Information Technology Systems: Recommendations Of The National Institute Of Standards And Technology , 2004 .

[11]  W. Lam Ensuring business continuity , 2002 .

[12]  Irwin L. Goldstein,et al.  Training in organizations: Needs assessment, development, and evaluation , 1986 .

[13]  Edward Toomer,et al.  Qualitative Methods in Management Research , 1989 .

[14]  M. Bazerman Judgement in Managerial Decision Making , 2003 .

[15]  P. Senge The Fifth Discipline Fieldbook: Strategies and Tools for Building a Learning Organization , 2014 .

[16]  Ann Hägerfors,et al.  Computer supported business games , 2004 .

[17]  H. Bradbury,et al.  Handbook of action research : participative inquiry and practice , 2001 .

[18]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[19]  Denis D. Smith For Whom the Bell Tolls: Imagining Accidents and the Development of Crisis Simulation in Organizations , 2004 .

[20]  Qingxiong Ma,et al.  ISO 17799: "Best Practices" in Information Security Management? , 2005, Commun. Assoc. Inf. Syst..

[21]  David F. Anderson A Proactive Model for Training Needs Analysis (Действенная модель для анализа потребностей в тренинге) , 1994 .

[22]  P. Fallara Disaster recovery planning , 2004 .

[23]  Bruce C. Lierman,et al.  How to Develop a Training Simulation. , 1994 .

[25]  Nancy G. Leveson,et al.  Incorporating Safety Risk in Early System Architecture Trade Studies , 2009 .

[26]  Juha Röning,et al.  Senior Executives Commitment to Information Security - from Motivation to Responsibility , 2006, 2006 International Conference on Computational Intelligence and Security.

[27]  Remko Helms,et al.  An integral IT continuity framework for undisrupted business operations , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[28]  Timothy T. Baldwin,et al.  TRANSFER OF TRAINING: A REVIEW AND DIRECTIONS FOR FUTURE RESEARCH , 1988 .