Does ISM3 provide for forward linkages to information risk management, business continuity/disaster recovery planning and forensics?
These are all different aspects of an IS management system at Level 5 of ISM3. Risk management is all about identifying threats and helping your ISMS evolve to reduce risk with the minimum cost. This is the TSP-12 process. Business continuity management is enshrined in OSP-15 and forensics in OSP-25. ISM3 links every ISMS process so you can check what outcomes are generated from each process being deployed as inputs for other processes. So, they are all linked, in a manner of speaking. What is the level of compliance that ISM3 supports in relation to regulations such as the Sarbanes-Oxley and Basel II? What ISM3 does do is to provide the foundation (Security in Context Model) for a business to use its working, compliance and technical needs and limitations for designing an ISMS around itself in an integrated manner. So all these aspects are not considered and managed separately. This is also an example of how the Security in Context Model is more useful than the erstwhile Confidentiali
Related Questions
- Does ISM3 provide for forward linkages to information risk management, business continuity/disaster recovery planning and forensics?
- What backup procedures and disaster recovery procedures and business continuity plans does ArcherMind have in place?
- What is the difference between the term Disaster Recovery and Business Continuity?
