河南中医药大学：《信息安全网络与网络安全》课程教学资源（英文讲稿）第07章 安全管理与事件 Management and Incidents

Assuring Commitment to a Security Plan a plan that has no organizational commitment collects dust on a shelf Three groups of people must contribute to making the plan a success. The planning team must be sensitive to the needs of each group affected by the plan Those affected by the security recommendations must understand what the plan means for the way they will use the system and perform their business activities. In particular, they must see how what they do can affect other users and other systems Management must be committed to using and enforcing the security aspects of the system From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved

Assuring Commitment to a Security Plan • A plan that has no organizational commitment collects dust on a shelf • Three groups of people must contribute to making the plan a success: • The planning team must be sensitive to the needs of each group affected by the plan. • Those affected by the security recommendations must understand what the plan means for the way they will use the system and perform their business activities. In particular, they must see how what they do can affect other users and other systems. • Management must be committed to using and enforcing the security aspects of the system. 11 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved

12 Business Continuity Planning a business continuity plan documents how a business will continue to function during or after a computer security incident Addresses situations having two characteristics Catastrophic situations, in which all or a major part of a computing capability is suddenly unavailable Long duration, in which the outage is expected to last for so long that business will suffer From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved

Business Continuity Planning • A business continuity plan documents how a business will continue to function during or after a computer security incident • Addresses situations having two characteristics: • Catastrophic situations, in which all or a major part of a computing capability is suddenly unavailable • Long duration, in which the outage is expected to last for so long that business will suffer 12 From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved