BS 25999-2 implementation checklist
Dejan Kosutic
Your management has given you the task to implement business continuity, but you’re not really sure how to do it?...
Your management has given you the task to implement business continuity, but you’re not really sure how to do it? Although it is not an easy task, you can use the BS 25999-2 methodology to...
Disaster recovery vs. business continuity
Updated: December 15, 2023. Has it ever happened to you that your management has given you the responsibility to implement...
Updated: December 15, 2023. Has it ever happened to you that your management has given you the responsibility to implement business continuity just because you are in the IT department? Why is business continuity usually...
How to deal with BCM sceptics?
Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major...
Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major disaster occurs”? If you implemented business continuity management, you probably did. Naturally, such an attitude...
Problems with defining the scope in ISO 27001
You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know...
You probably knew that the first step in ISO 27001 implementation is defining the scope. What you probably didn’t know is that this step, although simple at first glance, can sometimes cause you quite a...
Five Tips for Successful Business Impact Analysis
You have probably wondered why you have to perform business impact analysis (BIA) once you already did the risk assessment....
You have probably wondered why you have to perform business impact analysis (BIA) once you already did the risk assessment. You identified all the risks, didn’t you? Spent quite a lot of time analyzing your...
Information security policy – how detailed should it be?
Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to...
Quite often I see information security policies written in too much detail, trying to cover everything from strategic objectives to how many numerical digits a password should contain. The only problem with such policies is...
