Information Security

on behalf of

Business Continuity

Prepared by;

Ziya Gokalp
Information Security & Network Consultant
 Ziya Gokalp, Information Security & Network Consultant 2010

“Information Security’’ on behalf of “Business Continuity”

Financial loss that can be occured by becoming inactive or Stopping of

operational actions in extraordinary or not extraordinary cases that are necessary
with the present supervision and control mechanisms, have become startling for
each management.

Stopping the systems of a firm that are in service as a GSM operator;

brings about a million dollar transaction loss financially and also the financial
loss of customer that can be occured by shaking the confidence of them. The
financial loss by stopping of the actions of an organization that is
producing….the transaction loss that will occur by stopping/non-working of an
application of internet banking of a bank that is active in finance sector,
financial lump sum and the consequences that will be faced with customer
displeasure….I can suggest as example, Stopping of the actions in public
institutes, the planlessness in 9/11 and business continuity matters in U.S.A and
the consequences that occur by non-operating action plans.

At this point, the extraordinary status action plans that are being discussed
for long time and business continuity management, are seen as the most
important piece of management strategies of managements and nations.

Business continuity management; beyond the back up of critical systems;

is aiming to resolve the negative results by analyzing the risks that can occur by
stopping of all the functions from human resources to purchase-buy, from
services to operational actions, from production to finance.

When viewed from this aspect, It can only be possible with providing
continuity of business, determining all the risk factors and threat risks and
developing the policy and procedures that can take measure against them. The
business continuity is a process non-ending and should always be developed,
revised and supervised as in Information Security.

Different scenarios, different working status, assessment of different

elements and raise realistically, maintaining policies, testing of these policies,
and supervising them make investments meaningful.

Strategy and planning, define which organization will be divided into

units by the aim of analyzing and planning before starting analyze. Finance
companies supervise and assess the operational actions of call centre and
reporting by addressing them as different business branches. In the firms that are
 Ziya Gokalp, Information Security & Network Consultant 2010

producing each production facility or production band including production

differences should be viewed, assessed and planned from this aspect.

In the direction of the examples that i have stated above, to propose the
risk elements and the results that can be occured with these elements, and taking
measure against them, can be possible with the team-work of eah department
and assessing the managements on the level of managing in the name of the
success of process. The business continuity; concerns each level of organiztions
from employee to top management. It is inevitable to raise awareness in
employees and include them in the process.

BS 25999 The Business Continuity Management System developed by British

Standarts Institiuions (BSI); are co-ordinating application rules and
specifications under two main level.

First is; Developing Business Continuity Management System,

The other is; to apply and manage The Business Continuity Management
System. BS 25999, state essential actions in order to apply the standarts
including each main level.

Accordingly, in order to develeop Business Continuity Management System;

To set forth the programme requirements, measuring the proficiency of

the external business associates and suppliers, assigning the responsiblities of
employees, defining essential actions and composing time-tables by establishing
business continuity, With the supplying action of resources; defining the
resource needs in order to manage Business Continuity Management System by
application tools and human resource,budget, With training and competence;
raising awareness and and increase of competence in the whole of organization
and personnal training within the process, With the documentation; actions in
the process should be supplied to record.

At the level of Applying and managing The Business Continuity

Management System;

With business effect analyze; defining the effects of failures in critical

institute actions, With risk assessment; analyzing the threat elements against
critical action, With risk decreasing options; moderate the risks, with business
continuity options; during the stop of actions, revoking/raising, With reaction
actions; reciprocating to business interceptions and define the process with the
aim of managing the actions, With practice; simulation of reacting to crisis cases
and observing them, With plan revising; revision of plans and observing them,
 Ziya Gokalp, Information Security & Network Consultant 2010

With the title of updating and revising; controlling the efficiency of process and
whether it has reached its target or not, should be provided.

Management of Business Contuniuity; Should be managed by right people

as management function of institute and institutions. In this context, it is
inevitable for organizations to have Business Continuity comittee. To fullfil
what management require, to be able to generate policy and procedures, to
determine the risks and to be able to propose risk levels, to manage the process,
to understand all the factors and design them and can be possible with
management comittee and teams depended on this comittee. A comittee that will
consist of CIO ( Chief Information Officer), COO (Chief Operation Officer),
CFO (Chief Finance Officer), CSO (Chief Security Office) and the teams
depended on this comittee, will display the sensitivity of senior management,
beyond working together, in the meaning of updating and controlling the process
and be implemented.

In recent years, by activating the business continuity management by

discussing it more seriously, it has brought forward that the person to be
employed and to be preferred to employ who has more knowledgeable about the
subject. The best example can be given to that are; courses and summer camp
facilities that institutions present in some countries with Master o Science
programmes that are opened about Business Continuity and Management.

The American Institute for Business Continuity, In pursuit of 9/11 has

started to arrange summer camps.

BCI (The Business Continuity Institute), with giving training about this, BCI is
arranging certification programmes for those who would like to work or have
been working about this subject.

BCI has 4000 members in countries more than 85.

BSI (British Standards Institution), has developed BS 25999 standarts,

and give consultancy service to institute and institutions about business
continuity management and standart, and for Professionals, about the ‘’ Business
Management’’ ; Awareness, Application Internal Inspector, Inspector, and Head
Inspector courses are arranged.

In U.S.A Boston University, with the title of “Master of Science in

Management- Specialization in Business Continuity and Emergency
Management” presents a masters degree programme.
 Ziya Gokalp, Information Security & Network Consultant 2010

Similarly one of academic programme is applied with; Norwich University,

“Master of Science in Business Continuity Management” title.

If ‘’Information Security’’ is very important and strategical for institute

and institutions, similarly ‘’ Business Continuity Management’’ is inavitable on
behalf of maintaining all organization’s existence. In this context, i can Express
that ‘’Information Security’’ is inevitable on behalf of continuity of business.

Ziya Gokalp, SSCP, CEH, CEA