Toward a target and coupling function of three different Information Security Management Systems
Concurrency and Computation: Practice & Experience
| Hi-index | 0.00 |
In this paper, a new model is presented for evaluating the performance of a Business Continuity Management System according to BS 25999. This model is able to calculate the survivability \emph{ex-ante}if the key performance indicator for the effectiveness exists. Performance is based fundamentally on the system's Business Continuity Plans and Disaster Recovery Plans. Typically, the performance of these plans is evaluated by a number of specific exercises at various intervals and, in many cases, with a variety of targets. Furthermore, these specific exercises are rerun after a longer period ($\ge $ a year) and then often only partially. If a company is interested in taking performance measurements over a shorter period, obstacles and financial restrictions are often encountered. Furthermore, it is difficult for companies to give an \emph{ex-ante} statement of their survival in the case of a disaster.Two key performance indicators are presented that allow the performance of a Business Continuity Management System to be evaluated according to BS 25999.Using these key performance indicators, the probability of survival can be estimated before extreme events occur.