Information security in the function of business continuity management
Abstract
In the business environment, information as a means of understanding the world and communication, has taken on the role of a corporate resource that deserves at least as much attention as any other resource that any organization has. When talking about information as a corporate resource, it is indispensable to deal with the issue of its protection. Therefore, the attention of the academic and professional public is already largely occupied by the issue of information security, including the implementation of security and other information resources that act as support for the use of information. Information security is a function that must be continuous due to its importance. On the other hand, every organization is faced with the task of ensuring business continuity due to and after disruptions, regardless of the nature of those disruptions. In this regard, the paper starts from the assumption that one of the prerequisites for the business continuity is the (continuity) of information security. The author will try to present how information security contributes to business continuity management.
References
Buckland, M. K. (1991). Information as thing. Journal of the American Society for information science, 42(5), 351-360.
Capurro, R., & Hjørland, B. (2003). The concept of information. Annual Review of Information Science and Technology, 37, 343-411.
Castells, M. (2000а). The contours of the network society. Foresight, 2(2), 151-157.
Castells, M. (2000b). Toward a sociology of the network society. Contemporary sociology, 29(5), 693-699.
Castells, M. (2004). Informationalism, networks, and the network society: a theoretical blueprint. In The network society: A cross-cultural perspective (pp. 3-45). Cheltenham, Northampton: Edward Elgar.
Mandić, J. G., Jeftić, Z., & Mladenović, M. (2012). Corporate resources threatened by social engineering. In D. Čaleta (Ed.), Corporate security in dynamic global environment - challenges and risks (pp. 115-128). Ljubljana: Institute for Corporative Security Studies.
Мандић, Г., Путник, Н., и Милошевић, М. (2017). Заштита података и социјални инжењеринг-правни, организациони и безбедносни аспекти. Београд: Факултет безбедности.
Путник, Н. (2009). Сајбер простор и безбедносни изазови. Београд: Факултет безбедности.
Putnik, N. (2012). Krizni menadžment u funkciji zaštite informacionokomunikacionih sistema obrazovno-vaspitnih ustanova − Identifikacija pretnji i formulisanje plana za krizne situacije. U: B. Kordić, A. Kovačević i B. Banović (Ur.), Reagovanje na bezbednosne rizike u obrazovno-vaspitnim ustanovama (37-53). Beograd: Fakultet bezbednosti.
Стандарди
International Electrotechnical Commission [IEC]. (n.d.a). Electropedia. https://www.electropedia.org/iev/iev.nsf/display?openform&ievref=171-01-01.
International Electrotechnical Commission [IEC]. (n.d.b). Electropedia. https://www.electropedia.org/iev/iev.nsf/display?openform&ievref=871-04-16.
International Organization for Standardization [ISO]. (2011). Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity (ISO Standard No. ISO/IEЕ 27031:2011).
International Organization for Standardization [ISO]. (2013). Information technology — Security techniques — Code of practice for information security controls (ISO Standard No. ISO/IEЕ 27002:2013).
International Organization for Standardization [ISO]. (2018). Information technology — Security techniques — Information security management systems — Overview and vocabulary (ISO Standard No. ISO/IEC 27000:2018).
International Organization for Standardization [ISO]. (2019а). Security and resilience — Business continuity management systems — Requirements (ISO Standard No. 22301:2019).
International Organization for Standardization [ISO]. (2019b). Systems and software engineering — System of systems (SoS) considerations in life cycle stages of a system (ISO Standard No. ISO/IEC/IEEE 21839:2019).
International Organization for Standardization [ISO]. (2022a). Information security, cybersecurity and privacy protection — Information security management systems — Requirements (ISO Standard No. ISO/IEЕ 27001:2022).
International Organization for Standardization [ISO]. (2022b). Information security, cybersecurity and privacy protection — Information security controls (ISO Standard No. ISO/IEЕ 27002:2022).
Правни извори
Стрaтегија развоја информационог друштва и информационе безбедности у Републици Србији за период од 2021. до 2026. године. (2021). „Сл. гласник РС“, бр. 86/2021-5.
Закон о информационој безбедности. (2016). „Сл. гласник РС“, бр. 6/2016, 94/2017 и 77/2019.