KS A ISO PAS 22399-2008 Societal security－Guideline for incident preparedness and operational continuity management.pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS A ISO PAS 22399 KS A ISO PAS 22399:2008 2008 12 18 http:/www.kats.go.krKS A ISO PAS 22399:2008 : ( ) ( ) ( ) ( ) ()CM ( ) ：(ISO/ TC223) BCP BCP IBM : (http:/www.standard.go.kr) ： ： 2008 12 18 2008-0901 ： ： ( 02-509-7278) (http:/www.kats.go.kr). 10 5 , . K

2、S A ISO PAS 22399:2008 i (IPOCM) . , , , , . , (incident) (disruption), (emergency), (crisis), (disaster) , . IPOCM . , , , , , , . (Interested parties) (stakeholders) , ( 1). IPOCM . 1 IPOCM / 2 IPOCM / 1 IPOCM IPOCM . . . (operational continuity) (business continuity) / KS A ISO PAS 22399:2008 ii

3、. . (significant disruption) (threats), , (constraints) (acceptable level) , , (IPOCM) , , (stakeholders) IPOCM . , . . IPOCM . . , IPOCM . . - , . . , , , , , . IPOCM . IPOCM . IPOCM . IPOCM , . . IPOCM . , IPOCM . IPOCM (interested and affected parties) . KS A ISO PAS 22399:2008 iii . (technology)

4、 (technique) . (technology) (technique) . IPOCM ( , , ) . , , , . IPOCM (functions and interests) . IPOCM . . . , . . , . , . . , . . . KS A ISO PAS 22399:2008 Societal security Guideline for incident preparedness and operational continuity management 2007 1 ISO/PAS 22399, Societal security Guidelin

5、e for incident preparedness and operational continuity management , . 1 ( , , ) . , , , (first responder), . . , , . (barriers), (risks), (disruptions) (control) (mitigation strategies) (residual risk) (risk tolerance) (incident and emergency response), (continuity response), (recovery response) , (

6、mutual and community assistance) (interface) . , , . KS A ISO PAS 22399:2008 2 . . 2 . . ( ) . KS A ISO/IEC Guide 73： 2002, KS A ISO 3534 1, 1： 3 KS A ISO/IEC Guide 73 . 3.1 (critical activity) (function) (process) 3.2 (consequence) (event) (outcome) 1 (event) (consequence) . 2 (consequence) . 3 (co

7、nsequence) . KS A ISO/IEC Guide 73 3.3 (crisis) , (attention) (action) (incident) 3.4 (disaster) (damage) (loss) (event) 3.5 (disruption) ( : ) ( : ) (incident) (disruption) . 3.6 (emergency) (action) , (occurrence) KS A ISO PAS 22399:2008 3 (event) (emergency) (event) (condition) 3.7 (exercising) I

8、POCM (competence) (capability) IPOCM (evaluating) , (rehearsing) , ( : , , ) (testing) . 1 (exercise) . 2 (exercise) , . 3.8 (event) (a set circumstance) (occurrence) 1 (event) . 2 (event) (a series of occurrences) . 3 (event) (probability) (estimated) . KS A ISO/IEC Guide 73 3.9 (hazard) (adverse e

9、ffects) (physical or operational) (conditions) (danger) . 3.10 (impact) (outcome) (evaluated consequence) 3.11 (impact analysis) (operational interruption) (operational function) (effect) (analyzing) 3.12 (incident) (operational interruption), (disruption), (loss), (emergency) (crisis) (event) 3.13

10、(incident management plan) (incident) (disruption) (plan of KS A ISO PAS 22399:2008 4 action), (incident management process) , , (action) . 3.14 (incident preparedness) (disruption), (disaster) (emergency) , (incident) (activities), (programs) (systems) 3.15 (incident preparedness and operational co

11、ntinuit y management, IPOCM) (potential threats) (impacts) (activity) (direction) 3.16 IPOCM (IPOCM policy) (incident preparedness) (operational continuity) (intention) (direction) 3.17 (mitigation) (incident) (consequence) (limitation) . 3.18 (mutual aid agreement) ( ) 3.19 (operational continuity,

12、 OC) (condition), (situation), (event) , (operational continuity) (business continuity) . , , . 3.20 (operational continuity management, OCM) (threaten) (impacts) (stakeholders), (reputation), (brand), (value-creating activities) (training), (rehearsal), (reviews) . 3.21 (operational continuity mana

13、gement program) (exercising) KS A ISO PAS 22399:2008 5 (rehearsal), (testing), (training), (maintenance) (assurance) / / , (management) (governance) 3.22 (operational continuity management team) (emergency) (crisis) (immediate and first responders), (interested parties) . 3.23 (operational continuit

14、y plan, OCP) , , 3.24 (operational continuity strategy) (disruptive event), (crisis) (outage) 3.25 (operational continuity team) (rehearsing) 3.26 (organization) , , , (company), (corporation), (firm), (enterprise), (institution), (charity), (sole trade) (association) (parts) . 3.27 (prevention) (di

15、sruption) (avoid) (preclude) (limit) 3.28 (probability) 1 “ (random event) 0 1 ” . (long-run relative frequency) (degree of belief) . (probability) 1 (KS A ISO 3534 1 1.1 ). 2 (probability) (frequency) . 3 (ranks) (classes) . KS A ISO PAS 22399:2008 6 (rare) / (unlikely) / (moderate) / (likely) / (a

16、lmost certain) (incredible) / (improbable) / (remote) / (occasional) / (probable) / (frequent) KS A ISO/IEC Guide 73 3.29 (recovery time objective, RTO) (disruption of operation) (acceptable down time) (restoration) (recovery) 3.30 (residual risk) (risk treatment) (remain risk) 3.31 (resilience) (ev

17、ent) (affect) 3.32 (response program) (life), (property), (operation) (critical asset) (preserve) (protect) , (response step) (incident recognition), (notification), (assessment), (declaration), (plan execution), (communications), (resources management) . 3.33 (risk) (event) (probability) (consequen

18、ce) 1 “ ” . 2 (outcome) (event) (deviation) . KS A ISO/IEC Guide 73 3.34 (risk a cceptance) (decision to accept risk) 1 “ (accept)” (acceptance) . 2 (risk criteria) . KS A ISO/IEC Guide 73 KS A ISO PAS 22399:2008 7 3.35 (risk assessment) (identification), (analysis), (evaluation) , . 3.36 (risk communication) (sharing) (exchange) KS A ISO/IEC Guide 73 3.37 (risk criteria) , , , , (priorities) (assessment