I have been reading through the ISO 27001 / ISO 27002 standards on data security. Okay, so some of us don't really have a life. Am I allowed to say its really interesting reading.
So I am reading along and get to section A.10.3 in ISO 27002 which is all about minimising the risk of systems failure, which is about doing capacity planning and system acceptance.
Control A.10.3.1 is all about
The standard requires the organisation to monitor its capacity demands and then to make projections of future capacity requirements so that it can ensure that it has adequate power and data storage facilities available. The utilization of key system resources (file servers, domain servers, e-mail server, printers and other output devices) should be monitored so that additional capacity can be brought on-stream when it is needed. The projections should obviously take account of predictions of levels of business activity, and there should therefore be an overt link between this activity and the annual business planning cycle. The trends that should be consider are the increase in business activity, and therefore in transaction processing; [...] E-commerce businesses should also consider the expected increase in website activity and plan sufficient capacity to ensure that the site remains operational, paritculararly at times of peak activity.Interesting. One can see how the elastic and scalable aspects of VMware and vCloud could drive a long way to organisations being able to show a capacity to mediate this risk and therefore achieve compliance.
All of this should enable network managers and webmasters to identify and avoid potential bottlenecks that could threaten system security or the availability of network or system resources or data.
The Cloud delivering security compliance, now thats an idea!
Rodos
[Quote from : IT Governance : A Manager's Guide to Data Security and ISO27001/ISO27002 by Alan Calder & Steve Watkins, 4th edition, p175-176]
No comments:
Post a Comment