A standard produced by [[ISO|ISO]] that deals with [[ICT readiness for business continuity|IRBC]]. Referenced within it are the following other standards: - [[ISO 27035]] - [[ISO 27000]] - [[ISO 27001]] - [[ISO 27002]] - [[ISO 27005]] ## Clause 5: Overview ### 5.2 Key principles 1. [[incident]] prevention 2. [[incident]] detection 3. [[incident response]] 4. recovery 5. improvement ### 5.3 Elements 1. People 2. Facilities 1. interesting. "The physical environment in which ICT resources are located". Is that still a good definition? 2. Technology: 1. hardware (this standard is showing its age) 2. network, including [[router|routers]] 3. [[software]] 4. data 5. processes 6. suppliers The point is to address the question "is our ICT capable of responding" and *not* "is our ICT secure" ![[tenor.gif]]