business continuity planning（业务连续性计划）.doc

Business Continuity Planning Historical Background and References IT SECURITY PROGRAM Computer Security Act of 1987, P.L. 100-235 provides for Government-wide computer security, training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and a computer standards program within the National Institute of Standards and Technology. Specifically, the Act: Requires the identification of systems that contain sensitive information; ? Requires mandatory periodic training in computer security awareness and accepted computer security practices for all persons involved in management, use, or operation of Federal computer systems that contain sensitive information and; ? Requires the National Institute of Standards and Technology (NIST) to establish a Computer Standards Program. The primary purpose of the Program is to develop standards and guidelines to control loss and unauthorized modification or disclosure of sensitive information in systems and to prevent computer-related fraud and misuse. Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources, November 30, 2000 (Appendix III unrevised from February 8, 1996) implements the Computer Security Act. It establishes a minimum set of controls to be included in Federal automated information security programs; assigns Federal agency responsibilities for the security of automated information; and links agency automated information security programs and agency management control systems. Circular A-130 requires that each agency information security program include controls for general support systems and major applications. To maintain continuity of support for general support systems, each agency must establish a continuity of support program and periodically test the capability to continue providing service within a system based upon the needs and priorities of the participants of the system. For majo