Organisational resilience : a paradigm shift for managing security risks using a maturity model
Loading...
Authors
Du Plooy, Johan Diederick
Issue Date
2012-06
Type
Dissertation
Language
en
Keywords
ANSI/ASIS SPC.1-2009 , Maturity Model , Security Risk Management , Organisational resilience , ISO 27000: 2007 , ISO 28000: 2007 , ISO 31000: 2009 , ISO 19011: 2002 , Security related standards , Management Systems , SDG 9 Industry, Innovation and Infrastructure
Alternative Title
Abstract
This study, within the sphere of security risk management, aimed to ascertain
whether the concept: ‘Organisational Resilience’ would create a paradigm shift for
managing security risks when using a Maturity Model. It is foundationally based on
the American National Standards Institute-ASIS International’s Security,
Preparedness and Continuity (SPC) standard (ANSI/ASIS SPC.1-2009:
Organizational Resilience: Security, Preparedness and Continuity Management
Systems - Requirements with guidance for use) and a Maturity Model for an
Organisational Resilience Management System. The latter was implemented in a
case study which allowed for on-site tailoring and cost-effective maintenance within
certain resource constraints. It was found that, by using this Maturity Model, all levels
of management were able to experience a constant understanding of what level of
resilience existed within the organisation. Implementation also minimised the
probability of potential disruptive events and other risk threats from occurring, as well
as, in all likelihood, mitigating the consequences should these actually occur.