Abstract
Conceptual Review for Implementation of ISO/IEC 27001 and ISO 22301 for Information Security and Business Continuity in the Banking Sector
The use of emerging information and communication technologies has become indispensable tools in our daily life. Applications, information systems interface with opened to end users, capture and store data as possible. It is good strategy to avoid loss of customers to meet customer expectations for using this technology, but they are responsible for the security of the information they receive from individuals and institutions. The banking sector, which has intense customer relations, is also included in mentioned user. Set up and use "Information Security Management System" for sufficient protection of information located in banks will rational approach. Today, another important topic as information security is business continuity. Because of the importance of the performed, banks are one of the leading institutions among the others that need to ensure business continuity. The business interruption of the banks experiencing causes considerable damages to customers, banks and our country. As with the management of the information security, banks which do not have an effective ‘Business Continuity Management System’ results in exposure of banks to statutory and reputational damages. Therefore, what needs to be done to create a ‘Business Continuity Management System’ effectively and to bring into compliance with ISO 22301 Social Security and Business Continuity Management System Standard used in the banking sector and the key items of ISO 22301 Social Security and Business Continuity Management System Standard have been examined in detail. The importance of the mentioned topics should not be ignored during the mandatory and rapid digital transformation process we experience due to the COVID19 pandemic. In this study, the ISO / IEC 27001 Information Security Management Standard and ISO 22301 Social Security and Business Continuity Management System Standard implementation and results in the banking sector were discussed. As a result, the issues that banks can consider while establishing the "Information Security Management System" and "Business Continuity Management System" are presented.
Keywords
Business Continuity Management System, Information Security Management System, Information Security
