A cybercriminal uses computers, mobile devices, or the network to conduct malicious activities, targeting the organization's information assets.
The sophistication of the malware deployed depends on the cybercriminal's motive.
Dangers that exploit vulnerabilities to harm organizations are considered threats. Cyber security threats are dangers that specifically harm the organization's technological infrastructure.
These infrastructures include Applications, Software, Hardware, and networks. This terminology can be used interchangeably with cyber threats.
Attempts by adversaries to harm an organization's technological infrastructure are classified as cyber security attacks. This terminology can be used interchangeably with a cyber attack.
Incident responses are activities and procedures an organization performs to manage an incident and minimize its impacts.
These actions are developed during peaceful times and executed based on the classification of threats that the organization faces.
Having described “incident response”, Cyber Security Incident Response or CIR involves the preparation of measures to, in the best case scenario, prevent organizations from being attacked by cyber security threats or to respond to a cyber security attack effectively. Regardless of the identified cyber security threats, an organization aims to ensure that appropriate CIR is used to deal with them and to reduce the impacts suffered.
Preparation must ensure the cyber security policies and procedures are tailored to the organization and that the cyber security incident can be swiftly and effectively resolved. Many organizations are susceptible to cyber security attacks due to sophisticated attacks; having a CIR plan reduces chaos experienced during a cyber security incident and, thus, the recovery times and costs.
The primary focus for business continuity is to ensure the resumption of the CBFs. If critical IT services are attacked, the IT software, data, and infrastructure must remain available to carry out the CBFs that rely on them.
Cyber security professionals must work hand in hand with their business continuity counterparts. For example, critical transactions and customer engagement cannot be performed if a cyber security threat has compromised an organisation's network. As the business functions of multiple departments are affected by such an attack, departments of the same organization must come together and pool their combined efforts to resolve the issue affecting business operations.
Additionally, organizations can no longer afford to assume that cybersecurity issues are solely the purview of the IT department. While the IT department is responsible for recovery efforts, the cooperation of other departments will ensure that recovery times are shorter, avoiding potentially more significant impacts that could be suffered by the organization with a more extended disruption period.
One suggestion is to have two separate plans: one solely for business continuity, the other for cyber security. The two plans can be combined during relevant scenarios to tackle the threat. One example is access control. Different levelled employees have access to varying degrees of information. An intern will not be privy to compassionate details, while a front-line manager may not have the whole picture. Regardless of the level of information, the critical ones have to be identified, and recovery procedures for this crucial information have to be prepared.
Overview | BCM Team | Key Concepts | Characteristics | Back To: CIR Concepts |
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 2 Cyber Security, BCM and Relevant Concepts 2.5 Key Concepts in Cyber Security
Note: This version was the draft 2nd Edition being updated in 2022. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.
Business Continuity Management | Crisis Management | Crisis Communication | IT Disaster Recovery | ISO22301 BCMS Auditor | Operational Resilience | Operational Resilience Audit |
BCM-300 | CM-300 | CC-300 | DRP-300 | BCM-8030 | OR-300 | ORA-300 |
BCM-5000 | CM-5000 | CC-5000 | DRP-5000 | BCM-8530 | OR-5000 | ORA-5000 |