BCM & CIR Concepts
Overview of CIR Concepts in Cyber Security
1. Purpose
This is an introductory chapter discussing cyber security from a BCM perspective. Due to frequent cyber security attacks, cyber security has become a concern for many organizations. As such, organizations are wary of the cyber landscape because they are uncertain whether they have a sufficiently comprehensive program to tackle today's cyber security threats.
Furthermore, as many organizations utilize technological infrastructures to perform their daily operations, the threat of cyber security attacks causing disruptions is a significant concern. Thus, the existence of a BCM program and how it can operate before and during a cyber security attack become critical. Most importantly, the BCM team must work cohesively with the cyber security team.
When discussing BCM and cyber security, related concepts like IT Disaster Recovery, Crisis Management, and Crisis Communication will inevitably come into play. These concepts are related in certain aspects, and organizations must determine if multiple plans must be activated simultaneously when business is disrupted. In addition, it highlights the composition of the committees and teams to be set up. For experienced practitioners, bear with this elementary explanation of the concepts.2. Recent Cyber Security Trends
The evolving threat landscape, characterized by increasingly sophisticated and frequent cyberattacks, demands a more strategic approach to business continuity management (BCM). As cyber incidents target IT infrastructure, data, and applications, organizations must prioritize system recovery to ensure critical functions resume swiftly.
The human element remains a critical factor in cybersecurity. Enhancing employee awareness and training is crucial to prevent attacks and minimize their impact. By fostering a culture of cybersecurity, organizations can significantly reduce the risk of breaches.
To effectively manage business continuity in today's threat landscape, organizations must integrate cybersecurity into their BCM strategies. This includes conducting regular cyber risk assessments, developing incident response plans, and establishing strong data protection measures. By proactively addressing these challenges, businesses can build resilience and safeguard their operations from disruptions.
Moreover, collaboration between IT, security, and business continuity teams is paramount. A unified approach ensures everyone understands their role in protecting the organization and responding to incidents effectively.
3. Cyber Security
Back to fundamentals, one primary principle behind cyber security is to ensure that information relevant to an organization stored in cyberspace is preserved regarding confidentiality, integrity, and availability, or CIA for short. To expand on each point, the CIA stands for:
- Confidentiality (C) of information means data within an organization can be categorized based on their information regarding who can access them. Specific information can only be accessed by personnel of high authority;
- Integrity (I) of information means that information accessed by the respective personnel is not tampered with and
- Availability (A) of information means that information can be accessed anywhere at any time when required.
The recent cyber security attacks via Ransomware are an example of the CIA being compromised by organizations.
Related Topics for BCM and CIR Concepts
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 2 Cyber Security, BCM and Relevant Concepts 2.1 Purpose
Note: This version was the draft 2nd Edition, which will be updated in 2025. The numeric in the square bracket [X-X] refers to the actual chapter and section in the 1st Edition.
View Our Course Catalog
Talk to Us by Registering Your Interest via the Tell-Me-More buttons below
Contact us today: