This is an introductory chapter discussing cyber security from a BCM perspective. Due to frequent cyber security attacks, cyber security has become a topic of concern for many organizations. As such, organizations are wary of the cyber landscape due to the uncertainty over whether they have a sufficiently comprehensive program to tackle today's cyber security threats.
Furthermore, as many organizations utilize technological infrastructures to perform their daily operations, the threat of cyber security attacks causing disruptions is a significant concern. Thus, the existence of a BCM program and how it can operate before and during a cyber security attack becomes critical. Most important is how the BCM team can work cohesively with the cyber security team.
When discussing BCM and cyber security, related concepts like IT Disaster Recovery, Crisis Management, and Crisis Communication (Figure 2-1) will inevitably come into play. These concepts are related in certain aspects, and organizations must determine if multiple plans must be activated simultaneously when business is disrupted. In addition, it highlights the composition of the committees and teams to be set up. For experienced practitioners, bear with this elementary explanation of the concepts.As cyber security threats evolve (Moraes, 2017) to become more sophisticated and more frequent in attacks, so are organizations starting to develop their way of thinking and actions to tackle these new issues. As cyber security incidents target IT applications, data, and infrastructure, the organization must prioritize which IT systems and applications to be recovered to ensure that mission-critical functions or CBFs can resume swiftly and promptly.
One of the critical trends noticed (Spiro, 2017) regarding cyber security attacks is the lack of competency and awareness of the employees. Organizations have begun to realize the importance of instilling their employees with adequate cybersecurity-related knowledge to prevent themselves from being attacked. Therefore, organizations must conduct training for their employees to ensure they are equipped with the understanding of how to respond to any attempt at cyber security attacks to prevent it. Standardizing terminologies (as presented in this article) and clearly understanding how they are related is simply the first step towards a safer, more secure organization.
Back to fundamentals, one primary principle behind cyber security is to ensure that information relevant to an organization stored in cyberspace is preserved regarding their confidentiality, integrity, and availability, or CIA for short. To expand on each point, the CIA stands for:
The recent cyber security attacks via Ransomware are an example of the CIA being compromised by organizations.
| Overview | BCM Team | Key Concepts | Characteristics | Back To: CIR Concepts |
| Competency-based Course |
Certification Course | ||
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 2 Cyber Security, BCM and Relevant Concepts 2.1 Purpose
Note: This version was the draft 2nd Edition being updated in 2022. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.