This is an introductory chapter discussing cyber security from a BCM perspective. Due to frequent cyber security attacks, cyber security has become a concern for many organizations. As such, organizations are wary of the cyber landscape because they are uncertain whether they have a sufficiently comprehensive program to tackle today's cyber security threats.
Furthermore, as many organizations utilize technological infrastructures to perform their daily operations, the threat of cyber security attacks causing disruptions is a significant concern. Thus, the existence of a BCM program and how it can operate before and during a cyber security attack become critical. Most importantly, the BCM team must work cohesively with the cyber security team.
When discussing BCM and cyber security, related concepts like IT Disaster Recovery, Crisis Management, and Crisis Communication will inevitably come into play. These concepts are related in certain aspects, and organizations must determine if multiple plans must be activated simultaneously when business is disrupted. In addition, it highlights the composition of the committees and teams to be set up. For experienced practitioners, bear with this elementary explanation of the concepts.The evolving threat landscape, characterized by increasingly sophisticated and frequent cyberattacks, demands a more strategic approach to business continuity management (BCM). As cyber incidents target IT infrastructure, data, and applications, organizations must prioritize system recovery to ensure critical functions resume swiftly.
The human element remains a critical factor in cybersecurity. Enhancing employee awareness and training is crucial to prevent attacks and minimize their impact. By fostering a culture of cybersecurity, organizations can significantly reduce the risk of breaches.
To effectively manage business continuity in today's threat landscape, organizations must integrate cybersecurity into their BCM strategies. This includes conducting regular cyber risk assessments, developing incident response plans, and establishing strong data protection measures. By proactively addressing these challenges, businesses can build resilience and safeguard their operations from disruptions.
Moreover, collaboration between IT, security, and business continuity teams is paramount. A unified approach ensures everyone understands their role in protecting the organization and responding to incidents effectively.
Back to fundamentals, one primary principle behind cyber security is to ensure that information relevant to an organization stored in cyberspace is preserved regarding confidentiality, integrity, and availability, or CIA for short. To expand on each point, the CIA stands for:
The recent cyber security attacks via Ransomware are an example of the CIA being compromised by organizations.
| Overview | BCM Team | Key Concepts | Characteristics | Back To: CIR Concepts |
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 2 Cyber Security, BCM and Relevant Concepts 2.1 Purpose
Note: This version was the draft 2nd Edition, which will be updated in 2025. The numeric in the square bracket [X-X] refers to the actual chapter and section in the 1st Edition.
| Business Continuity Management | Crisis Management | Crisis Communication | IT Disaster Recovery | ISO22301 BCMS Auditor | Operational Resilience | Operational Resilience Audit |
| BCM-300 | CM-300 | CC-300 | DRP-300 | BCM-8030 | OR-300 | ORA-300 |
| BCM-5000 | CM-5000 | CC-5000 | DRP-5000 | BCM-8530 | OR-5000 | ORA-5000 |
Contact us today: