Cyber security (as shown in Figure 2-1) must be related to the other concepts of business continuity management: business continuity, crisis management, crisis communication, and IT disaster recovery.
Figure 2-1: Relationship Between the Related BCM Concepts to Cyber Security
1. IT Disaster Recovery
A closely related concept to BCM and cyber security, as shown in Figure 2-1, IT Disaster Recovery (IT DR) plans (21st C.S, 2010) tend to encompass an organization's technology infrastructure. In the internet age, more and more organizations – even the older ones- are relying on modern technologies (B.S, 2014) to carry out their day-to-day operations. However, these conveniences come with cyber security threats to match.
Therefore, during the Business Impact Analysis (BIA) phase of the BCM planning process, it is essential to identify all the technological infrastructures necessary (CMI Staff Writer, 2004) to carry out CBFs.
Should the IT infrastructures be attacked, compromised, or disrupted, the CBFs reliant on them will be unable to work, potentially jeopardizing the continued operations of the entire organization. Hence, integration of IT DR to BCM at an early stage is crucial. Additionally, teamwork, communication, and coordination between different recovery teams are necessary for a swift and successful response. The exchange of information, even before an actual incident occurs, is ideal. Team managers should know the roles and responsibilities of the other teams so that mutual procedures can be considered and integrated into the event of a disruption.
Related IT DR terms, when presenting the relationship in Figure 2-2 (below), include the IT Disaster Recovery (DR) Team.
2. Crisis Management
Crisis Management (CM) (CMI Staff Writer, 2004) encompasses the steps taken by an organization when tackling a significant critical incident. Any incident that results in the loss of the organization's financial value in the market, be it by reputation or damages, is considered a crisis by the organization. A plan and a properly trained team should be established beforehand so that procedures are already in place and a strong team can execute them.
Related CM terms when presenting the relationship in Figure 2-3, include Crisis Management Team, Damage Assessment (DA) Team, and Emergency Response (ER) Team.
3. Crisis Communication
Crisis Communications (CC) (CMI Staff Writer, 2004) encompasses how an organization protects itself via internal and external communication to the relevant parties about the details of the crisis and what they are doing to resolve the situation. Some of the appropriate parties that the organization has to address include:
BCM Team | Key Cyber Security Concepts | Related BCM and CIR Concepts | Characteristics of Relevant Concepts | Back To: BCM & CIR Concepts |
|
|
Competency-based Course |
Certification Course | ||
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 2 Cyber Security, BCM and Relevant Concepts 2.6 BCM Concepts to Cyber Security
Note: This version was the draft 2nd Edition being updated in 2022. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.