CIR Plan Development
This article discusses the various content and BCM techniques for developing and documenting a CIR Plan. Information from the previously conducted processes is only known by selected employees involved with the brainstorming and the development.
However, with increased usage of IT infrastructures and the pervasive nature of the internet, developing a cyber incident response plan is crucial for organisations to protect their health, safety and economic interests.
Hence, this information, together with activities to be carried out in future, has to be documented in detail. Proper management of cyber security incidents can mitigate or minimise impacts from disruptive cyber security attacks.
1. Purpose
The purpose of the CIR plan addresses the policy for effective management of cyber security incidents and the overall framework for developing and executing the plan. (Goh, 2010a)
It aligns the document's readers with the organisation’s mission of improving its ability to tackle cyber security. It has to be understood at the beginning before proceeding.
2. Reasons for Developing a Cyber Incident Response Plan
With IT infrastructures being a common tool utilised by many organisations, it is the natural target for cybercriminals to launch attacks depending on their motives. Although these IT infrastructures improve the efficiency of operations, it becomes a liability if cybercriminals can exploit them to disrupt business.
Therefore, organisations will aim to maintain these IT infrastructures as assets, reducing attack vectors and lessening the opportunities for a successful cyber security attack to be launched onto the organisation.
At the same time, cyber security threats have evolved vastly, and the associated impacts from a successful cyber security attack are very detrimental to organisations. For organisations to manage cyber security incidents in the current situation, they must be well-prepared to handle them efficiently.
3. Scope
Defining the scope of the CIR plan streamlines mitigation and response activities so that resources are not spent unnecessarily on non-critical IT infrastructures. Every business function within the organisation is addressed, highlighting the importance of cyber security. The scope covers the content of the plan and supporting appendixes.
4. Identify Resources
Resources required to perform the activities documented in the plan must be prepared beforehand so that processes are conducted in the shortest amount of time, facilitating effective mitigation or response to cyber security incidents.
Related CIR PD Topics
| Teams Involved in CIR | PD Strategies | Develop Template | Back To: CIR Plan Development |
 |
 |
 |
 |
Do You Want to Continue BCM Training onsite or online?
![[BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available?](https://no-cache.hubspot.com/cta/default/3893111/4b22a53c-6e3e-4b9e-8c2a-888423f1d26c.png)
![[BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?](https://no-cache.hubspot.com/cta/default/3893111/fe175db3-7f57-4636-bf09-e9a836aa5478.png)
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 8 Plan Development 8.1 Introduction to 8.5 Identify Resources
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.
