Most CIR plans follow a similar framework when undergoing development. Hence, organisations can develop a template to outline the contents they want to include in the plan. (Goh, 2010a)
The information collected from conducting the previous processes is organised, summarised and documented to facilitate accessibility and ease of reading so that employees can understand and execute the appropriate procedures to secure their information assets during cyber security incidents.
The typical components of a CIR plan include the following:
|
Once the plan has been documented and subjected to approval from the Senior Management, the organisation will have to decide on a distribution policy:
Organisations adopting this policy believe acquiring more workforce during a cyber security incident allows for a more effective response. (Goh, 2010a)
Therefore, the plan is distributed to as many employees as possible. Additionally, as most employees would have received a copy of the plan, they can serve as a backup should the original position holder be unavailable during a cyber security incident.
Organisations adopting this policy believe that the plan contains classified organisational information, which should not be disclosed openly to all employees. Only the appointed leaders leading the mitigation and recovery efforts can access the plan. (Goh, 2010a)
However, as every employee within the organisation has a role in managing cyber security incidents, not gaining access to the plan's contents creates confusion as they are unsure of the procedures to be performed.
Deciding on a distribution policy during peacetime is essential. The relevant parties must read through the plan once they have received it to be aware of the documented processes.
Organizations can adopt an approach whereby the CIR plan is distributed to all employees. However, the content in the plan they have received will differ based on their roles and responsibilities in managing cyber security incidents.
Various information has been acquired from conducting RAR, BIA and BCS; the information has gone through the Executive Management for approval. Thus they need to be documented and distributed.
Only selected employees within the organisation know the plan's details as they participate in the processes. However, as every employee is responsible for performing pro-security actions when executing daily operations, they must know that a CIR response plan has been developed to execute the documented procedures when necessary.
An easy-to-read document that outlines the necessary steps to take when dealing with specific situations guides employees rather than confusing them. Ultimately, the organisation benefits as the employees can execute the documented procedures accordingly so that impacts on the organisation are minimal.
Teams Involved in CIR | PD Strategies | Develop Template | Back To: CIR Plan Development |
Competency-based Course |
Certification Course | ||
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 8 Plan Development 8.9 Plan Distribution to 8.10 Develop Template
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.