CIR Plan Development Strategies
Due to the lack of resources, organisations do not put all their eggs in one basket and focus on one component to effectively manage cyber security incidents. (Goh, 2010a)
They must be distributed appropriately so that regardless of how far the cyber security attack has advanced in performing its malicious act, the organisation can effectively manage and contain it so that damages suffered are minimised.
1. Prevention/ Mitigation
Prevention/Mitigation is the first of four steps for effectively managing cyber security incidents from a business continuity point of view. The desired outcome for all organisations is stopping the potential cyber security attack from getting into the organisation’s systems in the first place.
Therefore, this plan component covers preventive measures such as firewalls to reduce or eliminate vulnerabilities or the probability of a cyber security attack breaching the defences.
2. Detection
Timely detection of cyber security attacks that have breached the installed defences is crucial in minimising damages suffered. With stringent procedures and a non-complacent attitude, most breached cyber security attacks can be detected and removed from the systems before they perform their malicious acts.
3. Response
The response stage occurs when the organisation notices that its information assets have been affected by the malicious activities performed by a previously undetected cyber security attack.
Measures are documented which prepare the organisation to:
-
Identify information assets affected
-
Assess damages to information assets
-
Contain the attack to minimise impacts
4. Recovery
During or after the response stage, the organisation needs to recover the CBFs that have been disrupted from the affected information assets. Measures are laid out on how to continue the operation of CBFs without the information assets.
Support teams activate alternate processing facilities while the primary recovery team focuses on continuing CBFs utilising the alternate facilities or at an alternate site.
Related CIR PD Topics
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 8 Plan Development 8.8 Strategies
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.