Cybersecurity Series
Cyber Security_Blog_with Book

CIR PD Teams Involved in CIR

This article discusses relevant parties' respective roles and responsibilities that contribute to effectively managing cyber security incidents.

The relevant parties are held accountable for maintaining and updating the procedures. Notification protocols, activation procedures and authoritative rankings are outlined to facilitate mitigation and response when a cyber security incident occurs.

Reference: Chapter 8 Plan Development 8.6 Teams Involved in CIR

Moh Heng Goh

Banner 7CIR Plan Development Teams Involved in CIR

1. Teams Involved in CIR

Multiple teams are formed within the organisation. Although they have different responsibilities, their coordination facilitates smooth, synchronised and effective management of cyber security incidents.

2. Roles and Responsibilities

This component outlines the respective roles and responsibilities of relevant parties that contribute to effectively managing cyber security incidents. The relevant parties are held accountable for maintaining and updating the procedures. Notification protocols, activation procedures and authoritative rankings are outlined to facilitate mitigation and response when a cyber security incident occurs.

2.1 BCM Team

Figure 8-1 shows how a long-standing team structure formed for tackling cyber security can be modernised to incorporate business continuity. With the advancement of technology, cyber security is no longer a problem of just the IT department; the entire organisation is involved. Since a typical business continuity team already includes all of the departments within the organisation, the Senior Management can guide the business continuity team into using business continuity practices to tackle cyber security incidents, as depicted in Figure 8-2.

BCM Structure_v2

Figure 8-1: BCM Structure
(ENISA, 2005) (Ramanathan, 2010)
BCM-CS Cyber Security Team Structure

Figure 8-2: Cyber Security Structure
(Rehmen, 2016) (Bhunia, 2017) (IITR, 2013)

2.2 Information Technology (IT) Team

The IT team manages data, network, hardware and software information assets. During peace times, the IT team develops and implements mitigation controls to prevent potential cyber security attacks from disrupting business operations. Policies and procedures are also established to monitor the information assets for timely detection of cyber security attacks that have breached the installed controls. During cyber security incidents, recovery measures are executed to restore affected information assets, especially those utilised for the operation of CBFs.

2.3 Crisis Management (CM) Team

During cyber security incidents, the CM team is the leader that guides the organisation to resolve the attack within the shortest amount of time so that damages are minimised. They hold the authority to make key decisions that facilitate effective management of cyber security incidents.


2.4 Crisis Communication (CC) Team

The CC team is a subset of the CM team, focusing on internal and external communications. From the above diagrams, multiple teams within the organisations are deployed during a cyber security incident. Hence, coordination between them is crucial in ensuring that responsive protocols are aligned and executed smoothly. The CC team is the middle person, facilitating the exchange of information between relevant parties and increasing the level of coordination within the organisation.


Additionally, the CC team engages with stakeholders during cyber security incidents to protect the organisation’s image. Significant cyber security attacks are reported, which can spread like wildfire. The CC team is responsible for communicating with the stakeholders to ensure that recovery efforts proceed smoothly and that no parties are compromised.

Related CIR PD Topics

Teams Involved in CIR PD Strategies Develop Template Back To: CIR Plan Development
New call-to-action New call-to-action New call-to-action New call-to-action

 

 


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 8 Plan Development 8.6 Teams Involved in CIR

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

 

Comments:

 

More Posts

New Call-to-action