CIR Plan Development Teams Involved in CIR
1. Teams Involved in CIR
Multiple teams are formed within the organisation. Although they have different responsibilities, their coordination facilitates smooth, synchronised and effective management of cyber security incidents.
2. Roles and Responsibilities
This component outlines the respective roles and responsibilities of relevant parties that contribute to effectively managing cyber security incidents. The relevant parties are held accountable for maintaining and updating the procedures. Notification protocols, activation procedures and authoritative rankings are outlined to facilitate mitigation and response when a cyber security incident occurs.
2.1 BCM Team
Figure 8-1 shows how a long-standing team structure formed for tackling cyber security can be modernised to incorporate business continuity. With the advancement of technology, cyber security is no longer a problem of just the IT department; the entire organisation is involved. Since a typical business continuity team already includes all of the departments within the organisation, the Senior Management can guide the business continuity team into using business continuity practices to tackle cyber security incidents, as depicted in Figure 8-2.
Figure 8-1: BCM Structure
(ENISA, 2005) (Ramanathan, 2010)
Figure 8-2: Cyber Security Structure
(Rehmen, 2016) (Bhunia, 2017) (IITR, 2013)
2.2 Information Technology (IT) Team
The IT team manages data, network, hardware and software information assets. During peace times, the IT team develops and implements mitigation controls to prevent potential cyber security attacks from disrupting business operations. Policies and procedures are also established to monitor the information assets for timely detection of cyber security attacks that have breached the installed controls. During cyber security incidents, recovery measures are executed to restore affected information assets, especially those utilised for the operation of CBFs.
2.3 Crisis Management (CM) Team
During cyber security incidents, the CM team is the leader that guides the organisation to resolve the attack within the shortest amount of time so that damages are minimised. They hold the authority to make key decisions that facilitate effective management of cyber security incidents.
2.4 Crisis Communication (CC) Team
The CC team is a subset of the CM team, focusing on internal and external communications. From the above diagrams, multiple teams within the organisations are deployed during a cyber security incident. Hence, coordination between them is crucial in ensuring that responsive protocols are aligned and executed smoothly. The CC team is the middle person, facilitating the exchange of information between relevant parties and increasing the level of coordination within the organisation.
Additionally, the CC team engages with stakeholders during cyber security incidents to protect the organisation’s image. Significant cyber security attacks are reported, which can spread like wildfire. The CC team is responsible for communicating with the stakeholders to ensure that recovery efforts proceed smoothly and that no parties are compromised.
Related CIR PD Topics
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 8 Plan Development 8.6 Teams Involved in CIR
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.