Cybersecurity Series
Cyber Security_Blog_with Book

CIR PgM Plan Maintenance

The effectiveness of ensuring the continuity of business operations from a cyber security incident is dependent on the execution of documented mitigation or response procedures. Hence, the CIR plan's content must be up-to-date to tackle the constantly evolving cyber security threats.

Various maintenance activities are performed, demanding the availability of resources, hence policies or frameworks have to be developed to ensure a maintenance program is in place to ensure the CIR plan is relevant at all times.

Reference: Chapter 10 Program Management 10.3 Plan Maintenance

Moh Heng Goh

Banner 9 V2CIR Program Management

Plan Maintenance

CIR Plan MaintenanceThe effectiveness of ensuring the continuity of business operations from a cyber security incident is dependent on the execution of documented mitigation or response procedures. Hence, the CIR plan's content must be up-to-date to tackle the constantly evolving cyber security threats.

 

Various maintenance activities (Goh, 2010b) are performed, demanding the availability of resources. Hence policies or frameworks have to be developed to ensure a maintenance program is in place to ensure the CIR plan is always relevant.

1. Reviewing of the CIR Plan

Information assets within an organisation frequently change due to changes in business needs, technological advancements or the introduction of internal or external policies. Therefore, the CIR plan has to be reviewed (Lennon et al., 2002) to document the new information and determine if current mitigation and response procedures are sufficient.

The reviewing process goes hand-in-hand with the change management process. It should occur on a pre-defined schedule scheduled annually or when significant changes to a particular plan component or inventory of information assets exist.

Although the frequency of review is dependent on the component being reviewed, the focus areas of the process are:

  • Operational Requirements;
  • Security Requirements;
  • Technical Activities;
  • Inventory of information assets; and
  • Contact information of relevant stakeholders.

2. Change Management

When the organisation undergoes significant changes regarding the elements mentioned above, it signals that changes (Stevens Institute of Technology, 2017) to the CIR plan will have to be made. However, changing the plan's contents is not as simple as editing using Microsoft Office; there is a formal process behind change management. When the changes to the organisation have been identified, the details, which include descriptions and reasons, of the changes are filled in on the change request form.

Organisation BCM CoordinatorThe details are analysed by the Organisation BCM Coordinator and Senior Management. The change requests will be investigated once preliminary approval is given to them. The investigation party and Senior Management evaluate the effects of changes in cyber security. A final verdict of ‘accepted’, ‘rejected’ or ‘on hold’ will be given by the Senior Management.

Most changes to information assets within the organisation will be accepted when submitted through the change management process because the Senior Management approved the acquisition of the information assets. Organisational changes to structure and processes also have a high probability of being accepted as these areas constitute the crucial components of the CIR plan. Once the Senior Management has approved the change request, the details can be documented to update the CIR plan and distributed to the respective parties.

3. Plan Distribution

The cyber security incident plan potentially contains sensitive organisational information. Hence the distribution of the plan should be controlled. A similar practice to when the plan was first documented and distributed can be adopted.

New call-to-actionThe employee will receive a plan document (Lennon et al., 2002) containing only the information that he is required to know. Certain employees may be confused about what has changed in the plan. Therefore, it is advised that the organisation conducts a session where the employees are briefed after distribution to ensure that they are aware of the changes. A separate document of the plan should be kept and secured in storage that is easily accessible by employees so, at any time, they can retrieve the plan and execute the appropriate documented procedures.

Related Topic for CIR Program Management
Back To: Rationale for Lack of Cyber Security Prioritisation Plan Maintenance Training and Awareness
CIR PgM Rationale for Lack of Cyber Security Prioritisation CIR Plan Maintenance CIR Training and Awareness
Advanced Testing and Exercising Audit Cyber Security Mindset and Culture
CIR Advanced Testing and Exercising CIR Audit CIR Cyber Security Mindset and Culture

 

 

 


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 10 Program Management 10.3 Plan Maintenance

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

Comments:

 

More Posts

New Call-to-action