CIR PgM Plan Maintenance

CIR Program Management

Plan Maintenance

The effectiveness of ensuring the continuity of business operations from a cyber security incident is dependent on the execution of documented mitigation or response procedures. Hence, the CIR plan's content must be up-to-date to tackle the constantly evolving cyber security threats.

1. Reviewing of the CIR Plan

Information assets within an organisation frequently change due to changes in business needs, technological advancements or the introduction of internal or external policies. Therefore, the CIR plan has to be reviewed (Lennon et al., 2002) to document the new information and determine if current mitigation and response procedures are sufficient.

The reviewing process goes hand-in-hand with the change management process. It should occur on a pre-defined schedule scheduled annually or when significant changes to a particular plan component or inventory of information assets exist.

Although the frequency of review is dependent on the component being reviewed, the focus areas of the process are:

• Operational Requirements;
• Security Requirements;
• Technical Activities;
• Inventory of information assets; and
• Contact information of relevant stakeholders.

2. Change Management

When the organisation undergoes significant changes regarding the elements mentioned above, it signals that changes (Stevens Institute of Technology, 2017) to the CIR plan will have to be made. However, changing the plan's contents is not as simple as editing using Microsoft Office; there is a formal process behind change management. When the changes to the organisation have been identified, the details, which include descriptions and reasons, of the changes are filled in on the change request form.

The details are analysed by the Organisation BCM Coordinator and Senior Management. The change requests will be investigated once preliminary approval is given to them. The investigation party and Senior Management evaluate the effects of changes in cyber security. A final verdict of ‘accepted’, ‘rejected’ or ‘on hold’ will be given by the Senior Management.

Most changes to information assets within the organisation will be accepted when submitted through the change management process because the Senior Management approved the acquisition of the information assets. Organisational changes to structure and processes also have a high probability of being accepted as these areas constitute the crucial components of the CIR plan. Once the Senior Management has approved the change request, the details can be documented to update the CIR plan and distributed to the respective parties.

3. Plan Distribution

The cyber security incident plan potentially contains sensitive organisational information. Hence the distribution of the plan should be controlled. A similar practice to when the plan was first documented and distributed can be adopted.

The employee will receive a plan document (Lennon et al., 2002) containing only the information that he is required to know. Certain employees may be confused about what has changed in the plan. Therefore, it is advised that the organisation conducts a session where the employees are briefed after distribution to ensure that they are aware of the changes. A separate document of the plan should be kept and secured in storage that is easily accessible by employees so, at any time, they can retrieve the plan and execute the appropriate documented procedures.

Related Topic for CIR Program Management

Do You Want to Continue BCM Training onsite or online?

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 10 Program Management 10.3 Plan Maintenance

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.