Cybersecurity Series
Cyber Security_Blog_with Book

CIR RAR-BIA Risk Treatment Strategy for Specific Cybersecurity Threats

This chapter discusses the importance of knowing what information assets within an organisation require protection against cyber security threats.

It is part of the Risk Analysis and Review (RAR) phase. This includes the understanding of the types of cyber security threats and the assets that are affected.  These include the four major category: The Human Element,  Conduit Devices, Configuration Exploitationand Malicious Software.

It also provides an understanding of the cyber criminals' techniques utilized to exploit vulnerabilities within the organization that sabotaged the assets, affecting the smooth continuity of business functions.

Reference: Chapter 6 Risk Analysis and Review and Business Impact Analysis 6.9 Risk Treatment

Moh Heng Goh

CIR Risk Analysis and Review and Business Impact Analysis

Risk Treatment Strategy

Risk Treatment Strategy for Specific Cyber Security Threats

The risk treatment summarized by Verizon surveys for the following cyber security risk is as appended in the four figures shown below. 

For more information, refer to the blog for Verizon’s recommended practices [under construction] for tackling various cyber security threats.

New call-to-action
Risk Treatment for Conduit Devices Risk Treatment for Configuration Exploitation New call-to-action
The Human Element  Conduit Devices Configuration Exploitation Malicious Software

Re-Visiting these Processes

Organizations must remember that these processes are not conducted just once; they should be shown periodically or when significant organisational and technological changes occur.

These processes take up the majority of the time in preparing a plan to manage cybersecurity incidents effectively, and that is because they are the most critical processes in the overall development of the plan.

Pairing their importance with the rapid advancement in technology, organizations are left with no choice but to conduct these processes to continue to ensure that their plan remains relevant so that cyber security incidents are managed effectively, minimizing impacts to the business.

Key Take Away for CIR from the RAR and BIA Phases

The key takeaway is that as a BCM or cyber security professional, drawing the connections between the continuation of the disrupted CBFs and the impact of the cyber security incident is critical in ensuring effective management of the disruption due to the cyber security incident.

During a cyber security incident, the cyber security team is the overall in-charge of managing the incident. Information regarding the cyber security incident gathered by this team should be communicated to the BCM team during the start.

This should be executed concurrently with the appropriate CIR procedures to contain the incident and minimize the attack from the organization’s systems.

Meanwhile, suppose the BCM team can receive the information regarding the affected information assets early during the outage. In that case, the BCM team can notify the business users to commence preparation for their CBFs potentially affected by the cyber security incident.

The consolation for the business users is that during a typical cyber security incident, they will still have access to the infrastructure (office) as it is not denied access. However, the cyber security attack will most likely compromise the technology infrastructure and assets within the organization.

Therefore, with the information received and the list of CBFs previously identified, they can determine which CBFs will be affected by the cyber security incident, take precautionary measures, and be on standby to execute the appropriate procedures as documented on the BC plan to ensure minimal downtime of CBFs.

Summary of RAR and BIA for CIR

Identifying an organization’s information assets is conducted first because the organization has to know and understand they are trying to protect itself from the influence of cybercriminals.

The identification of CBFs and risk assessment are conducted simultaneously. The identified assets pave the way for the organization to determine what cyber security threats can influence them negatively and which CBFs utilize them. At the same time, the impacts of associated cyber security threats are calculated and determined, which can also be used to determine which business functions are critical.

Based on the criticality and severity of the CBFs and the impacts of cyber security threats, the organization has to prioritize the order in which the CBFs have to be recovered to meet the MBCO. The organization will dedicate more effort and resources to recovering CBFs, which are higher on the priority list during the risk treatment process.

At this point, every organization will be unique regarding its identified information assets, identified CBFs, and identified cyber security threats. Therefore, the priorities of recovery will differ, so the allocation of effort and resources changes accordingly.

Related Topics to CIR RAR and BIA

RAR and BIA Process for Cybersecurity Incident Response (CIR) Guidelines for CIR Risk Analysis and Review (RAR) Guidelines for CIR Business Impact Analysis (BIA) Risk Treatment Strategy Back To: Overview of RAR and BIA
C6 CIR RAR and BIA Process New call-to-action New call-to-action Risk Treatment Strategy for Specific Cyber Security Threats New call-to-action

 


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 6Risk Analysis and Review and Business Impact Analysis 6.9 Risk Treatment

Note: This version was the draft 2nd Edition being updated by 2023. The numeric in the square bracket [X.X] cross-refers to the actual chapter and section in the 1st Edition.

 

Comments:

 

More Posts

New Call-to-action