Relationships Between the BCM and CIR Structures
There are two very distinct organisational structures for BCM and cyber security. The question is how the BCM team can use the cyber security structure.
Firstly, the BCM team needs to stop having the misconception that cyber security lies only with the IT unit. Also, the cyber security team structure does not necessarily contain just members from the IT unit. There can be representatives from other business units. For example, multiple business units must be involved during security testing because the business functions utilize technological infrastructures to test their recovery capabilities.
Secondly, the BCM team members can complement the roles and responsibilities of the cyber security team. The fundamentals are identical: each business unit (including the BCM business unit) has representatives within the team who voice the respective team’s concerns and contribute to the overall cybersecurity plan.
Therefore, on top of performing daily BCM operations and planning, including cyber security as part of the routine discussion. The questions discussed include:
- What are the concerns about cyber security that each business unit has?
- How should each business unit work with the IT unit to develop mitigation, preventive or response measures?
Alignment of BCM and CIR
It is imperative that the BCM team can align themselves to develop a comprehensive CIR plan. Figure 5-12 shows the alignment, starting from the organizational structure and framework, and relationships are drawn between the teams and processes of BCM and CIR.
Figure 5-12: Aligning BCM and Cyber Security Incident Response
(PwC, 2011)
The BCM team has to be responsible and utilize the relationships to lay out the foundations so that future required processes are executed accordingly to meet the organization’s objectives towards both BCM and cyber security.
Related Topics for CIR Project Management
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Chapter 5 Project Management 5.8.3 Finding Relationships Between the Structures
Note: This version was the draft 2nd Edition being updated in 2022. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.