The scope of a project is developed so that the team remains focused (Goh, 2008c) on the tasks at hand determined by appropriate assumptions and limitations. Without a defined scope, the project team is unclear about the outcome and may waste resources performing unnecessary actions.
The established scopes should not be too broad but practical and realistic so the project team can maintain control and not go too overboard. The input from the BCM team may be helpful at the start of this initiative.
For example, the scope can be “to ensure that the organization is well protected against different cyber security threats”. Hence, objectives to meet this scope can include identifying and documenting potential cyber security threats that can attack the organization and developing mitigation measures to protect the organization from such attacks.
Responding measures should the organization be attacked. From the objectives, tasks are identified to fulfil them, such as researching and gathering information or meeting with respective departments to find out what they require. Ultimately, deliverables (identified cyber security threats and measures) are produced, and the objectives and scope are fulfilled.
Cyber Security Specific Scopes
Looking at how the main aim of a cyber security program is to protect the organization from cyber security threats, the scope of the program can be defined in three simple sets of actions; namely, preventive, responsive, and corrective actions.
1. Preventive Actions
Prevention is the best cure. When the organization develops preventive measures, it shields itself from potential attacks.
2. Responsive Actions
The organization develops procedures to allow efficient responses to cyber security attacks. An effective response strategy minimizes the associated impacts.
3. Corrective Actions
After the cyber security incident has been resolved, the organization needs to review its cyber security plan. Gaps and loopholes have to be identified and rectified to prevent a similar incident from occurring.
5.5.1 Cyber Security Specific Scope | 5.6 Scenario Development | 5.7.1 BCM Team Structure for CIR | 5.7.2 Cyber Security Team Structure |
5.8 BCM and Cyber Security Framework | 5.9 Relationships Between the BCM & CIR Structures | 5.10.1 Relook at Existing Structure and Initiatives | |
Competency-based Course |
Certification Course | ||
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 5 Project Management 5.5 Scope
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.