Mitigation and Response Strategies for Cybersecurity Incident Response (CIR)
This article discusses the various preventive, mitigation, and response strategies organizations can adopt to effectively manage cyber security incidents. To ease the spelling of the entire term, this heading is shortened to "CIR BC Strategies" or "Cybersecurity Incident Response Business Continuity Strategy."
This is to ensure that CBFs, identified in the BCM process can continue their operations smoothly upon disrupting information assets. Prevention or mitigation is always the best practice for all organizations.
However, organizations should not devote all of their attention and resources to strengthening the organizations’ mitigation capabilities, as the response component should also be emphasized. A fair share of resources has to be allocated to executing CIR procedures when a cyber security threat breaches the organization's cyber security defences.
7.2 Business Continuity Strategies
Business Continuity Strategy or BCS is the strategy implemented by the organization to ensure that CBFs can continue smooth operations (Goh, 2009) during a disaster. Depending on the established RTO of the CBFs, the organization will select the appropriate strategies to ensure minimal downtime of the CBFs is minimal. Hence, the impacts suffered by the organization are as low as possible.
7.3 CIR Versus BCM Life Cycle
The figure below shows the relationships between the processes in BCM and CIR. As a BCM personnel, it is easier to understand the necessary processes required to be taken for effective cyber security incident management.
CIR Versus BCM Life Cycle
concerning BCM processes is drawn. At the same time, BCM personnel do not need to dedicate additional time and resources separately to develop a CIR plan; during BCM practices, elements of CIR planning can be incorporated.
7.4 Cyber Security Kill Chain
A kill chain describes the various stages of a cyber security attack. The stages, as shown in Figure below, start with the cybercriminal first gathering intelligence on the target.
Cyber Security Kill Chain (Lockheed Martin, 2017)
Information about the organization can be found on the Internet, including email addresses and phone numbers. From the information collected, the adversary creates forms of malware (Engel, 2014) that they believe to be capable of breaking the defences set up by the organization to gain unauthorized access to its systems.
The developed malware is delivered to the victim through common attack vectors such as email or unpatched software, which will be installed onto the IT infrastructures without notice. The malware is activated to perform the cyber security attack to fulfil the adversary’s goals.
7.5 Prevention/ Mitigation
Preventing cyber security attacks is the most desirable outcome for organizations. Not only does it prove that the security controls implemented can secure and protect the organization’s information assets, but more importantly, it minimizes or reduces damages to be suffered by the organization.
As shown in the Figure below, preventive or mitigation measures focus on these areas: people, processes, policies, and infrastructure.
Component of Prevention/ Mitigation
These four components are found within every organization. Without proper management of these components, they generate vulnerabilities that cybercriminals can exploit to launch a successful cybersecurity attack.
Therefore, preventive or mitigation measures can be deployed on these components to eliminate the potential of a successful cyber security attack being launched.
Component of Prevention/ Mitigation CIR BC Strategies
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 7 Developing Mitigation and Response Strategies 7.1 Introduction to 7.5 Prevention/ Mitigation
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.