Cybersecurity Series
Cyber Security_Blog_with Book

CIR BCS Mitigation and Response CIR BC Strategies

This article discusses the various preventive, mitigation, and response strategies organizations can adopt to effectively manage cyber security incidents.

This is to ensure that CBFs, identified in the BCM process can continue their operations smoothly upon disrupting information assets. Prevention or mitigation is always the best practice for all organizations.

However, organizations should not devote all of their attention and resources to strengthening the organizations’ mitigation capabilities, as the response component should also be emphasized.

A fair share of resources has to be allocated to executing CIR procedures when a cyber security threat breaches the organization's cyber security defences.

Reference: Chapter 7 Developing Mitigation and Response Strategies 7.1 Introduction to 7.5 Prevention/ Mitigation

Moh Heng Goh

Banner 6 V3

Mitigation and Response Strategies for Cybersecurity Incident Response (CIR)

 

New call-to-actionThis article discusses the various preventive, mitigation, and response strategies organizations can adopt to effectively manage cyber security incidents.  To ease the spelling of the entire term, this heading is shortened to "CIR BC Strategies" or "Cybersecurity Incident Response Business Continuity Strategy."

This is to ensure that CBFs, identified in the BCM process can continue their operations smoothly upon disrupting information assets. Prevention or mitigation is always the best practice for all organizations.

However, organizations should not devote all of their attention and resources to strengthening the organizations’ mitigation capabilities, as the response component should also be emphasized. A fair share of resources has to be allocated to executing CIR procedures when a cyber security threat breaches the organization's cyber security defences.

7.2 Business Continuity Strategies

New call-to-actionBusiness Continuity Strategy or BCS is the strategy implemented by the organization to ensure that CBFs can continue smooth operations (Goh, 2009) during a disaster. Depending on the established RTO of the CBFs, the organization will select the appropriate strategies to ensure minimal downtime of the CBFs is minimal. Hence, the impacts suffered by the organization are as low as possible.

7.3 CIR Versus BCM Life Cycle

The figure below shows the relationships between the processes in BCM and CIR. As a BCM personnel, it is easier to understand the necessary processes required to be taken for effective cyber security incident management.

Life Cycle_v2CIR Versus BCM Life Cycle

concerning BCM processes is drawn. At the same time, BCM personnel do not need to dedicate additional time and resources separately to develop a CIR plan; during BCM practices, elements of CIR planning can be incorporated.

7.4 Cyber Security Kill Chain

A kill chain describes the various stages of a cyber security attack. The stages, as shown in Figure below, start with the cybercriminal first gathering intelligence on the target.

 

Cyber Kill _v2

Cyber Security Kill Chain (Lockheed Martin, 2017)

Information about the organization can be found on the Internet, including email addresses and phone numbers. From the information collected, the adversary creates forms of malware (Engel, 2014) that they believe to be capable of breaking the defences set up by the organization to gain unauthorized access to its systems.

The developed malware is delivered to the victim through common attack vectors such as email or unpatched software, which will be installed onto the IT infrastructures without notice. The malware is activated to perform the cyber security attack to fulfil the adversary’s goals.

7.5 Prevention/ Mitigation

Preventing cyber security attacks is the most desirable outcome for organizations. Not only does it prove that the security controls implemented can secure and protect the organization’s information assets, but more importantly, it minimizes or reduces damages to be suffered by the organization.

As shown in the Figure below, preventive or mitigation measures focus on these areas: people, processes, policies, and infrastructure.

CIR Prevention Infrastructure-Policies-People-Processes

Component of Prevention/ Mitigation

These four components are found within every organization. Without proper management of these components, they generate vulnerabilities that cybercriminals can exploit to launch a successful cybersecurity attack.

Therefore, preventive or mitigation measures can be deployed on these components to eliminate the potential of a successful cyber security attack being launched.

Component of Prevention/ Mitigation CIR BC Strategies

BACK TO: Mitigation and Response Strategies  CIR BC Strategies for Infrastructure CIR BC Strategies for People CIR BC Strategies for Policy
New call-to-action New call-to-action New call-to-action New call-to-action

CIR BC Strategies for Process

CIR BC Strategies: Respond CIR BC Strategies: Recover CIR BC Strategies: Defence Lines
New call-to-action New call-to-action New call-to-action New call-to-action

 

 

BCMI LogoDo You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 7 Developing Mitigation and Response Strategies 7.1 Introduction to 7.5 Prevention/ Mitigation

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

 

Comments:

More Posts

New Call-to-action