Cybersecurity Series
Cyber Security_Blog_with Book

CIR PM Scenario Development for Cybersecurity Incident Response

For the organization to achieve the developed scope, it must develop critical scenarios to simulate how the cyber security attack will attack the organization.

Hence, they have an idea of how to prepare and respond appropriately.

Reference: Chapter 5 Project Management 5.6 Scenario Development

Moh Heng Goh

Scenario Development for Cybersecurity Incident Response

For the organization to achieve the developed scope, it must develop critical scenarios (Goh, 2008c) to simulate how the cyber security attack will attack the organization. Hence, they have an idea of how to prepare and respond appropriately.

There is a myriad of ways that a cybercriminal can utilize to attack an organization. Hence it is impossible to plan and account for all of them.

However, the team must acknowledge it as a threat, and there is a possibility it might occur. This requires input from the risk analysis and review phase to determine associated impacts with the respective threats to develop a scenario.

1. Denial of Facilities

A situation where the staff of an organization is denied access to their technological infrastructures. Such cases would involve computers, printers, or machinery being completely inoperable.

From this scenario, the organization can decide what mitigation measures to install onto their technological infrastructures to prevent them from being attacked. If the attack proceeds, the organization must know how to make these facilities operable again so that business functions can resume.

Based on a possible cyber security attack scenario, a power grid for a specific region could be sabotaged. Hence, denying access to a facility is due to the lack of power supply.


2. Denial of People

This situation does not necessarily involve cyber security as it is the employees affected instead of the technological aspect of the organization.

However, the employees monitor and detect potential cyber security attacks and execute response procedures should an attack occur. If the employees are unavailable to perform these duties, the impacts suffered can be detrimental due to the lack of workforce to handle the situation.

This scenario is unlikely, but it will be advisable to put it down. Therefore, the human resource department needs to ensure that there should be backup personnel (internal or external) for each person responsible for carrying out these duties.


3. Denial of IT

The organization's employees can get to work, and their computers or mobile devices work fine. However, operations are discontinued because IT services are down. Examples include the inability to use their applications, software, or network failure.

The organization needs to monitor these areas for possible attacks, carry out regular updates or patches and develop measures to recover them once they are down. Collaboration before any cyber security attack is crucial to create the necessary process to handle separate cyber security attacks.

Here, the organization may even consider losing data due to corruption, being encrypted by an attacker, or information leaking to the general public.

Depending on the severity of the attack, different recovery actions (often referred to in BCM as Business Continuity Strategy) can be taken by IT or the business units' team.

  • Carry out both routine and recovery operations at the same time;
  • Shift primary operations to the secondary location while certain personnel remains at the primary location to fix the issue;
  • Fall back to manual procedures;
  • Work from home;
  • Engage contracted third-party vendors for their provided services; and
  • Deploy assigned backup personnel.

Related Topics for CIR Project Management

5.5.1 Cyber Security Specific Scope 5.6 Scenario Development 5.7.1 BCM Team Structure for CIR 5.7.2 Cyber Security Team Structure
New call-to-action New call-to-action New call-to-action New call-to-action
5.8 BCM and Cyber Security Framework 5.9 Relationships Between the BCM & CIR Structures 5.10.1 Relook at Existing Structure and Initiatives  
New call-to-action New call-to-action C6 CIR Relook Structure and Initiatives New call-to-action

 


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 5 Project Management 5.6 Scenario Development

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

 

Comments:

 

 

More Posts

New Call-to-action