It is noted that specific roles require certain traits, which facilitate the development and performance of the previously mentioned processes and functions. These are some of the views on skill set acquisition.
It includes the professionals being able to "look forward," "communicate effectively," and "Upgrade themselves to be competent".
The team members must be strategic to protect their technological infrastructure well. Technologies are constantly evolving, leading to advancements in the complexity of cyber security threats and the development of new security measures.
Hence, members must be aware of these changes and prepare accordingly.
The team members must communicate effectively with one another and stakeholders/clients. The effective exchange of information is necessary within the organization to facilitate the development of the cyber security program.
This applies to communicating with Senior Management or peers.
The team members must be equipped with the latest technical skills and knowledge to immediately assess the current situation and identify technical issues to resolve.
Effective cyber security management is not easy for any organization to maintain. There will be incidents, there will be obstacles, there will be challenges both internal and external – and many of these challenges will impede an organization's ability to handle cyber security incidents efficiently.
However, proper guidance and a mindset of resilience first is the first step every organization should take to overcome the obstacles mentioned below. These are some of the critical initiatives to be implemented.
Many employees are unaware of the implications that cyber security threats pose. The team has to develop a culture that ensures that all employees are regularly updated and notified of the latest development in cyberspace.
Organizations utilize services from third-party vendors to carry out daily operations. They may not be directly under the organization, but cybercriminals can use them as a platform to attack the organization.
Therefore, the organization has to include these third-party vendors as part of the considerations during the development of the cyber security program.
Technology is ‘alive’; organizations have no fixed formula to prepare for cyber security threats. Furthermore, technology is constantly updating, and an organization can't plan for every situation.
Lastly, the need to work closely with the BCM team on the reduction and response strategy when an organization requires a CIR plan. The team responsible for cyber security needs to understand how the BCM team continues (recover, resume, restore and return) the CBFs of the organization when the IT resources are denied access due to a cyber security incident or attack.
Type of Coverage by IT Team | Team Composition | Maintain Strong Cybersecurity Processes and Functions | Skill Sets and Long-Term Challenges | Back To: Team Handling CIR |
Competency-based Course |
Certification Course | ||
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 3 What Are the Typical IT Teams Handling Security for IT? 3.6 Skill Sets and 3.7 Challenges
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.