In the next four chapters, we’re going to do a deep dive into the entire process of preparing for, responding to, recovering from, and learning from cyber incidents. A passage Bill writes in Chapter 17 is worth previewing here: While it’s helpful to break the entire incident response discipline into a series of discrete phases so that each can be described individually to assist with training and the command and control of response activities, it is rarely clear-cut when one process ends, and the next begins. There is often significant overlap, and as new information emerges, it is usually necessary to revisit a phase previously thought completed. For instance, while in recovery, monitoring activity may detect the presence of indicators of compromise identified for the current cyber incident and that may send you all the way back to the containment phase.
At times, the material we present over the 12 essays that make up these next four chapters, that overlap will become apparent not just within the activities of responding to the specific event, but over the entire set of disciplines we cover.
In Chapter 14 we look at the close relationship between business continuity planning and your strategy for becoming a cyber-resilient organization. Each of the three authors ties these two critical business processes together and emphasizes the importance of understanding what is fundamental to the business.
Bill discusses backup and recovery planning. He challenges the reader to factor into their backup planning the traditional elements of business continuity planning while considering vital new dimensions. These new dimensions include accommodating new service delivery models such as cloud computing and new attack methods such as ransomware in our models.
Matt emphasizes the importance of executive and board-level engagement. From understanding the organization’s core priorities and tying those to the appetite for risk to making sure the board understands how the BCP / DR strategy seeks to manage and mitigate that risk, Matt shows how ultimately it is about business strategy. A key way that the CISO drives this engagement is by making sure that the security program and security architecture should be reflective of organizational priorities as captured in BCP tools such as the BIA. Ensuring that the organization is a going concern is the ultimate responsibility of the board.
Gary reminds us of the impact that cyber incidents can have, including outcomes like disruptions to business continuity and reputation damage. Significant events can translate to disappointed customers, lost jobs, and hard monetary costs that can leave an organization reeling. He then helps the reader construct a plan by building on many of the lessons from previous chapters and showing how the pieces fit together.
Some of the questions the authors used to frame their thoughts for this chapter include:
|· What is a Business Continuity Plan (BCP) and what are the steps to create one?
· What critical components should a Disaster Recovery Plan (DRP) include to be effective?
· What value does the CISO’s security program receive from the organization’s Business Continuity Plan and its associated Disaster Recovery Plan?
Copyright © 2016, 2018 CISO DRG JV – All Rights Reserved.