Book:Comprehensive Guide to Developing and Implementing a Cybersecurity Plan/Develop and create the cybersecurity plan/Review progress

From LIMSWiki
Jump to navigationJump to search

5.10 Review progress

Cybersecurity Controls - Lunch N' Learn Session (37382400940).jpg

5.10.1 Monitor and assess the effectiveness of security controls

The planning is in the rear-view mirror, the implementation is complete, and your organization is nestled behind a warm layer of technological and process-based security. Pat yourselves on the back and call it "mission accomplished," right? Well, not quite. The mission of cybersecurity is never-ending, as is the adaptation and assault of cyber criminals. The final component of a successful cybersecurity plan involves monitoring and assessing the effectiveness of the plan, and updating it when necessary. This is where those performance indicators (5.4) you developed truly come into play. Based on your cybersecurity goals and objectives, those performance indicators are tied to monitoring systems, audit controls, and workflow processes. Questions worth asking include[1][2][3]:

  • Do the indicators seem to be measuring what your organization intended?
  • Are trends accurately being identified out of the data, or is the data simply confounding?
  • Are the detection settings doing their job, or are attacks getting through that shouldn't be?
  • Are appropriate cybersecurity test procedures and tools implemented and used by qualified personnel?
  • Is enough data being captured and documented?
  • Are emails and alerts actually being received and acted upon?
  • Are too many false positives being generated?

5.10.2 Review how to capture and incorporate corrective action procedures and results

By seeking and blundering we learn. - Johann Wolfgang von Goethe

Your organization has sought out being more aware of cybersecurity issues and has enacted a plan and controls to fight against various cybersecurity threats. Yet during that process your organization has also hopefully learned that no one is 100 percent secure. Incidents happen. Control settings get overlooked. Attack vectors change. When these issues come up, it takes more than fixing the problem to improve a process or system. The incident, overlooked process, or new knowledge must be analyzed, documented, and disseminated in order for everyone to learn and improve. This is why the organization must—in addition to monitoring and assessing the plan's effectiveness—document occasions of "blundering" and incorporate any new observations or lessons (e.g., using an after-action report) back into the current plan.[4] Which leads to...

5.10.3 Determine how often to review and update the cybersecurity plan

How often should you review and update this labor of love and sacrifice your organization has developed? Some may argue that an annual review of the cybersecurity plan is enough, while others may insist such a review be biannual. In the end, the time frame will largely be an organizational decision that also could be revised over time based upon the results of your performance indicators and monitoring activities. What's important is that you 1. decide how often to review it, 2. declare who will be in charge of the review, 3. determine how and what opinions and data from stakeholders will be incorporated, and 4. how any changes will be disseminated into documentation and training programs.

5.10.4 Determine external sources for “lessons learned” and how to incorporate them for improving cybersecurity strategy

Your organization now recognizes the importance of incorporating after-action reports and internal lessons learned into the existing cybersecurity plan. But we don't only learn from our own "blundering." You're not operating in a vacuum; other businesses are out there having the same types of successes and failures. What have they learned, and what have they improved? Determine what outside sources you should look towards for said lessons. Most likely this will involve looking to events that transpired in your industry, e.g., clinical laboratories looking to the healthcare industry and retailers looking to other retail security failures. In the healthcare realm, Healthcare IT News has been tracking and conglomerating cybersecurity news, videos, inforgraphics, and projects for several years now. In the industrial world, Nozomi Metworks has been doing a respectable job of conglomerating cybersecurity news in multiple languages. In particular, focus on incorporating lessons learned that address an obvious gap in your cybersecurity infrastructure and plan.


  1. Downing, K. (December 2017). "AHIMA Guidelines: The Cybersecurity Plan" (PDF). American Health Information Management Association. Archived from the original on 19 January 2022. Retrieved 21 March 2023. 
  2. Lebanidze, E. (2011). "Guide to Developing a Cyber Security and Risk Mitigation Plan" (PDF). National Rural Electric Cooperative Association, Cooperative Research Network. Retrieved 21 March 2023. 
  3. Lago, C. (10 July 2019). "How to implement a successful cybersecurity plan". CIO. IDG Communications, Inc. Retrieved 21 March 2023. 
  4. Cadmus Group, LLC (30 October 2018). "Cybersecurity Strategy Development Guide" (PDF). National Association of Regulatory Utility Commissioners. Retrieved 21 March 2023. 

-----Go to the next chapter of this guide-----

Citation information for this chapter

Chapter: 5. Develop and create the cybersecurity plan

Title: Comprehensive Guide to Developing and Implementing a Cybersecurity Plan

Edition: Second

Author for citation: Shawn E. Douglas

License for content: Creative Commons Attribution-ShareAlike 4.0 International

Publication date: March 2023