|
|
| Line 1: |
Line 1: |
| [[File:Micro Data Center.jpg|right|300px]]In the previous section, we discussed transparently and effectively communicating the details of a cybersecurity incident, as part of a communications plan. As it turns out, those communications also play a role in developing a recovery and continuity plan, which in turn helps limit the effects of a cyber incident. However, some planners end up confusing terminology, using "incident response" in place of either "business continuity" or "disaster recovery." While unfortunate, this gives you an opportunity to address both.
| | A lot of this material has already been developed as part of your overall cybersecurity plan, but it is all relevant to developing incident response plans. Having the list of technological components and their criticality will help you create the organizational hierarchy of the various aspects of your incident response and business continuity plans. Having the formal recovery processes in place beforehand allows your organization to develop training exercises around them, increasing preparedness. Application dependency mapping allows you to "understand risk, model policy, create mitigation strategies, set up compensating controls, and verify that those policies, strategies, and controls are working as you intend to mitigate risk."<ref name="KirnerTime17">{{cite web |url=https://www.illumio.com/blog/security-evolution-application-mapping |archiveurl=https://web.archive.org/web/20191204160526/https://www.illumio.com/blog/security-evolution-application-mapping |title=You need a map to evolve security |work=Time for a {r}evolution in data center and cloud security |author=Kirner, P.J. |publisher=Illumio |date=09 August 2017 |archivedate=04 December 2019 |accessdate=23 July 2020}}</ref> Knowing who's in charge of what aspect of recovery ensures a more rapid approach. And having a communication and information sharing strategy in place helps to limit rumors and transparently relate what happened, what's being done, and what the future looks like after the cyber incident. |
| | |
| A cybersecurity incident response plan is a plan that focuses on the processes and procedures of managing the consequences of a particular cyber attack or other such incident. Traditionally, this plan has been the responsibility of the IT department and less the overall business. On the other hand, a business continuity plan is a plan that focuses on the processes and procedures of managing the consequences of any major disruption to business operations across the entire organization. A disaster recovery plan is one component of the business continuity plan that specifically addresses restoring IT infrastructure and operations after the major disruption. The business continuity plan looks at natural disasters like floods, fires and earthquakes, as well as other events, and it's usually developed with the help of management or senior leadership.<ref name="KrasnowCyber17">{{cite web |url=https://www.irmi.com/articles/expert-commentary/cyber-security-event-recovery-plans |title=Cyber-Security Event Recovery Plans |author=Krasnow, M.J. |publisher=International Risk Management Institute, Inc |date=February 2017 |accessdate=23 July 2020}}</ref><ref name="LindrosHowTo17">{{cite web |url=https://www.cio.com/article/2381021/best-practices-how-to-create-an-effective-business-continuity-plan.html |title=How to create an effective business continuity plan |author=Lindros, K.; Tittel, E. |work=CIO |publisher=IDG Communications, Inc |date=18 July 2017 |accessdate=23 July 2020}}</ref>
| |
| | |
| All of these plans have utility, but consider linking your cybersecurity incident response plan with your new or existing business continuity plan. You may garner several benefits from doing so. In fact, some experts already view cyber incident response "as part of a larger business continuity plan, which may include other plans and procedures for ensuring minimal impact to business functions."<ref name="KrasnowCyber17" /><ref name="LindrosHowTo17" /><ref name="EwingFourWays17">{{cite web |url=https://deltarisk.com/blog/4-ways-to-integrate-your-cyber-security-incident-response-and-business-continuity-plans/ |title=4 Ways to Integrate Your Cyber Security Incident Response and Business Continuity Plans |author=Ewing, S. |publisher=Delta Risk |date=12 July 2017 |accessdate=23 July 2020}}</ref> Stephanie Ewing of Delta Risk offers four tips in integrating cybersecurity incident recovery with business continuity. First, she suggests using a similar process approach to creating and reviewing your plans, including establishing an organizational hierarchy of the plans for improved understanding of how they work together. Second, Ewing notes that both plans speak in terms of incident classifications, response thresholds, and affected technologies, adding that it would be advantageous to share those linkages for consistency and improved collaboration. Similarly, linking the experience of operations in developing training exercises and drills with the technological expertise of IT creates a logical match in efforts to test both plans. Finally, Ewing examines the tendency of operations teams to use different communications tools and language than IT, creating additional problems. She suggests removing the walls and silos and establishing a common communication between the two planning groups to ensure greater cohesion across the enterprise.<ref name="EwingFourWays17" />
| |
| | |
| For the specifics of what should be contained in your recovery and continuity planning, you may want to turn to reference works such as ''[https://books.google.com/books?id=DXhvDwAAQBAJ&printsec=frontcover Cybersecurity Incident Response]'', as well as existing incident response plans (e.g., [https://www.it.miami.edu/_assets/pdf/security/cyber-security-incident-response-guide.pdf University of Miami]) and [https://www.irmi.com/articles/expert-commentary/cyber-security-event-recovery-plans expert advice].
| |
|
| |
|
| ==References== | | ==References== |
| {{Reflist|colwidth=30em}} | | {{Reflist}} |
A lot of this material has already been developed as part of your overall cybersecurity plan, but it is all relevant to developing incident response plans. Having the list of technological components and their criticality will help you create the organizational hierarchy of the various aspects of your incident response and business continuity plans. Having the formal recovery processes in place beforehand allows your organization to develop training exercises around them, increasing preparedness. Application dependency mapping allows you to "understand risk, model policy, create mitigation strategies, set up compensating controls, and verify that those policies, strategies, and controls are working as you intend to mitigate risk."[1] Knowing who's in charge of what aspect of recovery ensures a more rapid approach. And having a communication and information sharing strategy in place helps to limit rumors and transparently relate what happened, what's being done, and what the future looks like after the cyber incident.
References
