INVITATION TO CYBERSECURITY 118 to plan for reality than to live in a fantasy world. Expecting 100% success in cybersecurity is fantasy. Therefore, organizational leadership should expect that a day will come when they are informed of a cyber incident. When that day comes, they need to have a plan in place to handle it. Even though it will be a bad day no matter what, it will be a much worse day if they are panicking in the moment of crisis and scrambling to respond. Panic and urgency are not conducive to good decision making. Business continuity planning (BCP) is ensuring that a business can continue to operate in the wake of a disruption. BCP begins by performing a business impact analysis (BIA). A BIA is a method for determining how a cybersecurity incident will impact the organization. The BIA identifies all critical assets and conducts a risk assessment. Part of a BIA is calculating the maximum allowable downtime (MAD) for specific cyber assets. The MAD is the maximum amount of time an asset can be unavailable before the organization is severely impacted. For example, the MAD for the payroll system may be two weeks. If employees miss a paycheck, they may stop coming to work. So it may be determined that payroll can be delayed two weeks at most. Based on this information, the organization can determine what corrective controls need to be in place so that the business can continue operating even if an incident takes their payroll system offline. An example of a control would be a back-up payroll system that can be activated in an emergency. A major component of a BCP is a disaster recovery plan (DRP). A DRP is a formal document that details an organization’s incident response process. The DRP describes the major risks to an organization and their impact and the plans to respond and recover if the risks are realized. There are five phases to a DRP: respond, activate, communicate, assess, and reconstitute (see Table 5.8). Table 5.8 Example phases of a disaster recovery plan. As an example, organizational leadership might imagine the following scenario: an employee comes into work over a holiday and is the first person in the office. When he turns
RkJQdWJsaXNoZXIy MTM4ODY=