Why are management actions Prior to Cyber Attack important?

Written By Todd Mitchell

After a cyberattack, the organizational decision making and response to the attack is critical to getting the organization through the incident and back to normal business after the attack.  Your options are limited because it already happened. As a cybersecurity expert I strongly recommend having a plan prior to the attack. For example, after an automobile accident is not the time to decide you should have had insurance in place, or you really should have had a second car as a backup vehicle.

Disaster recovery is the actions taken to bring operations back to normal (Bigdoli, 2006). Business continuity is the actions taken to continue business operations while the recovery is occurring. The main difference is that the business continuity may only restore critical operations not full functionality.

Cold, warm and hot sites are elements of a business continuity plan. An organization must decide which one to use based on operations. Cold site requires more time to set up. Warm sites can be stood up faster but still require some work to be functional. Hot sites are basically up and running instantly but are very expensive to maintain.

Prior to an attack management should have a well-documented plan for recovery if an incident occurs. Computer security incident response policy and plan must detail guidelines for communicating the incident, identifying a team to handle the incident, and training the response team.

Incidents should be prioritized based on the relevant factors, such as the functional impact of the incident (e.g., current and likely future negative impact to business functions), the information impact of the incident (e.g., effect on the confidentiality, integrity, and availability of the organization’s information), and the recoverability from the incident (e.g., the time and types of resources that must be spent on recovering from the incident).

References

Bigdoli, H. (2006). Guidelines for a comprehensive security system. In H. Bidgoli (Ed.), Handbook of information security (Vol. 3). New York, NY: John Wiley & Sons.

Grance, T., Kent, K., & Kim, B. (2004). Computer security incident handling guide [electronic resource] : recommendations of the National Institute of Standards and Technology / Tim Grance, Karen Kent, Brian Kim. [Gaithersburg, Md.] : U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology ; Washington, DC : For sale by the Supt. of Docs., U.S. G.P.O., [2004].

Todd Mitchell
Previous

Why do I need a Business Continuity Plan?
Next

Get Cybersecurity4biz on your team!