The Institute of Forensics and ICT Security (IFIS) has been providing training to organizations in setting up an effective Business Continuity and Disaster Recovery plan (BCP/DR) as an overall coverage for contingency planning. Experience has shown that organizations do not include procedures for handling a BCP/DR training and those organizations that had these plans, they didn’t include procedures for a cyberattack indicating a gap in the knowledge and importance of contingency planning.
The purpose of any contingency plan is to let an organization recover and maintain daily operations as quickly as possible after an unpredicted event. The plan protects resources, minimizes customer inconvenience and identifies key staff, assigning specific responsibilities in the context of the recovery. BCP/DR Plans should consider not only how to respond to disasters such as fires and floods, but also how to respond to cyberattacks.
BCP/DR for cybersecurity
BCP/DR plans are critical to protecting the availability, integrity, and security of data during unexpected antagonistic events.
Cyberattacks using malicious software such as ransomware may render an organization’s data unreadable or unusable. In the event data is compromised due to a cyberattack, restoring the data from backups may be the only option to recover the data and restore normal business operations.
What Does a cybersecurity BCP/DR do?
A BCP/DR plan is focused on the steps to respond and recover operations in the event of an emergency or other disruption to normal operations. Its major aims are to guarantee:
- the containment of damage or injury to, or loss of, property, personnel, and data; and
- the continuity of the key operations of the organization.
What does a good Cybersecurity BCP/DR plan entail?
- Disaster Recovery Plan (DRP): This is focused on restoring an organization’s protected confidential data.
- Business Continuity Plan (BCP): This plan is focused on maintaining and protecting critical functions that protect the security of protected confidential data.
- Data Backup Plan (DBP): As part of the BCP, this plan is fixated on regularly copying protected data to ensure it can be restored in the event of a loss or disruption.
What to Address as Part of an organization’s BCP/DR Cybersecurity Plan
- Applications and Data Criticality Analysis: This analysis is focused on recognizing what applications and data are critical for the contingency plan.
- Testing and Revisions: This is focused on testing your contingency plan and revising any identified deficiencies before disaster strikes.
Key Steps on the road to Cybersecurity BCP/DR Planning:
- Make a Cybersecurity BCP/DR policy as part of the organization’s overall BCP/DR plan. A formal policy signed and approved by the board and guidance necessary to develop an effective plan is the first step is making contingency planning part and parcel of the organization.
- Identification of critical systems. Knowing what systems and data are critical to operations will help prioritize contingency planning and minimize losses to the organization. In this step, you have to look at the critical organization resources like servers.
- Identify Risks, Threats and Preventative Controls. There is a need to perform a risk analysis to identify the various risks that your organization may face and identify what has the potential to significantly disrupt or harm your operations and data.
This actually links to the organizations risk management plan. The need for contingency plans appears as a result of a thorough and accurate analysis of the risks that your organization faces. The end result of a risk analysis can provide a list of potential threats, risks, and preventative controls. Prioritization of critical systems and information will help identify where to focus planning efforts.
- Create Contingency Procedures: Establish the specific guidelines, parameters, and procedures when enacting the contingency plan and for the recovery of systems and data. Here’s where the Disaster Recovery Plan, Business Continuity Plan and Data Backup Plan will fill in the all-encompassing contingency plan. As these plans are made, the following should be put in mind:
- The goal is to maintain critical operations and minimize loss.
- Define time periods – What must be done during the first hour, day, or week?
- Establish Plan Activation – What event(s) will cause the activation of the contingency plan? Who has the authority to activate the contingency plan?
- Use plain language – the plan should be understandable by all employees.
- Operationalize & Maintain the Plan. The final step is to integrate the plan into normal business operations. This can be done by;
- Communication and sharing the plan and roles and responsibilities with the organization.
- The organization should establish a testing (exercise) schedule for the plan, to identify gaps and ensure updates for plan effectiveness and increase organizational awareness.
- Review the plan on a regular basis and in situations when there are technical, operational, environmental, or personnel changes in the organization.
Don’t wait for a disaster to happen before designing and implementing a contingency plan. IFIS is here to help your organization in taking the necessary steps to get ready for such events. Don’t be ready, stay ready.