Continuity plans address potential impacts from cybersecurity incidents
Context and Guidance: Continuity plans address the most critical business functions of the organisation to ensure they continue during different types of emergencies. Therefore, to help ensure that continuity plans cover all the actions that need to be taken when certain types of cyber incidents occur, identify types of incidents that might realistically happen to your organisation and cause significant disruption. Sources of information may include threat profile information, past incidents, current attack trends, vulnerability information, and cybersecurity alerts. Analysis techniques such as research, brainstorming, subject matter expert interview, and threat modeling may then be applied to identify the likely impacts of those incidents. Impact descriptions should name specific assets that would be affected by each type of incident. Develop as many continuity plans as needed to describe the actions that would need to be taken to deal with potential impacts and sustain operations during the disruption.
Related Practices • Input From: Implementing RISK-3c provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-4a, RESPONSE-4d, RESPONSE-4e, RESPONSE-4f, RESPONSE-4g, RESPONSE-4m, RESPONSE-4p.