Continuity plans are aligned with identified risks and the organisation’s threat profile (THREAT-2e) to ensure coverage of identified risk categories and threats
Context and Guidance: When developing continuity plans, the organisation should review the function’s risk categories and threat profile to help ensure that continuity plans are developed for all potential types of cyber incidents. To align continuity planning with the threat profile, organisations should review the targeted assets, objectives, and attack methods that may be employed by threat actors and adjust continuity scenarios to address potential impacts from cybersecurity threats. For example, the threat profile might describe a feasible scenario in which manufacturing control systems are compromised and destructive malware is deployed that causes physical damage to specialised manufacturing equipment. A continuity plan would be developed that contained all the actions necessary to recover the control systems, initiate repair or replacement of the manufacturing equipment affected, and sustain manufacturing operations as much as possible during the disruption.
Related Practices • Dependency: Implementing this practice depends upon prior implementation of THREAT-2e. • Input From: Implementing RISK-2a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-4a, RESPONSE-4d, RESPONSE-4e, RESPONSE-4f, RESPONSE-4g, RESPONSE-4m, RESPONSE-4p.