Stanford University.
J Bus Contin Emer Plan. 2024 Jan 1;18(1):49-58.
While a natural disaster or related threat may impact an organisation at some point, it is more likely (even inevitable) that it will be the victim of a cyber attack. The solution to being better prepared for these imminent attacks is to undertake more lightweight and frequent incident response (IR) exercises to help build capabilities and community through a tighter, recurring cycle of planning, conducting and assessing. To boost the facilitation of IR exercises, organisations must leverage the established relationships between business continuity management (BCM) or resilience staff (both of which are familiar with business continuity and disaster recovery exercises), and their information security office. As BCM will ultimately be involved in response and recovery after a cyber attack, it is intuitively more effective to collaborate with BCM in advance. Indeed, it has been substantiated that BCM engagement improves incident response time and reduces incident response costs. This paper concludes that involving BCM or resilience departments in IR exercises contributes to more effective responses to actual incidents.
虽然自然灾害或相关威胁可能在某个时候影响到组织,但更有可能(甚至不可避免)的是,组织将成为网络攻击的受害者。为了更好地为这些迫在眉睫的攻击做好准备,解决办法是进行更多轻量级和频繁的事件响应(IR)演练,通过更紧密、定期的规划、执行和评估周期来帮助建立能力和社区。为了促进 IR 演练的顺利进行,组织必须利用业务连续性管理(BCM)或弹性部门(两者都熟悉业务连续性和灾难恢复演练)与其信息安全办公室之间已经建立的关系。由于 BCM 将最终参与网络攻击后的响应和恢复,因此预先与 BCM 合作更具直观效果。事实上,已经证实,BCM 的参与可以提高事件响应时间并降低事件响应成本。本文得出的结论是,让 BCM 或弹性部门参与 IR 演练有助于对实际事件做出更有效的响应。
