Cyber crisis management
Readiness, response, and recovery
Most organizations have therefore developed some level of cyber incidence response (CIR) capabilities. Yet those capabilities, which are often weighted toward short-term responses and IT issues, may fail to address all impacts of a cyber incident and keep it from reaching crisis proportions.
Secure, vigilant, and resilient
In pursuing cybersecurity, an organization should strive to become:
A secure organization prioritizes the value of digital assets, with a focus on what matters most to the organization. All data is not created equal, nor is it practical or possible to provide complete security for all data. By prioritizing the value of digital assets, management can allocate resources according to the value of the assets, with the goal of obtaining a level of security that corresponds to their value.
Vigilance demands that everyone be aware of how they could expose the organization to cyber risk through their devices, social media, and online conduct. A vigilant approach rests on gathering threat-related intelligence and gauging the range of threats that could harm the organization. This information also informs cyberthreat monitoring. In addition, policy development, training, and accountability regarding cyber incidents each play a key role in maintaining vigilance.
A resilient organization aims to minimize the impact of an incident on its stakeholders while quickly restoring operations, credibility, and security. Rapid detection of cyber incidents and well-structured recovery plans can usually limit damage. Recovery plans should designate clear roles, responsibilities, and actions to mitigate damage and reduce future risk, remediate the situation, and return to normal operations.