A BCP’s goal is to get the company back up and running as soon as possible. An ISCP includes a step by step process to contain, defend, and respond to IS security threats.
A business continuity plan refers to a plan implemented by the organization incase of a disaster. An information system contingency plan can be created and used to prepare for a quick recovery from an attack such as a ransomware that could impact an organization.
Hi Dhaval,
I like your question. However, they are actually very different. Disaster recovery should be a part of your business continuity plan, but your business continuity plan should encompass far more than just disaster recovery.
Business continuity refers to the ability of businesses to carry out their normal activities and function after unplanned events have occurred. On the other hand, a contingency plan refers to an actionable and defined plan that will be enacted if an identified business risk or unfortunate event occurs.
The most important step should be the need to identify the risks first. Contingency planning is a large-scale exercise, so hold brainstorming sessions with relevant stakeholders to identify and discuss potential risks.
The most important step in a contingency plan is conducting a risk assessment. In order to build the foundation of a contingency plan, an organization needs to identify their risks from low, medium, and high. This way, you can plan what the most critical process is for the business. Organizations can do table top exercise in order to know what to do in a real time scenario.
The first phase is mitigation. This occurs before a disaster. It is what you do to prepare and reduce the severity and frequency of potential disasters.
The phases in the NIST Incident response lifecycle are preparation, detection and analysis, containment, eradication and recovery, and lastly post-incident activity / lessons learned. The lessons learned initiate a new cycle to better prepare for future incidents.
Hello Dan,
There are multiple ways to ensure the business continuity plan is in place and working properly. One of the ways to identify that is through testing which would ensure the implementation of the business continuity plan is working properly and it will also identify if there there is anything needs to be updated to that plan.
An incident response plan can be described at large by the steps recommended by NIST: preparation, detection + analysis, containment + eradication + recovery, and lastly lessons learned.
An integrated log is a system of logging and gives a “behind the scene” view of integrations. This can identify troubleshooting integration issues. However, event correlation that takes data from either application logs or host logs and analyzes the data to identify relationships. Event correlation can help monitor an environment by sending alerts when a hardware fails, based on rules.
Various backup facilities can be “hot”, “warm” or “cold”. An organization will choose a particular facilities depending on the needs of the business the acceptable down-time when coming back online after an incident. A hot site would be ready instantly where a cold site would require much more effort and resources to get the business back to operational status.
A compensating control is a control put in place that does not follow the commonly accepted gold standard but still achieves an equal or better outcome. For example, having a single employee in charge of accepting cash payments, recording the deposit, and reconciling monthly financial reports does not follow the accepted control for separation of duties. A compensating control put in place would require that employee to have additional oversight, such as having a manager closely review and approve all reconciliations.
Hey Lauren,
The difference between then is business continuity training ensure the business could be operated during the incident and the incident response training ensure the team members are aware of the steps that would be require to take to effectively response to the incident and bring back the network to a normal state.
Why is there a differentiation between many different types of continuity planning? For example, as listed in NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems, there is: contingency planning, business continuity planning (BCP), continuity of operations planning (COOP), crisis communications planning, and more.
What is the difference between a business continuity plan and an information system contingency plan?
A BCP’s goal is to get the company back up and running as soon as possible. An ISCP includes a step by step process to contain, defend, and respond to IS security threats.
Hi Dhaval,
A business continuity plan refers to a plan implemented by the organization incase of a disaster. An information system contingency plan can be created and used to prepare for a quick recovery from an attack such as a ransomware that could impact an organization.
Hi Dhaval,
I like your question. However, they are actually very different. Disaster recovery should be a part of your business continuity plan, but your business continuity plan should encompass far more than just disaster recovery.
Business continuity refers to the ability of businesses to carry out their normal activities and function after unplanned events have occurred. On the other hand, a contingency plan refers to an actionable and defined plan that will be enacted if an identified business risk or unfortunate event occurs.
What’s the most important step in the contingency planning process?
The most important step should be the need to identify the risks first. Contingency planning is a large-scale exercise, so hold brainstorming sessions with relevant stakeholders to identify and discuss potential risks.
The most important step in a contingency plan is conducting a risk assessment. In order to build the foundation of a contingency plan, an organization needs to identify their risks from low, medium, and high. This way, you can plan what the most critical process is for the business. Organizations can do table top exercise in order to know what to do in a real time scenario.
Disasters can happen at any time. What is the first part of the disaster management cycle to consider?
The first phase is mitigation. This occurs before a disaster. It is what you do to prepare and reduce the severity and frequency of potential disasters.
What are the phases of the incident response lifecycle?
The phases in the NIST Incident response lifecycle are preparation, detection and analysis, containment, eradication and recovery, and lastly post-incident activity / lessons learned. The lessons learned initiate a new cycle to better prepare for future incidents.
How to ensure the implementation of business continuity plan?
Hello Dan,
There are multiple ways to ensure the business continuity plan is in place and working properly. One of the ways to identify that is through testing which would ensure the implementation of the business continuity plan is working properly and it will also identify if there there is anything needs to be updated to that plan.
What are the steps to a Cyber Incident Response Plan?
An incident response plan can be described at large by the steps recommended by NIST: preparation, detection + analysis, containment + eradication + recovery, and lastly lessons learned.
What are integrated logs and how does event correlation help monitor an environment?
An integrated log is a system of logging and gives a “behind the scene” view of integrations. This can identify troubleshooting integration issues. However, event correlation that takes data from either application logs or host logs and analyzes the data to identify relationships. Event correlation can help monitor an environment by sending alerts when a hardware fails, based on rules.
What are the different types of Data Backup Facilities and when might each be useful?
Hi Patrick,
Various backup facilities can be “hot”, “warm” or “cold”. An organization will choose a particular facilities depending on the needs of the business the acceptable down-time when coming back online after an incident. A hot site would be ready instantly where a cold site would require much more effort and resources to get the business back to operational status.
Kelly
What does a complete BCP need?
What are examples of compensating controls?
A compensating control is a control put in place that does not follow the commonly accepted gold standard but still achieves an equal or better outcome. For example, having a single employee in charge of accepting cash payments, recording the deposit, and reconciling monthly financial reports does not follow the accepted control for separation of duties. A compensating control put in place would require that employee to have additional oversight, such as having a manager closely review and approve all reconciliations.
What is the difference between business continuity training and incident response training?
Hey Lauren,
The difference between then is business continuity training ensure the business could be operated during the incident and the incident response training ensure the team members are aware of the steps that would be require to take to effectively response to the incident and bring back the network to a normal state.
Why is there a differentiation between many different types of continuity planning? For example, as listed in NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems, there is: contingency planning, business continuity planning (BCP), continuity of operations planning (COOP), crisis communications planning, and more.
How often should the Contingency Plan be reviewed and updated?
What is the acceptable Maximum Tolerable Down Time for Incident response that cuts across all sectors?