A BCP’s goal is to get the company back up and running as soon as possible. An ISCP includes a step by step process to contain, defend, and respond to IS security threats.
A business continuity plan refers to a plan implemented by the organization incase of a disaster. An information system contingency plan can be created and used to prepare for a quick recovery from an attack such as a ransomware that could impact an organization.
Hi Dhaval,
I like your question. However, they are actually very different. Disaster recovery should be a part of your business continuity plan, but your business continuity plan should encompass far more than just disaster recovery.
Business continuity refers to the ability of businesses to carry out their normal activities and function after unplanned events have occurred. On the other hand, a contingency plan refers to an actionable and defined plan that will be enacted if an identified business risk or unfortunate event occurs.
The most important step should be the need to identify the risks first. Contingency planning is a large-scale exercise, so hold brainstorming sessions with relevant stakeholders to identify and discuss potential risks.
The most important step in a contingency plan is conducting a risk assessment. In order to build the foundation of a contingency plan, an organization needs to identify their risks from low, medium, and high. This way, you can plan what the most critical process is for the business. Organizations can do table top exercise in order to know what to do in a real time scenario.
The first phase is mitigation. This occurs before a disaster. It is what you do to prepare and reduce the severity and frequency of potential disasters.
The phases in the NIST Incident response lifecycle are preparation, detection and analysis, containment, eradication and recovery, and lastly post-incident activity / lessons learned. The lessons learned initiate a new cycle to better prepare for future incidents.
Hello Dan,
There are multiple ways to ensure the business continuity plan is in place and working properly. One of the ways to identify that is through testing which would ensure the implementation of the business continuity plan is working properly and it will also identify if there there is anything needs to be updated to that plan.
An incident response plan can be described at large by the steps recommended by NIST: preparation, detection + analysis, containment + eradication + recovery, and lastly lessons learned.
An integrated log is a system of logging and gives a “behind the scene” view of integrations. This can identify troubleshooting integration issues. However, event correlation that takes data from either application logs or host logs and analyzes the data to identify relationships. Event correlation can help monitor an environment by sending alerts when a hardware fails, based on rules.
Various backup facilities can be “hot”, “warm” or “cold”. An organization will choose a particular facilities depending on the needs of the business the acceptable down-time when coming back online after an incident. A hot site would be ready instantly where a cold site would require much more effort and resources to get the business back to operational status.
A compensating control is a control put in place that does not follow the commonly accepted gold standard but still achieves an equal or better outcome. For example, having a single employee in charge of accepting cash payments, recording the deposit, and reconciling monthly financial reports does not follow the accepted control for separation of duties. A compensating control put in place would require that employee to have additional oversight, such as having a manager closely review and approve all reconciliations.
Hey Lauren,
The difference between then is business continuity training ensure the business could be operated during the incident and the incident response training ensure the team members are aware of the steps that would be require to take to effectively response to the incident and bring back the network to a normal state.
Why is there a differentiation between many different types of continuity planning? For example, as listed in NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems, there is: contingency planning, business continuity planning (BCP), continuity of operations planning (COOP), crisis communications planning, and more.
Dhaval Patel says
What is the difference between a business continuity plan and an information system contingency plan?
Madalyn Stiverson says
A BCP’s goal is to get the company back up and running as soon as possible. An ISCP includes a step by step process to contain, defend, and respond to IS security threats.
Victoria Zak says
Hi Dhaval,
A business continuity plan refers to a plan implemented by the organization incase of a disaster. An information system contingency plan can be created and used to prepare for a quick recovery from an attack such as a ransomware that could impact an organization.
kofi bonsu says
Hi Dhaval,
I like your question. However, they are actually very different. Disaster recovery should be a part of your business continuity plan, but your business continuity plan should encompass far more than just disaster recovery.
Bernard Antwi says
Business continuity refers to the ability of businesses to carry out their normal activities and function after unplanned events have occurred. On the other hand, a contingency plan refers to an actionable and defined plan that will be enacted if an identified business risk or unfortunate event occurs.
Madalyn Stiverson says
What’s the most important step in the contingency planning process?
Dan Xu says
The most important step should be the need to identify the risks first. Contingency planning is a large-scale exercise, so hold brainstorming sessions with relevant stakeholders to identify and discuss potential risks.
Victoria Zak says
The most important step in a contingency plan is conducting a risk assessment. In order to build the foundation of a contingency plan, an organization needs to identify their risks from low, medium, and high. This way, you can plan what the most critical process is for the business. Organizations can do table top exercise in order to know what to do in a real time scenario.
kofi bonsu says
Disasters can happen at any time. What is the first part of the disaster management cycle to consider?
Madalyn Stiverson says
The first phase is mitigation. This occurs before a disaster. It is what you do to prepare and reduce the severity and frequency of potential disasters.
Kelly Sharadin says
What are the phases of the incident response lifecycle?
Antonio Cozza says
The phases in the NIST Incident response lifecycle are preparation, detection and analysis, containment, eradication and recovery, and lastly post-incident activity / lessons learned. The lessons learned initiate a new cycle to better prepare for future incidents.
Dan Xu says
How to ensure the implementation of business continuity plan?
Vraj Patel says
Hello Dan,
There are multiple ways to ensure the business continuity plan is in place and working properly. One of the ways to identify that is through testing which would ensure the implementation of the business continuity plan is working properly and it will also identify if there there is anything needs to be updated to that plan.
Victoria Zak says
What are the steps to a Cyber Incident Response Plan?
Antonio Cozza says
An incident response plan can be described at large by the steps recommended by NIST: preparation, detection + analysis, containment + eradication + recovery, and lastly lessons learned.
Antonio Cozza says
What are integrated logs and how does event correlation help monitor an environment?
Victoria Zak says
An integrated log is a system of logging and gives a “behind the scene” view of integrations. This can identify troubleshooting integration issues. However, event correlation that takes data from either application logs or host logs and analyzes the data to identify relationships. Event correlation can help monitor an environment by sending alerts when a hardware fails, based on rules.
Patrick Jurgelewicz says
What are the different types of Data Backup Facilities and when might each be useful?
Kelly Sharadin says
Hi Patrick,
Various backup facilities can be “hot”, “warm” or “cold”. An organization will choose a particular facilities depending on the needs of the business the acceptable down-time when coming back online after an incident. A hot site would be ready instantly where a cold site would require much more effort and resources to get the business back to operational status.
Kelly
zijian ou says
What does a complete BCP need?
Kyuande Johnson says
What are examples of compensating controls?
Madalyn Stiverson says
A compensating control is a control put in place that does not follow the commonly accepted gold standard but still achieves an equal or better outcome. For example, having a single employee in charge of accepting cash payments, recording the deposit, and reconciling monthly financial reports does not follow the accepted control for separation of duties. A compensating control put in place would require that employee to have additional oversight, such as having a manager closely review and approve all reconciliations.
Lauren Deinhardt says
What is the difference between business continuity training and incident response training?
Vraj Patel says
Hey Lauren,
The difference between then is business continuity training ensure the business could be operated during the incident and the incident response training ensure the team members are aware of the steps that would be require to take to effectively response to the incident and bring back the network to a normal state.
Michael Jordan says
Why is there a differentiation between many different types of continuity planning? For example, as listed in NIST Special Publication 800-34 Rev. 1: Contingency Planning Guide for Federal Information Systems, there is: contingency planning, business continuity planning (BCP), continuity of operations planning (COOP), crisis communications planning, and more.
Vraj Patel says
How often should the Contingency Plan be reviewed and updated?
Olayinka Lucas says
What is the acceptable Maximum Tolerable Down Time for Incident response that cuts across all sectors?