Scottish author Robert Burns wrote in the poem “To a Mouse,” “The best-laid schemes o’ mice an’ men. Gang aft a-gley.” You may better know the saying in its more common form, “The best-laid plans of mice and men often go awry.”
This saying may resonate with incident responders, business continuity planners and crisis managers. They know all too well that all plans may be useless after the first shot is fired. But, as former President Dwight D. Eisenhower said, “In planning for battle, I have always found that plans are useless, but planning is indispensable.” To be ready, start with finding out which business practices and processes can impact response and build a governance structure that supports a resilient organization.
Part of your planning must include knowing how your business practices can support or degrade your cybersecurity response. Incident response plans alone are not enough. Planners and responders need to develop insights into how their business runs as a whole. Doing so allows planners to find areas, such as practices and processes, that could have cascading effects during a response.
Think of this planning as a type of systems design approach, similar to the NIST 800-160 principles, but from a business process perspective.
Or put differently: what good is a robust incident response process if business practices tax it, make it less effective or prevent it from working? On paper, and perhaps even in isolation, your cybersecurity response may be great. In practice, running alongside the rest of the business, it is ..
Support the originator by clicking the read the rest link below.
