3. Reuse processes
The methods for triggering the response and the communication to the leadership team will also have much in common with each other. For example the role and process of the incident response manager, to triage and determine initial incident severity and escalate, can be similar in both the BCP and the CIRP.
4. Common contact information
The BCP usually has well defined call trees and organization hierarchies with contact information already identified. In many case this information is kept up-to-date. Leverage this information and reference this BCP contact information in the CIRP, rather than trying to maintain a separate and parallel system
5. Combining exercises
The BCP program usually has an annual exercise wherein either a table top simulation or an actual exercise is attempted. The usual scenarios are fire, power outages, earthquakes etc. Consider combining the annual BCP exercise with a CIRP exercise. This exercise can use a data breach related incident or a crypto-locker takedown as the exercise scenario. Using a computer-related incident sheds light to upper management on the importance of the computer related outage or breach and builds awareness that the scale of a computer-related incident can rival and surpass that of the traditional physical security outages.
The extent of the overlap between the business continuity plan and the computer incident response plan can vary widely. For some organizations it may be good business sense to combine the two entirely and have a single incident response plan. For others depending on regulatory environments, it might be better to still keep the two plans separate but combine elements where possible.
At the end of the day, the business continuity plan and the computer incident response plan both require that a manager be defined, a process for leadership decision making and communication be established and appropriate teams and resources be brought in for remediation and recovery. The onus in both cases is on speed of decision making and fast response. Having a single team that is trained and aware of their roles is far more efficient than multiple teams and documents which require additional overhead.
Sign up for CIO Asia eNewsletters.