A Targeted Improvement Plan for Service Continuity
Abstract
This technical note describes how an organization can leverage the results of a Cyber Resilience Review to create a Targeted Improvement Plan for its Service Continuity Management (SCM). An organization can use the Cyber Resilience Review (CRR) results and prioritize SCM-specific and supporting practices using a SCM improvement profile to develop a long-term plan. The suggested Targeted Improvement Plan (TIP) approach engages the organization's business continuity professionals, information technology operations management staff, and security management team (physical and cyber) to create a resilient organization. (In some organizations, it will be appropriate to engage the operational technology team as well.) The technical note includes a SCM Improvement Template that prioritizes all the CRR practices; it places a higher priority on those practices that enable service continuity. It describes how an organization can integrate the results of a recent CRR to create a prioritized list of practices the organization should consider implementing. This list informs decisions that take into account the organization's unique risk environment to develop a plan. This approach to developing and implementing a SCM program supports organization-specific, mission-focused objectives to protect and sustain a critical, cyber-dependent service during times of stress.
Document Details
- Document Type
- Technical Report
- Publication Date
- Feb 01, 2019
- Accession Number
- AD1088211
Entities
People
- Andrew Hoover
- Gavin Jurecko
- Jeffrey Pinckard
- Phillip Scolieri
- Robert Vrtis
Organizations
- Carnegie Mellon University