Mission Assurance: A Review of Continuity of Operations Guidance for Application to Cyber Incident Mission Impact Assessment (CIMIA)

Abstract

Military organizations have embedded information technology (IT) into mission processes to increase operational efficiency, improve decision-making quality, and shorten the sensor-to-shooter cycle. This IT-to-mission dependence can place the organizational mission at risk when an information incident (e.g., loss or manipulation of an information resource) occurs. Non-military organizations typically address this type of IT risk through an introspective, enterprise-wide focused risk management program that continuously identifies, prioritizes, and documents risks so control measures may be selected and implemented. The explicit valuation of information resources in terms of their ability to support the organizational mission objectives provides transparency and enables the creation of a continuity of operations plan. While this type of planning has proven successful in static environments, military missions often involve dynamically changing, time-sensitive, complex, coordinated operations involving multiple organizational entities. As a consequence, risk mitigation efforts tend to be localized. The research investigates the concept of mission assurance and presents a content analysis of existing continuity of operations elements within military and non-military guidance to assess the current policy landscape to highlight best practices and identify policy gaps in an effort to further enhance mission assurance by improving the timeliness and relevance of notification following an information incident.

Document Details

Document Type

Technical Report

Publication Date

Jun 01, 2010

Accession Number

ADA524935

Entities

Tags