10 Steps to Cyber Resilience Quiz

Results Displayed at the End of the Self-Assessment

Step 1 of 12

Introduction

Evaluate your maturity level against the NCSC 10 Steps to Cyber Resilience standard. Please be aware that this is a concise version and does not pose every potential question to comprehensively gauge your organisation's maturity level. This guidance isn't just about bolstering an organization's technical defences. Instead, it offers a holistic approach that encompasses governance structures, policies, and human behaviours, emphasizing that cybersecurity is not merely the domain of IT departments but is an organization-wide responsibility. The "10 Steps to Cyber Resilience" quiz is here to help you dive into cybersecurity. With 10 sections and 5 "yes" or "no" questions in each, your score will show how prepped your organization is against cyber attacks. Try it out, it's totally free!

Risk Management

Risk management in the cybersecurity realm pertains to the processes involved in identifying, assessing, and prioritizing cyber risks and implementing strategic actions to reduce or mitigate them

Does your organisation utilise a risk register to track and manage identified risks?

Yes

Action Item

! Having a risk register is a fundamental component of effective risk management. It provides a structured way to identify, assess, and monitor potential risks that might impact the objectives or operations of an organization. By documenting risks, their potential impacts, and mitigation strategies, an organization can proactively address challenges before they escalate. This not only helps in minimizing adverse effects but also ensures that all stakeholders are informed and prepared.

Is there a designated individual or team responsible for overseeing the risk management regime?

Yes

Action Item

! Lacking a designated individual or team to oversee the risk management regime can severely undermine an organisation's ability to manage potential threats. An absence of clear responsibility can lead to unaddressed vulnerabilities, inconsistent risk evaluations, and delayed responses to emerging threats. It's crucial to have a focused approach to risk management to ensure that potential risks are proactively identified, assessed, and mitigated.

Is the organisation aligned to a recognised cyber security standard?

Yes

Action Item

! Without adherence to a standard, there may be inconsistencies in security practices, potentially resulting in unaddressed vulnerabilities. This lack of standardisation can hinder the effectiveness of security measures, exposing the organisation to greater cyber risks and potentially compromising stakeholder trust and data protection.

Is there a regularly reviewed and updated risk management strategy in place

Yes

Action Item

! Without periodic reviews, outdated or ineffective measures may persist, leading to unidentified or mismanaged risks. This static approach can result in increased vulnerabilities over time, potentially compromising the organisation's objectives, financial stability, and reputation.

Is risk communication standardised across the organisation?

Yes

Action Item

! Not having standardised risk communication across an organisation can result in inconsistencies in understanding and response. This misalignment can lead to gaps in risk mitigation, overlapping efforts, and potential vulnerabilities. Furthermore, employees may become confused about priorities, stakeholders might receive mixed messages, and the organisation's reputation could suffer if risks aren't managed and communicated effectively.

References:
Government Cyber Security Policy Handbook: Risk Management
10 Steps to Cyber Security: Risk Management

Asset Management

Asset management involves understanding and managing risks to assets that could adversely affect an organization.

Do you maintain a current and comprehensive inventory of all organisational assets, both physical (hardware) and logical (software)?

Yes

Action Item

! Failing to maintain a current and comprehensive inventory of all organisational assets, both physical (hardware) and logical (software), can severely hamper operational efficiency and security. Without a clear inventory, the organisation might overlook outdated systems, unpatched software, or misplaced hardware, introducing vulnerabilities.

Are all assets classified according to their sensitivity and importance to the organisation?

Yes

Action Item

! Without appropriate classifications, the organisation might not allocate adequate security measures or resources to its most critical assets. This oversight can lead to potential breaches, loss of valuable information, and disruptions to operations. It can also compromise the organisation's ability to meet regulatory requirements.

Is there a designated owner or responsible party assigned to each asset, who is accountable for its security and use?

Yes

Action Item

! Not assigning a designated owner or responsible party to each asset can lead to a lack of accountability and clarity within an organisation. Without clear ownership, the lines of responsibility can become blurred, resulting in potential security oversights and misuse of assets.

Do you have a documented process covering the entire lifecycle of assets (procurement, deployment, maintenance, decommissioning)?

Yes

Action Item

! Without structured guidelines, there's potential for inconsistent handling, leading to operational hiccups, financial wastage, or security gaps. Such oversights can result in the improper or premature disposal of assets, loss of critical data, or exposure to cyber threats, all of which can jeopardise the organisation's operations and reputation.

Do you have secure procedures in place for disposing of or repurposing assets, ensuring data is irrecoverably wiped or destroyed?

Yes

Action Item

! Neglecting to have secure procedures for the disposal or repurposing of assets can lead to severe repercussions for an organization. When assets, especially electronic devices like computers, servers, and mobile devices, are disposed of or repurposed without proper data wiping, there's a high risk that sensitive information can be retrieved by malicious actors. This could result in data breaches, identity theft, financial fraud, or the exposure of trade secrets.

References:
Government Cyber Security Policy Handbook: Asset Management
10 Steps to Cyber Security: Asset Management

Identity & Access Management

Identity and Access Management (IAM) is crucial as it ensures that the right individuals access the right resources at the right times and for the right reasons.

Have you implemented automated processes for onboarding, updating, and offboarding user identities in line with their job roles and responsibilities?

Yes

Action Item

! Failing to implement automated processes for onboarding, updating, and offboarding user identities in alignment with their job roles and responsibilities can lead to significant inefficiencies and security risks for an organisation. Manual or disjointed procedures can result in delays, mistakes, or oversights, potentially giving individuals inappropriate levels of access or failing to revoke access when necessary.

Is MFA mandatory for accessing critical systems, especially for remote access and administrative functions?

Yes

Action Item

! Not making MFA (Multi-Factor Authentication) mandatory for accessing critical systems, especially for remote access and administrative functions, can considerably heighten the security risks for an organisation. Without MFA, the barrier to unauthorized access is significantly lowered, making it easier for malicious actors to compromise systems. This can result in data breaches, loss of sensitive information, and potential disruptions to operations.

Are robust password policies in place, and are they enforced (e.g., password length, complexity, expiration)?

Yes

Action Item

! Neglecting to have robust password policies in place, or failing to enforce standards like password length, complexity, and expiration, can gravely compromise the security posture of an organisation. Weak or stagnant passwords are a prime target for malicious actors, making systems and data susceptible to breaches. Such oversights can lead to unauthorized access, loss of critical information, and potential operational disruptions. Furthermore, it diminishes the organisation's alignment with cybersecurity best practices.

Are privileged accounts (like administrator accounts) managed with extra security measures, such as time-bound access or session recording?

Yes

Action Item

! These accounts typically have access to the most sensitive data and systems. Without stringent controls, there's an increased risk of internal misuse or external breaches. Such lapses can lead to extensive data loss, system disruptions, or malicious activities, inflicting both operational and reputational damage.

Is there a process in place to swiftly revoke access for users who no longer require it, such as in the case of an employment termination?

Yes

Action Item

! Lacking a process to swiftly revoke access for users who no longer require it, especially in cases like employment termination, can expose an organisation to significant risks. Delays or oversights in revoking access can lead to unauthorized data access, misuse of resources, or potential sabotage.

References:
Government Cyber Security Policy Handbook: Identity and Access Control
10 Steps to Cyber Security: Identity and access management

Architecture & Configuration

Architecture and configuration in information security are crucial to ensuring that systems are designed and set up securely from the ground up

Do you maintain a standard, secure baseline configuration for all systems and devices in the organization?

Yes

Action Item

! Without a uniform baseline, systems might be deployed with avoidable security gaps or misconfigurations, making them more susceptible to breaches or malware. This can lead to data loss, operational disruptions, and added remediation costs. Moreover, the absence of a standardised configuration complicates troubleshooting.

Are sensitive operations or data segregated from general operations using firewalls, VLANs, or other isolation mechanisms?

Yes

Action Item

! Not segregating sensitive operations or data from general operations using firewalls, VLANs, or other isolation mechanisms can jeopardise the security of an organisation. Without such segregation, there's a heightened risk of breaches, inadvertent data exposure, or cross-system contamination. This can lead to loss of confidential information, operational disruptions, or malware spread.

Do you have processes in place to track, review, and approve changes to configurations on critical systems?

Yes

Action Item

! Neglecting to have processes in place to track, review, and approve changes to configurations on critical systems can pose substantial risks to an organisation. Without such processes, there's an increased likelihood of errors, misconfigurations, or even malicious alterations going unnoticed. This can result in system vulnerabilities, data breaches, and operational inefficiencies.

Do you use tools and methodologies to continuously monitor the configuration state of systems, ensuring they adhere to the defined security baselines and policies?

Yes

Action Item

! Failing to use tools and methodologies to continuously monitor the configuration state of systems, ensuring they adhere to defined security baselines and policies, can seriously weaken an organisation's security posture. Without continuous monitoring, deviations from secure configurations may go unnoticed, creating potential entry points for malicious actors. This can result in vulnerabilities, data breaches, or unauthorised system alterations.

Do you routinely modify default configurations, including default accounts and passwords, on hardware and software to meet organizational security standards?

Yes

Action Item

! Out-of-the-box configurations, especially default credentials, are well-known and can be easily exploited by malicious actors. Failing to change these leaves systems vulnerable to unauthorised access, breaches, or malicious activities. Relying on default configurations undermines an organisation's commitment to cybersecurity best practices and can result in both operational disruptions and reputational damage, while also exposing the organisation to potential regulatory penalties.

References:
Government Cyber Security Policy Handbook: System Security
10 Steps to Cyber Security: Architecture and configuration

Engagement & Training

Engagement and training are pivotal in ensuring that everyone within an organisation understands their role in maintaining cybersecurity and acts accordingly

Do you conduct regular cybersecurity training sessions for all employees, including those without a technical role?

Yes

Action Item

! Failing to conduct regular cybersecurity training sessions for all employees, including those without a technical role, can considerably weaken an organisation's human firewall. Employees often represent the first line of defence against cyber threats, and without proper training, they can inadvertently become points of vulnerability. Lack of awareness can lead to phishing successes, malware infections, or unintentional data exposures.

Do you periodically run simulated phishing campaigns to evaluate employee awareness and response to potential phishing attacks?

Yes

Action Item

! Overlooking the practice of periodically running simulated phishing campaigns to evaluate employee awareness and response to potential phishing attacks can leave an organisation vulnerable. Such simulations are pivotal in assessing and strengthening the human aspect of cybersecurity defenses. Without them, employees may not recognize or appropriately respond to real phishing attempts, leading to breaches, malware infections, or data leaks. Relying solely on theoretical training without practical testing may result in complacency.

Is cybersecurity awareness training part of the onboarding process for all new hires?

Yes

Action Item

! Excluding cybersecurity awareness training from the onboarding process for new hires is a significant oversight. New employees, irrespective of their role or department, often have access to various digital resources and systems of the organization. If they are not promptly educated about the cybersecurity protocols, best practices, and potential threats, they can inadvertently become the weakest link in the organization's defense chain. Uninformed employees might engage in risky behaviors, such as clicking on malicious links or using weak passwords, exposing the organization to breaches and cyberattacks.

Are all employees required to acknowledge, at least annually, that they have read and understood the company’s cybersecurity policies?

Yes

Action Item

! Not having a requirement for employees to acknowledge the company's cybersecurity policies annually can lead to potential oversights and security lapses. As cyber threats evolve, organizations must update their policies to stay protected. If employees aren't made to periodically review and acknowledge these changes, they might continue to follow outdated or insufficient practices. This regular acknowledgment not only keeps employees updated but also holds them accountable for adhering to the company's cybersecurity standards.

Is the training content updated regularly to incorporate the latest threats and best practices?

Yes

Action Item

! Failure to regularly update cybersecurity training content can significantly undermine an organization's defense efforts. The cyber threat landscape is dynamic, with new threats, vulnerabilities, and attack methodologies emerging frequently. If training materials aren't updated to reflect these changes, employees might remain oblivious to new risks, leading them to adopt practices that are no longer effective or even harmful. Regularly incorporating the latest threats and best practices ensures that employees are equipped with up-to-date knowledge and skills, enabling them to make informed decisions and safeguard the organization's digital assets.

References:
Government Cyber Security Policy Handbook: Staff Awareness and Training
10 Steps to Cyber Security: Engagement and training

Vulnerability Management

Vulnerability management is about identifying, evaluating, treating, and reporting on security vulnerabilities in systems.

Do you conduct regular vulnerability scans on your systems and applications, both internally and externally?

Yes

Action Item

! Failing to conduct regular vulnerability scans on systems and applications, both internally and externally, exposes an organisation to potential cyber threats. Such scans are vital for identifying and addressing weak points before they're exploited by malicious actors. Without them, unpatched vulnerabilities, misconfigurations, or security holes might remain undetected, offering easy entry points for attackers.

Do you prioritise vulnerability management for critical assets and high-value systems?

Yes

Action Item

! Failing to prioritise vulnerability management for critical assets and high-value systems poses a grave risk for an organisation. These assets often house sensitive data or are vital for the organisation's operations. Without focused attention on their security, they become attractive targets for cybercriminals. Not prioritising their vulnerabilities can result in significant data breaches, operational disruptions, financial losses, and reputational damage.

Upon discovering a vulnerability, is a risk assessment performed to understand its potential impact on the organisation?

Yes

Action Item

! Overlooking the step of performing a risk assessment upon discovering a vulnerability can significantly undermine an organisation's cybersecurity posture. Such assessments are paramount in understanding the potential impact of a vulnerability on the organisation. Without this insight, an organisation might underreact to a critical threat or divert resources unnecessarily towards lesser issues. Assessing the risk ensures that vulnerabilities are addressed proportionally to their potential harm, thus prioritising the organisation's resources and efforts efficiently.

Do you have a procedure in place to address zero-day vulnerabilities and threats?

Yes

Action Item

! Lacking a procedure to address zero-day vulnerabilities and threats places an organisation at immediate and unpredictable risk. Zero-day vulnerabilities are those for which no official fix or patch exists at the time of discovery, making them prime targets for cybercriminals. Without a designated procedure, the organisation may face delays in response time, leaving systems exposed to potential exploitation. It's essential to have a proactive approach, which includes monitoring for undisclosed vulnerabilities, rapid incident response, and contingency plans to mitigate damage.

Do you coordinate with vendors or third-party developers about vulnerabilities related to their products or services?

Yes

Action Item

! By not engaging proactively with vendors or developers, an organisation might miss out on critical patches, workarounds, or other remediation advice. Such oversight can lead to extended periods of exposure to known vulnerabilities. Maintaining a collaborative approach with third parties ensures that all aspects of an organisation's IT environment are safeguarded and signifies a comprehensive and integrated approach to cybersecurity.

References:
Government Cyber Security Policy Handbook: System Security
10 Steps to Cyber Security: Vulnerability management

Data Security

Data security focuses on protecting digital information from unauthorized access, breaches, or theft.

Do you have a clear data classification system in place to categorise data based on sensitivity and criticality?

Yes

Action Item

! Not having a clear data classification system in place to categorise data based on sensitivity and criticality can seriously compromise an organisation's ability to protect its valuable information assets. Data classification is foundational to understanding which data requires the most stringent protection measures, as it dictates security protocols, access controls, and storage decisions. Without such categorisation, organisations risk treating all data uniformly, potentially under-protecting critical data and over-allocating resources to less sensitive data.

Is data, both at rest and in transit, encrypted using up-to-date cryptographic standards?

Yes

Action Item

! Failing to ensure that data, both at rest and in transit, is encrypted using up-to-date cryptographic standards can gravely jeopardise the confidentiality and integrity of an organisation's information. Modern cryptographic standards are developed to counteract the latest threats and computational capabilities of malicious actors. If data isn't appropriately encrypted, or if outdated standards are in use, it becomes significantly more vulnerable to interception, theft, or tampering.

Do you have defined policies for data retention and deletion, ensuring data is not kept longer than necessary?

Yes

Action Item

! Not having defined policies for data retention and deletion, ensuring data isn't kept longer than necessary, can expose an organisation to a myriad of risks. Holding onto data without clear justification can increase storage costs, complicate data management, and heighten the risk of data breaches due to a larger volume of data being available for potential compromise. Furthermore, retaining data longer than required can contravene data protection regulations, leading to legal implications and hefty fines.

Is there a regular and tested backup procedure in place for essential data, ensuring it can be restored in the event of data loss?

Yes

Action Item

! Without reliable backups, the risk of irrevocable data loss from incidents like system failures, malware attacks, or human errors becomes profoundly magnified. Such data loss can lead to operational disruptions, hindering the organisation's ability to deliver services or perform crucial functions. Additionally, the absence of tested backup procedures can signify a lack of preparedness for emergencies, potentially lengthening recovery times.

Do you follow secure disposal methods for data storage devices, ensuring data cannot be retrieved once the device is discarded?

Yes

Action Item

! When data storage devices are discarded without proper sanitisation, sensitive and confidential data may remain accessible, making them ripe targets for data thieves and malicious actors. Acquiring data from improperly discarded devices can provide cybercriminals with valuable information that can be used for fraudulent activities, industrial espionage, or even blackmail. Moreover, non-compliance with data protection regulations could lead to substantial legal penalties and tarnish the organisation's reputation.

References:
Government Cyber Security Policy Handbook: Data Security
10 Steps to Cyber Security: Data security

Supply Chain Security

Supply chain security is about ensuring that the products, services, and solutions an organisation utilises from third parties do not introduce unnecessary risks.

Before onboarding, do you evaluate the cybersecurity policies and practices of your vendors and suppliers?

Yes

Action Item

! Failing to evaluate the cybersecurity policies and practices of vendors and suppliers before onboarding them presents significant risks. Vendors and suppliers often have access to an organization's systems, data, or internal networks. If these third parties lack robust cybersecurity measures, they can become entry points for cyberattacks against the organization. For instance, a compromised vendor system could lead to unauthorized data access, malware infections, or even larger-scale breaches. By not assessing the cybersecurity readiness of vendors, an organization might unintentionally introduce vulnerabilities into its own ecosystem.

Do contracts with suppliers include specific clauses or requirements related to cybersecurity standards and incident reporting?

Yes

Action Item

! Without these stipulations, suppliers may not be legally obligated to uphold the same cybersecurity standards or notify the organisation in a timely manner if a security incident occurs. This can lead to increased exposure to cyber threats, potential breaches, and subsequent data losses, without any recourse or accountability. Additionally, if an incident stemming from a supplier's negligence does occur, the organisation may face regulatory penalties, legal repercussions, and reputational damage, even if the fault lies primarily with the supplier.

Do you have measures in place to validate the integrity of software or hardware acquired from suppliers?

Yes

Action Item

! Without proper validation, there's an increased risk of introducing malicious software or hardware components into the organisational infrastructure. This could allow adversaries to execute malicious activities, from data theft to disruption of operations. Moreover, tampered or counterfeit products may not function optimally or may contain hidden backdoors, granting unauthorised access to networks and sensitive data.

Is access by third-party vendors to your systems strictly controlled, monitored, and regularly audited?

Yes

Action Item

! Not strictly controlling, monitoring, and regularly auditing third-party vendors' access to your systems is a risky oversight for any organisation. Without these safeguards, unauthorised or malicious activities could go undetected, paving the way for potential data breaches or system disruptions. Third parties, even if trustworthy, can sometimes have weaker cybersecurity postures, making them attractive targets for adversaries aiming to gain indirect access to your systems. Furthermore, without clear access controls and regular audits, it becomes challenging to determine who did what and when, especially if an incident occurs.

Are systems accessed by suppliers isolated or segmented from critical organisational networks?

Yes

Action Item

! If suppliers' systems are compromised or have weaker security controls, direct connectivity to primary networks can provide an easy pathway for cyber adversaries into your environment. Such connectivity can allow the rapid spread of malicious software or enable unauthorised data access, potentially leading to data breaches or operational disruptions. By not segmenting these systems, an organisation effectively expands its attack surface, giving attackers more opportunities to exploit vulnerabilities. Moreover, a lack of proper network segmentation can complicate incident response and containment efforts, as it becomes harder to isolate affected systems swiftly.

References:
Government Cyber Security Policy Handbook: Supply Chain
10 Steps to Cyber Security: Supply chain security

Logging & Monitoring

Logging and monitoring are foundational to understanding the activities within an organisation's systems and networks, providing the capability to detect and respond to anomalies and potential security threats.

Do you ensure that all critical systems, devices, and applications are configured to generate logs of their activities?

Yes

Action Item

! Logs serve as the eyes and ears of an IT environment, capturing detailed information about operations, transactions, and potential security incidents. Without comprehensive logging, detecting malicious activities or anomalies becomes significantly more challenging, if not impossible, leaving the organisation blind to potential threats. Moreover, in the aftermath of a security incident, logs are crucial for forensic investigations to determine the cause, impact, and origin of a breach. Without these records, establishing a timeline, understanding the scope of an attack, or even identifying vulnerabilities for remediation becomes a guessing game. Additionally, many regulatory frameworks mandate specific logging requirements. Failure to maintain comprehensive logs can, therefore, result in non-compliance penalties. In essence, not ensuring proper logging can leave an organisation vulnerable, uninformed, and potentially liable.

Have you established and adhered to a log retention policy that dictates how long logs are kept based on their importance and regulatory requirements?

Yes

Action Item

! Not having a specified log retention policy exposes an organisation to potential security oversights and regulatory non-compliance. Without this, there's no structured way to trace historical data during incidents or to meet legal and audit requirements, potentially jeopardising business operations and credibility.

Do you employ a centralised logging solution or Security Information and Event Management (SIEM) system to aggregate and analyse logs from different sources?

Yes

Action Item

! Failing to employ a centralised logging solution or a Security Information and Event Management (SIEM) system can significantly impede an organisation's cybersecurity posture. Without such systems, it becomes arduous to monitor and respond to security incidents in real-time. Organisations might miss vital signs of malicious activities or inconsistencies across the vast landscape of their IT environment. Moreover, disparate logs from multiple sources can lead to challenges in correlating events, delaying incident detection and response.

Are strict access controls applied to log data, ensuring only authorized personnel can view or modify them?

Yes

Action Item

! Not applying strict access controls to log data poses a substantial risk for organisations. If only authorized personnel can't exclusively view or modify logs, it compromises the integrity and confidentiality of the data. This lack of control can allow malicious actors, whether external or internal, to tamper with logs, erasing traces of their actions or fabricating log entries to mislead investigators. Additionally, sensitive information contained within logs could be exposed, violating privacy regulations and potentially providing adversaries with more information to fine-tune their attacks.

Do you have mechanisms in place to ensure the integrity of log data so that it cannot be tampered with or deleted maliciously?

Yes

Action Item

! Without mechanisms to safeguard against tampering or malicious deletion, there's no guarantee that historical system or security events remain genuine or even intact. This vulnerability could lead to an inability to trace back security incidents or hold malicious actors accountable for their actions. It also jeopardises the reliability of audits or investigations that rely on such logs.

References:
Government Cyber Security Policy Handbook: Security Monitoring
10 Steps to Cyber Security: Logging and monitoring

Incident Management

Incident management is the coordinated process by which an organisation responds to and manages a security breach or cyberattack.

Do you have a formalised Incident Response Plan (IRP) that is tailored to different types of potential cyber incidents?

Yes

Action Item

! In the absence of a structured response strategy, organisations can find themselves unprepared and overwhelmed during cybersecurity breaches. This lack of preparedness often leads to prolonged system downtime, increased financial losses, and potential reputational damage. Furthermore, an ad-hoc approach to incident response might result in missed critical steps or regulatory reporting requirements.

Have you conducted a tabletop exercise or live drill within the last year to test your Incident Response Plan?

Yes

Action Item

! Such exercises are instrumental in identifying potential weaknesses in response strategies, ensuring all personnel are familiar with their roles, and refining the plan based on practical insights. Without regular testing, there's a risk that an outdated or unpractised IRP may not effectively address a real-world cyber incident. This can lead to inefficient responses, delayed recovery, and heightened adverse impacts, both financially and reputationally.

Do you have established communication protocols to inform stakeholders, regulatory bodies, and possibly affected individuals in case of a significant breach?

Yes

Action Item

! Effective communication during a cyber incident is paramount for managing the situation and upholding trust. Without set protocols, an organisation risks legal repercussions for not meeting regulatory notification requirements. Additionally, delayed or mismanaged communication can escalate the situation, erode trust with stakeholders and customers, and exacerbate potential reputational damage.

Do you have tools and procedures in place to collect, preserve, and analyse digital evidence following an incident?

Yes

Action Item

! Digital evidence is pivotal for understanding the scope, cause, and impact of a security breach, as well as for subsequent legal or regulatory proceedings. Without such tools and procedures, the organisation risks losing vital information that could assist in remediation and future prevention. Furthermore, mishandling or failing to adequately preserve evidence can compromise its integrity and admissibility in court, hindering legal recourse.

Is your Incident Response Plan integrated with your organisation's business continuity and disaster recovery plans?

Yes

Action Item

! Lacking integration between an Incident Response Plan and an organisation's business continuity and disaster recovery plans can be perilous. Such integration is crucial because cyber incidents often have ripple effects that can disrupt business operations and services. An isolated Incident Response Plan might address the immediate threat but could overlook broader business implications. Conversely, business continuity and disaster recovery plans anticipate disruptions and lay out strategies for resuming operations, but might not consider specific nuances of cyber incidents.

References:
Government Cyber Security Policy Handbook: Response and Recovery Planning
10 Steps to Cyber Security: Incident management

Enter Email Confirm Email

The results of the quiz will be sent directly to your email address.