Targeted Improvement Plan for Service Continuity.pdf (619.28 kB)

Targeted Improvement Plan for Service Continuity

Download (619.28 kB)
journal contribution
posted on 15.09.2020, 20:12 by Andrew Hoover, Gavin Jurecko, Jeffrey Pinckard, Phillip Scolieri, Robert Vrtis
This technical note describes how an organization can leverage the results of a Cyber Resilience Review to create a Targeted Improvement Plan for its service continuity management (SCM). An organization can use the Cyber Resilience Review (CRR) results and prioritize SCM-specific and supporting practices using a SCM improvement profile to develop a long-term plan. The suggested Targeted Improvement Plan (TIP) approach engages the organization’s business continuity professionals, information technology operations management staff, and security management team (physical and cyber) to create a resilient organization. (In some organizations, it will be appropriate to engage the operational technology team as well.) The technical note includes a SCM Improvement Template that prioritizes all the CRR practices; it places a higher priority on those practices that enable service continuity. It describes how an organization can integrate the results of a recent CRR to create a prioritized list of practices the organization should consider implementing. This list informs decisions that take into account the organization’s unique risk environment to develop a plan. This approach to developing and implementing a SCM program supports organization-specific, mission-focused objectives to protect and sustain a critical, cyber-dependent service during times of stress.


Publisher Statement

Copyright 2019 Carnegie Mellon University. All Rights Reserved. This material is based upon work funded and supported by the Department of Defense under Contract No. FA8702-15-D-0002 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The view, opinions, and/or findings contained in this material are those of the author(s) and should not be con-strued as an official Government position, policy, or decision, unless designated by other documentation. This report was prepared for the SEI Administrative Agent AFLCMC/AZS 5 Eglin Street Hanscom AFB, MA 01731-2100 NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.