Software Engineering Institute

This technical note describes how an organization can leverage the results of a Cyber Resilience Review to create a Targeted Improvement Plan for its service continuity management (SCM). An organization can use the Cyber Resilience Review (CRR) results and prioritize SCM-specific and supporting practices using a SCM improvement profile to develop a long-term plan. The suggested Targeted Improvement Plan (TIP) approach engages the organization’s business continuity professionals, information technology operations management staff, and security management team (physical and cyber) to create a resilient organization. (In some organizations, it will be appropriate to engage the operational technology team as well.) The technical note includes a SCM Improvement Template that prioritizes all the CRR practices; it places a higher priority on those practices that enable service continuity. It describes how an organization can integrate the results of a recent CRR to create a prioritized list of practices the organization should consider implementing. This list informs decisions that take into account the organization’s unique risk environment to develop a plan. This approach to developing and implementing a SCM program supports organization-specific, mission-focused objectives to protect and sustain a critical, cyber-dependent service during times of stress.