search menu icon-carat-right cmu-wordmark

A Targeted Improvement Plan for Service Continuity

April 2019 Technical Note
Andrew F. Hoover, Gavin Jurecko, Jeffrey L. Pinckard, Robert A. Vrtis, Philip A. Scolieri

Describes how an organization can leverage the results of a Cyber Resilience Review to create a Targeted Improvement Plan for its service continuity management.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2019-TN-002

Abstract

This technical note describes how an organization can leverage the results of a Cyber Resilience Review to create a Targeted Improvement Plan for its service continuity management (SCM). An organization can use the Cyber Resilience Review (CRR) results and prioritize SCM-specific and supporting practices using a SCM improvement profile to develop a long-term plan. The suggested Targeted Improvement Plan (TIP) approach engages the organization’s business continuity professionals, information technology operations management staff, and security management team (physical and cyber) to create a resilient organization. (In some organizations, it will be appropriate to engage the operational technology team as well.) The technical note includes a SCM Improvement Template that prioritizes all the CRR practices; it places a higher priority on those practices that enable service continuity. It describes how an organization can integrate the results of a recent CRR to create a prioritized list of practices the organization should consider implementing. This list informs decisions that take into account the organization’s unique risk environment to develop a plan. This approach to developing and implementing a SCM program supports organization-specific, mission-focused objectives to protect and sustain a critical, cyber-dependent service during times of stress.