1. 1 Introduction
  2. 2 Questions
  3. 3 Results
1 of 3 (0%)

Theme 2 : Having the Right Procedures: Make a Plan

Once you have taken stock of your situation by drawing up an inventory and doing the necessary analysis, you need to move on to the next step: making a plan.

image illustrativeAlready in the Middle Ages, a lord did not wait for his enemies to attack him or for an incident to occur before thinking about the right procedures to put in place.

To defend himself, he planned the training of his troops (archers, infantrymen, etc.) in advance, he thought about procedures for storing food to withstand a siege, he drew up evacuation procedures (for example, in the event of a fire) and he agreed with his allies on the procedure to be used to call for reinforcements on the day an enemy attacked.

image illustrativeSimilarly, in the digital age, your company must also adopt procedures to anticipate and limit the impact of cyber security incidents.

This plan needs to encompass three distinct stages:

  • Before the incident: what you do to prevent a cyber security incident from happening. At this stage, a good information security policy, including awareness-raising among your staff (see theme 3 “’Awareness-raising: your plan in practice”), as well as the control of risks relating to your suppliers and subcontractors (management of personal data , access to your computer systems, etc.), will be very useful. This is the key document in your cybersecurity prevention system!
  • During the incident: what you do when the cyber security incident happens in any case, to avoid a total shutdown of your business and regain control of the situation. Here, we refer to an incident management plan  and a business continuity plan .
  • After the incident: what you do after the cyber security incident, in order to learn from your experience. This is the “Post-Incident Review”.

image illustrative

Don't wait for the incident to happen before thinking about having the right procedures in place!

Keep in mind

  • Fortified castle in the Middle Ages:
    • Procedures for:
      • training troops (archers, infantrymen, etc.);
      • storing food (siege);
      • evacuation (fire, etc.);
      • call for allied reinforcements;
      • etc.
  • Cybersecurity for your business:
    • Planning procedures in 3 stages:
      1. before the incident: information security policy (awareness-raising, supplier/subcontractor management, etc.);
      2. during the incident: incident management plan (regaining control) and business continuity plan (maintaining activity);
      3. after the incident: post-incident review (learning from the experience).