By Published On: March 6, 2023Categories: Cybersecurity, SecurityComments Off on Business Continuity, Disaster Recovery, and Incident ResponseTags: , ,

In today’s economy, most organizations do business online and cannot tolerate any downtime.  The organizations develop a Business Continuance Plan (BCP) and a Disaster Recovery Plan (DRP).   An effective BC strategy ensures that the organization can facilitate its business operations in the face of expected and unexpected events.   The BCP prioritizes the business operations and defines what is needed to restore the most essential operations to keep the business running in the event of an emergency.    Perform a Business Impact Analysis (BIA) to determine what resources are needed to formulate the action plan.

Business continuity focuses on keeping business operational during a disaster, while disaster recovery focuses on restoring data access and IT infrastructure after a disaster.   The DRP typically focuses on data and technology operations.   The DRP includes how to restore lost data, whether that means restoring a single system or an entire data center.

Unfortunately, the Business Continuance and Disaster Recovery landscapes have changed in recent years.   This is due primarily to the addition of a new type of risk – the risk of a cybersecurity attack.  In years past, the BCP and DRP delt primarily with physical disasters such as hurricanes, tornadoes, power failures, and floods.   With a Cyber-attack, the results can be the same – the loss of data and the halt of business operations.

As a result, a new type of plan has been developed to help cope with cybersecurity attacks.   This is called the Incident Response Plan (IRP).  The IRP defines a set of procedures to address the consequences of a security incident.   The goal of an IRP is to allow an organization to detect, manage and recover from an attack, thereby minimizing damage to business assets quickly and effectively.

The Incident Response and Disaster Recovery should be referenced within the Business Continuity Plan.

An IRP enables you to respond to cyber-attacks quickly and effectively. It also helps in evaluating the aspects that are at high risk and how to control them. You can follow the steps below to build and implement an IRP:

  • Evaluate and list your potential risks. This can be done through NIST Cybersecurity Framework Core assessment, penetration (pen) testing and vulnerability scans.
  • Build a plan that includes incident preparation, incident detection and analysis, and recovery procedures in line with industry standards and regulations.
  • Ensure that the IRP complies with specific security standards and regulations as required by the business.

All three of these plans share common features but also address different needs.   The BCP focuses on business operations. The BCP should reference the DRP and the IRP.


Winslow Technology Group can assist with these plans and can provide the assessments needed to help with the IRP.    We have a professional services practice focused on Cybersecurity and can perform testing and assessments as well as implement solutions to detect, respond, and analyze cybersecurity threats.

Click here for more on our Cybersecurity Solutions.

Share This Story, Choose Your Platform!

About the Author: Steve Elliott

Senior Solution Architect