There are four phases in Cyber Crisis Management, namely Detection, Response, Containment & Recovery. Here is a glimpse of the four phases.
Input to this phase comes both from external sources, such as – customer complaint, regulator complaint, and any other third party; and also from internal sources like helpdesk team and the team engaged for “Security Incident Management Procedure”.
Response / Containment / Recovery Phase:
Various activities which will be carried out by the respective stakeholders under this phase include:
a. Cyber Crisis Management Team (CCMT)
i. Chief Information Officer (CIO) •Coordinates the IT implementation efforts with the technology team within the bank and with the third parties who are maintaining or managing the IT infrastructure
ii. Chief Information Security Officer (CISO) •Coordinates the security controls evaluation and implementation efforts with the Information Security Team within the bank and with the third parties who are maintaining or managing the IT infrastructure •To coordinate with Business Heads and advise them on the situation
iii. Chief Risk Officer (CRO) •CRO will be directly involved fir the Risk Assessment phases and give guidance to the CCMT during the crisis management 10
iv. Chief Financial Officer (CFO) •Provide the justified approval / guidance on the investments/ expenses during the crisis situation •Monitor cost-to-benefit ratio for the efforts and IT/ controls implementation
v. Chief Technology Officer (CTO) / Head (IT Infrastructure) •Engage with his team for isolating systems affected / restoring backups if necessary and all other infrastructure and application related operational issues
vi. Head (Legal) / Legal Counsel •Provide consultation on the legal standing of the bank during the Cyber security crisis situation •Provide consultation on the legal standing of the decisions taken by the Board members and/or CCMT •Provide legal support during the litigation or law suit
vii. Head (Corporate Communication) / Public Relations Officer (PRO) •Consult with the Board members and CCMT members on understanding the crisis and preparing an appropriate public response for the situation – if required •Work with the external parties and media on providing the bank’s stand on the Cyber crisis situation •Continuously provide internal communication and update to employees on the current situation and appropriate steps to be taken by them
viii. Respective Business Heads • Continuously work with their respective teams to address the concerns and issues of the customers