The Cyber Readiness Center Planning Technical Assistance Program: Objectives
  1. Serve as independent, non-biased experts focused on helping organizations improve their cybersecurity resiliency.
  2. Provide consultation and recommendations in developing documents that guide response actions to a cyber incident.
  3. Provide consultation and recommendations in developing documents that guide recovery actions to a cyber incident.
  4. Maintain confidentiality of clients data and information and never share any plans with anyone other than the client.
What is a Cybersecurity Plan?

No matter what you call it, a continuity of operations plan, an emergency plan, a preparedness plan, crisis management plan, etc., developing and implementing a well thought-out plan is a vital part of an organization’s overall cybersecurity readiness.  Whether this is a standalone document or an annex to an existing plan, this is where the assessed vulnerabilities can turn into strengths.  Planning is a process of capturing organizational details as to how it should communicate and act during the response to and recovery from a cyber attack.  It should also lay the foundation for the organization’s entire cybersecurity program by outlining the various prevention-related policies, procedures, training, and exercises that apply to personnel, the supply chain, and customers.  The overarching goal of a plan is to mitigate against the largest risks and improve overall resiliency.

Why is a plan needed?

A plan is needed because a well-thought out decision is difficult to make during a crisis. Experts agree that a successful response to and recovery from a cyber attack is based on taking the time to plan ahead. Planning allows you to take into consideration the full ramifications on personnel, assets, customers, and the community. Our planning team with work with you and other designated personnel, as well as any of your organization’s existing plans, to think through how your organization should best organize, act, and communicate during and after a cyber attack.

Who should develop a plan?

Any organization that involves some kind of information technology in normal operations needs to have a cybersecurity plan. If your organization has an existing business continuity plan or disaster plan, then in the same spirit, a cybersecurity plan is a necessity. It could also be required for compliance purposes and is becoming more and more common as a contract condition for supply chain vendors.

Where are the plans developed?

Our planning experts will travel to your organization for an initial one to two-day meeting to discuss your operation, threats, and other information. Starting with a template, together we will develop a rough outline and begin populating a cybersecurity plan. As subsequent development continues after that, information is exchanged via email and conference calls/web conference sessions.

How much does a Cyber Readiness Center planning technical assistance cost?

There is no fixed cost as the price is based on the unique scope of each project. As part of the Texas A&M Engineering Extension Service, we operate on a complete cost recovery basis. As preliminary discussions make clear the amount of time and travel required, a proposal with the statement of work, price, and timeframe will be presented for consideration.

How do we get started?

To learn more and discuss the parameters of your needs contact:
Scott Terry
Program Director

Response Planning

Should you be attacked, what immediate actions do you take? What internal and external resources will you need? What do you tell your customers in order to properly inform them, but not lose confidence in you? What are your legal obligations? These are just a sample of the issues that need to be considered beforehand in order to best contain the situation. We can help guide you through this complicated process of developing a comprehensive plan so your response is timely and effective. By using our various plan outlines and templates, we strive to make this process as thorough and quick as possible.

Recovery Planning

It can take months for an organization to recover from a cyber incident. Statistics show that as a result a large portion do not survive. Recovery planning involves looking at everything from system restoration to forensic evidence collection and preservation. Specialized assets and expertise are often required. We can help you address these recovery issues within your comprehensive plan to ensure that operations get back to normal as soon as possible. In addition, we consider the steps needed during the recovery phase to ensure the incident never happens again.

Get started with our planning services:

Step 1

  • null

    Contact our specialist to discuss scope and schedule

Step 2

  • null

    Proposal is delivered and contract executed

Step 3

  • null

    Data is gathered via site-visit and VPN access

Step 4

  • null

    Accumulate information from various sources as needed

Step 5

  • null

    Draft documents and refine as needed

Step 6

  • null

    Conference call briefing and final plan delivered

Contact the Cyber Readiness Center team of experienced planners to help you through the in’s and out’s of developing and implementing an effective cybersecurity plan.

Scott Terry