Cyber Attacks Against an Organization's IT Systems

C.

The incident response plan focuses on information security responses to incidents affecting systems and/or networks.

It establishes procedures to address cyber attacks against an organization's IT systems.

These procedures are designed to enable security personnel to identify, mitigate, and recover from malicious computer incidents, such as unauthorized access to a system or data, denial of service, or unauthorized changes to system hardware or software.

The continuity of support plan is the same as an IT contingency plan.

It addresses IT system disruptions and establishes procedures for recovering a major application or general support system.

It is not business process focused.

The business continuity plan addresses business processes and provides procedures for sustaining essential business operations while recovering from a significant disruption.

The continuity of operations plan addresses the subset of an organization's missions that are deemed most critical and procedures to sustain these functions at an alternate site for up to 30 days.

Source: SWANSON, Marianne, & al., National Institute of Standards and Technology (NIST), NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, December 2001 (page 8).

The correct answer is C. Incident response plan.

An incident response plan (IRP) is a documented and structured approach to address and manage cybersecurity incidents that may occur in an organization. The primary purpose of an IRP is to minimize the impact of a cybersecurity incident on the organization's IT systems and data, including prevention, detection, containment, and recovery of the incident.

IRP typically includes specific procedures, roles, responsibilities, and communication protocols that are activated in case of a cybersecurity incident. It outlines the steps that should be taken to identify, contain, investigate, eradicate, and recover from an incident. It also defines the criteria for escalation to management and external parties, such as law enforcement, regulatory bodies, or third-party vendors.

In contrast, the other options in the question address different aspects of the organization's continuity planning:

A. Continuity of support plan: A plan that ensures the availability of technical and operational support to the organization's end-users during an IT disruption.

B. Business continuity plan: A plan that outlines the procedures and strategies to ensure the organization's critical business functions continue to operate in the event of a disruption or disaster.

D. Continuity of operations plan: A plan that focuses on maintaining the essential functions of an organization's operations, including IT systems, during and after a significant disruption or crisis.

While all of these plans are essential for an organization's resilience, an incident response plan specifically addresses cyber attacks against the organization's IT systems.