{"id":5999,"date":"2024-10-03T15:03:13","date_gmt":"2024-10-03T13:03:13","guid":{"rendered":"https:\/\/cybrela.com\/?p=5999"},"modified":"2025-04-15T07:57:53","modified_gmt":"2025-04-15T06:57:53","slug":"what-are-bcp-drp-and-risk-management-plans-for","status":"publish","type":"post","link":"https:\/\/cybrela.com\/en\/bcp-drp-a-plan-zvladani-rizik-k-cemu-slouzi\/","title":{"rendered":"Useful plans in cybersecurity: What are BCP, DRP, and risk management plans for?"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"5999\" class=\"elementor elementor-5999\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7d302fe0 e-con-full e-flex e-con e-parent\" data-id=\"7d302fe0\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b94fd10 elementor-widget elementor-widget-post-info\" data-id=\"b94fd10\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-91bea00 elementor-inline-item\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-user-circle\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-custom\">\n\t\t\t\t\t\t\t\t\t\tKate\u0159ina Kub\u00edkov\u00e1\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-7aa95ca elementor-inline-item\" itemprop=\"datePublished\">\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"fas fa-calendar\"><\/i>\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-date\">\n\t\t\t\t\t\t\t\t\t\t<time>03. 10. 2024<\/time>\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d5420dd e-con-full e-flex e-con e-child\" data-id=\"d5420dd\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ae084b6 elementor-widget elementor-widget-text-editor\" data-id=\"ae084b6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"color: #41ce95;\"><strong>Pl\u00e1n <span style=\"color: #41ce95;\">zvl\u00e1d\u00e1n\u00ed<\/span> rizik<\/strong><\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-49c1b12 elementor-widget elementor-widget-text-editor\" data-id=\"49c1b12\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This document is\u00a0<strong>part of risk management<\/strong>\u00a0and is usually an output of the risk analysis. However, it doesn't only include risks that arise directly from the risk analysis but also, for example, warnings from the National Cyber and Information Security Agency (N\u00daKIB) about certain software, etc. In accordance with the risk management plan, the company then implements specific\u00a0<strong>security measures<\/strong>.<\/p><p>First and foremost, we will focus on how to identify your assets. To do this, it's helpful to answer a few basic questions that will help you\u00a0<strong>determine what has the highest value for your company<\/strong>\u00a0and what needs to be protected. For example, ask yourself:\u00a0<em>What is most critical for the operation of your company?<\/em>\u00a0or\u00a0<em>What do you need to provide your services or sell your products?<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-13c2ca40 elementor-widget elementor-widget-text-editor\" data-id=\"13c2ca40\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5>The new cybersecurity legislation implementing the NIS2 directive introduces the obligation to have certain documents within a company. In addition to security policies, there are also so-called plans that should have specific and practical content and serve to implement these policies. These plans include, for example, a risk management plan, a business continuity plan, a recovery plan, as well as a security awareness development plan and an audit plan. We will now focus on the first three of these. These documents are required by the regulation in the higher compliance regime, but they are practical enough to be useful for companies under the lower regime as well. What are they for, and what should they include?<\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ba26ab0 elementor-blockquote--skin-boxed elementor-blockquote--align-center elementor-widget elementor-widget-blockquote\" data-id=\"ba26ab0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tRegarding the assets you identify as a company (which are divided into primary and supporting assets), you should maintain security documentation. After identifying the assets, the next step is to assess them in terms of availability, confidentiality, and integrity.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3f2344c elementor-widget elementor-widget-text-editor\" data-id=\"3f2344c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Once the assets have been documented and assessed, the next step is to <strong>identify vulnerabilities and threats<\/strong>, i.e., potential risks that could endanger your assets. Vulnerabilities and threats are also evaluated based on their likelihood. The result of the risk analysis is thus a <strong>list of calculated risks with a certain value<\/strong> (derived from the value of the assets, vulnerabilities, and threats).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8186fe7 elementor-widget-divider--view-line_text elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--element-align-center elementor-widget elementor-widget-divider\" data-id=\"8186fe7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t\t<h5 class=\"elementor-divider__text elementor-divider__element\">\n\t\t\t\tDo you know these terms well?\t\t\t\t<\/h5>\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-f94c17d e-grid e-con-full e-con e-child\" data-id=\"f94c17d\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-0fa702e elementor-flip-box--effect-fade elementor-widget__width-initial elementor-widget elementor-widget-flip-box\" data-id=\"0fa702e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"flip-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-flip-box\" tabindex=\"0\">\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__front\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-flip-box__layer__title\">\n\t\t\t\t\t\t\t\tAsset\t\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__back\">\n\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-flip-box__layer__description\">\n\t\t\t\t\t\t\tAnything that holds value for a company and should be protected. This can include everything from physical devices like computers and servers to digital information such as customer databases, corporate emails, and processes.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c2e67cc elementor-flip-box--effect-fade elementor-widget__width-initial elementor-widget elementor-widget-flip-box\" data-id=\"c2e67cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"flip-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-flip-box\" tabindex=\"0\">\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__front\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-flip-box__layer__title\">\n\t\t\t\t\t\t\t\tVulnerability\t\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__back\">\n\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-flip-box__layer__description\">\n\t\t\t\t\t\t\tA weakness in the system that an attacker could exploit to gain access. This could be something simple, like a weak password, or something more complex, like a software flaw. \t\t\t\t\t\t<\/span>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-df2c89e elementor-flip-box--effect-fade elementor-widget__width-initial elementor-widget elementor-widget-flip-box\" data-id=\"df2c89e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"flip-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-flip-box\" tabindex=\"0\">\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__front\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-flip-box__layer__title\">\n\t\t\t\t\t\t\t\tThreat\t\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__back\">\n\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-flip-box__layer__description\">\n\t\t\t\t\t\t\tAny event that can cause a disruption to an asset.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d0f60fc elementor-flip-box--effect-fade elementor-widget__width-initial elementor-widget elementor-widget-flip-box\" data-id=\"d0f60fc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"flip-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-flip-box\" tabindex=\"0\">\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__front\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-flip-box__layer__title\">\n\t\t\t\t\t\t\t\tRisk\t\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__back\">\n\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-flip-box__layer__description\">\n\t\t\t\t\t\t\tThe probability that a threat will exploit a vulnerability and cause a disruption to assets. In other words, the likelihood of an incident occurring.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-43aee0a elementor-flip-box--effect-fade elementor-widget__width-initial elementor-widget elementor-widget-flip-box\" data-id=\"43aee0a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"flip-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-flip-box\" tabindex=\"0\">\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__front\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-flip-box__layer__title\">\n\t\t\t\t\t\t\t\tIncident\t\t\t\t\t\t\t<\/h2>\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"elementor-flip-box__layer elementor-flip-box__back\">\n\t\t\t<div class=\"elementor-flip-box__layer__overlay\">\n\t\t\t\t<div class=\"elementor-flip-box__layer__inner\">\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-flip-box__layer__description\">\n\t\t\t\t\t\t\tA situation in which security measures have been breached and data or systems have been compromised. This can include anything from a data breach to a malware infection.\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d45865a elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"d45865a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-04bb9cd elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"04bb9cd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-check-square\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">What is a risk management plan useful for?<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e87bca5 elementor-widget elementor-widget-text-editor\" data-id=\"e87bca5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The inventory of assets and risks <strong>includes threats and vulnerabilities<\/strong> to assets in general. However, not all resulting risks require security measures, as some can be accepted. The inventory of risks, including proposed security measures, is documented in the risk management plan.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-679828d elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"679828d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-plus-square\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">What should a risk management plan include?<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a27f5a9 elementor-widget elementor-widget-text-editor\" data-id=\"a27f5a9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>According to the regulation in the <strong>higher regime<\/strong> the risk management plan should particularly consider significant changes, cybersecurity incidents, results of cybersecurity audits, as well as results from penetration testing and vulnerability scanning. Just like the format of the risk analysis, the risk management plan can be created using a special tool, but a simple Excel spreadsheet will also work effectively.<\/p><p>Risk management plans typically contain several key areas:<\/p><ul><li><strong>Source of Findings<\/strong> \u2013 such as risk analysis or warnings from National Cyber and Information Security Agency.\u00a0<\/li><li><strong>Identification of the Asset<\/strong> \u2013 where increased risk was identified, including the risk value, specific vulnerabilities, and threats that led to it.\u00a0<\/li><li><strong>Specific measures to reduce risk<\/strong> \u2013 this should include the priority of the solution, the responsible person (the risk owner should be assigned for each risk), deadlines for implementing security measures, etc.\u00a0<\/li><li><strong>Execution control<\/strong> \u2013 when the risk management plan and specific risk were reviewed, and whether there was a reduction, removal, or transfer of the risk, etc.\u00a0<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0293d23 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"0293d23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4f14305 elementor-widget elementor-widget-text-editor\" data-id=\"4f14305\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"color: #41ce95;\"><strong>Business continuity plan and Disaster recovery plan<\/strong><\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8f024f7 elementor-widget elementor-widget-text-editor\" data-id=\"8f024f7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Do you know what to do in the event of an emergency? And do all those involved in resolving it know as well? As part of business continuity management, <strong>business continuity plans<\/strong> (BCP) and <strong>disaster recovery plans<\/strong> (DRP) are developed. How do they differ, and how can they help you in an emergency?<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-70e24cd elementor-icon-list--layout-traditional elementor-list-item-link-full_width elementor-widget elementor-widget-icon-list\" data-id=\"70e24cd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon-list.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-icon-list-items\">\n\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item\">\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-icon\">\n\t\t\t\t\t\t\t<i aria-hidden=\"true\" class=\"far fa-plus-square\"><\/i>\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text\">What should be done first?<\/span>\n\t\t\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a9bf3d5 elementor-widget elementor-widget-text-editor\" data-id=\"a9bf3d5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Conducting a Business Impact Analysis (BIA) is very useful for continuity management. Unlike risk analysis, which is conducted for many assets, the <strong>BIA<\/strong> is usually focused only on the <strong>most critical assets<\/strong>. The main goal of this analysis is to determine how quickly a key asset needs to be restored in the event of a problem and to identify the <strong>priorities and interdependencies among these assets<\/strong>.\u00a0<\/p><p>The analysis particularly assesses the impact of asset unavailability, data loss from backups, and loss of confidentiality on the identified impact areas. These areas can include, for example, financial losses, disruption of normal operations, legal and contractual obligations, and many others. From the BIA, two values emerge for each asset:<\/p><ul><li><strong>RTO<\/strong> (recovery time objective) defines the maximum time within which the asset needs to be restored, based on the need for availability.\u00a0<\/li><li><strong>RPO<\/strong> (recovery point objective) determines how old backups can be at maximum, which is based on the maximum acceptable data loss.\u00a0<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-783ac98 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"783ac98\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bafc48d elementor-widget elementor-widget-text-editor\" data-id=\"bafc48d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"color: #41ce95;\"><strong>Business continuity plan (BCP)<\/strong><\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f7a6f81 elementor-widget elementor-widget-text-editor\" data-id=\"f7a6f81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This document should provide <strong>an overview of activities<\/strong>, so that in the event of a negative incident (such as a cybersecurity incident), the company can resume its operations as quickly as possible. Business continuity plans are broader than recovery plans.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-871b83e elementor-blockquote--skin-boxed elementor-blockquote--align-center elementor-widget elementor-widget-blockquote\" data-id=\"871b83e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"blockquote.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<blockquote class=\"elementor-blockquote\">\n\t\t\t<p class=\"elementor-blockquote__content\">\n\t\t\t\tContinuity plans mainly include a description of the emergency (which can vary), procedures for managing that specific situation (including individual actions), estimated implementation time, a communication matrix, and a matrix of substitutes for involved personnel.\u00a0\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cb2378d elementor-widget elementor-widget-text-editor\" data-id=\"cb2378d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>We can best understand this with an example: A manufacturing company has a production line for dog toys. As part of its continuity management, it has prepared plans for what to do if it suddenly loses this line. What communication procedures should be chosen? What will be its contingency solution? These are the questions it must address within its continuity management.\u00a0<\/p><p>Continuity management prepares for any cause, <strong>not just cybersecurity risks<\/strong>. For example, the production line may stop functioning due to floods, tornadoes, or even ransomware attacks. The key is to clearly define internal audit procedures and responsibilities in addressing these issues.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-aee1080 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"aee1080\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e9b589a elementor-widget elementor-widget-text-editor\" data-id=\"e9b589a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><span style=\"color: #41ce95;\"><strong>Disaster recovery plan (DRP)<\/strong><\/span><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e66d951 elementor-widget elementor-widget-text-editor\" data-id=\"e66d951\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>It is often said that disaster recovery plans are more about the disaster than the recovery. The recovery plan can be thought of as a detailed manual for IT. Within the framework of the business continuity plan, the <strong>recovery plan is activated<\/strong>, focusing exclusively on IT and specifying the concrete steps that need to be taken for remediation. Even when the individual items of the recovery plan are completed, the <strong>business continuity plan does not end there.<\/strong>.<\/p><p>For example, if the impact analysis states that the recovery of email services should take 4 hours (the RTO), it means that IT can restore the ability to send emails within that time frame. However, this does not mean that the entire business continuity plan is complete \u2013 <strong>this may occur another 2 days later<\/strong>, once all data from the email accounts' archives are restored and the company is fully operational again, almost as it was before the emergency.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-95dd288 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"95dd288\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0c7f8e3 elementor-widget elementor-widget-text-editor\" data-id=\"0c7f8e3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h5><strong><span style=\"color: #41ce95;\"><span class=\"TextRun SCXW114330367 BCX0\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW114330367 BCX0\"><span class=\"TextRun SCXW140129542 BCX0\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW140129542 BCX0\"><span class=\"TextRun Underlined SCXW148823139 BCX0\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW148823139 BCX0\"><span class=\"TextRun Underlined SCXW249042634 BCX0\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW249042634 BCX0\"><span class=\"TextRun SCXW142918163 BCX0\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW142918163 BCX0\">Testing and updating<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/h5>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-755b98e elementor-widget elementor-widget-text-editor\" data-id=\"755b98e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"auto\">Ensuring the testing of the business continuity plan and recovery plans (including processes related to managing cybersecurity incidents) is, among other things, <b>one of the requirements for top management <\/b>in companies under higher compliance obligations. Testing these plans is crucial because the rules establish<\/span><span data-contrast=\"auto\">ed<\/span><span data-contrast=\"auto\"> in them must be functional and will need to serve their purpose effectively in a real emergency.\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:6,&quot;335551620&quot;:6,&quot;335559739&quot;:0,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p><p class=\"translation-block\">Just like with all security policies and other documentation, it is essential to review and update the plans regularly. This also applies to the risk management plan. For example, when an emergency occurs, you will certainly appreciate that you can reach the contact listed in the BCP or DRP and that the expected recovery times are met, rather than being significantly longer than necessary.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8d2e306 elementor-widget-divider--separator-type-pattern elementor-widget-divider--no-spacing elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"8d2e306\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\" style=\"--divider-pattern-url: url(&quot;data:image\/svg+xml,%3Csvg xmlns=&#039;http:\/\/www.w3.org\/2000\/svg&#039; preserveAspectRatio=&#039;xMidYMid meet&#039; overflow=&#039;visible&#039; height=&#039;100%&#039; viewBox=&#039;0 0 126 26&#039; fill=&#039;black&#039; stroke=&#039;none&#039;%3E%3Cpath d=&#039;M3,10.2c2.6,0,2.6,2,2.6,3.2S4.4,16.5,3,16.5s-3-1.4-3-3.2S0.4,10.2,3,10.2z M18.8,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.2-1.4-3.2-3.2S17,10.2,18.8,10.2z M34.6,10.2c1.5,0,2.6,1.4,2.6,3.2s-0.5,3.2-1.9,3.2c-1.5,0-3.4-1.4-3.4-3.2S33.1,10.2,34.6,10.2z M50.5,10.2c1.7,0,3.2,1.4,3.2,3.2s-1.4,3.2-3.2,3.2c-1.7,0-3.3-0.9-3.3-2.6S48.7,10.2,50.5,10.2z M66.2,10.2c1.5,0,3.4,1.4,3.4,3.2s-1.9,3.2-3.4,3.2c-1.5,0-2.6-0.4-2.6-2.1S64.8,10.2,66.2,10.2z M82.2,10.2c1.7,0.8,2.6,1.4,2.6,3.2s-0.1,3.2-1.6,3.2c-1.5,0-3.7-1.4-3.7-3.2S80.5,9.4,82.2,10.2zM98.6,10.2c1.5,0,2.6,0.4,2.6,2.1s-1.2,4.2-2.6,4.2c-1.5,0-3.7-0.4-3.7-2.1S97.1,10.2,98.6,10.2z M113.4,10.2c1.2,0,2.2,0.9,2.2,3.2s-0.1,3.2-1.3,3.2s-3.1-1.4-3.1-3.2S112.2,10.2,113.4,10.2z&#039;\/%3E%3C\/svg%3E&quot;);\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9c4644d e-flex e-con-boxed e-con e-parent\" data-id=\"9c4644d\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cd32657 elementor-cta--skin-cover elementor-bg-transform elementor-bg-transform-zoom-in elementor-widget elementor-widget-call-to-action\" data-id=\"cd32657\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"call-to-action.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-cta\">\n\t\t\t\t\t<div class=\"elementor-cta__bg-wrapper\">\n\t\t\t\t<div class=\"elementor-cta__bg elementor-bg\" style=\"background-image: url();\" role=\"img\" aria-label=\"\"><\/div>\n\t\t\t\t<div class=\"elementor-cta__bg-overlay\"><\/div>\n\t\t\t<\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-cta__content\">\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<h2 class=\"elementor-cta__title elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tGet ready\t\t\t\t\t<\/h2>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__description elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t\tWe will help you create the foundations, principles and documentation for the effective security of your business.\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-cta__button-wrapper elementor-cta__content-item elementor-content-item\">\n\t\t\t\t\t<a class=\"elementor-cta__button elementor-button elementor-size-\" href=\"https:\/\/cybrela.com\/en\/contact\/\">\n\t\t\t\t\t\tCONTACT US\t\t\t\t\t<\/a>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Plans such as BCP, DRP, or risk management plans ensure cybersecurity and help maintain business continuity. What should they include?<\/p>","protected":false},"author":8,"featured_media":8036,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55],"tags":[78,80,79,45,46],"class_list":["post-5999","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kyberbezpecnost","tag-bcp","tag-bezpecnostni-dokumentace","tag-drp","tag-informacni-bezpecnost","tag-kyberbezpecnost"],"_links":{"self":[{"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/posts\/5999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/comments?post=5999"}],"version-history":[{"count":78,"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/posts\/5999\/revisions"}],"predecessor-version":[{"id":8132,"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/posts\/5999\/revisions\/8132"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/media\/8036"}],"wp:attachment":[{"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/media?parent=5999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/categories?post=5999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybrela.com\/en\/wp-json\/wp\/v2\/tags?post=5999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}