Systematic review of business continuity and disaster recovery best practices for critical infrastructure protection under federal cybersecurity regulations and guidelines
College of Business, University of Texas Permian Basin, Odessa, TEXAS 79765, USA.
Review Article
World Journal of Advanced Research and Reviews, 2022, 15(02), 932-951
Article DOI: 10.30574/wjarr.2022.15.2.0842
Publication history:
Received on 29 June 2022; revised on 21 August 2022; accepted on 28 August 2022
Abstract:
This systematic review focused on the best practices in business continuity (BC) and disaster recovery (DR) planning in critical infrastructure (CI) organizations subject to federal cybersecurity regulations in the United States. A total of 52 peer-reviewed articles published between January 1990 and December 2022 were analyzed and meta-analyzed. Statistically significant predictors of the program effectiveness of the BC/DR were arranged based on outcome variables such as operational resilience indices, recovery time goals (RTO), recovery point goals (RPO), and regulatory compliance scores. The quality of the methodology of every study was evaluated with a 11-point grading scale with items rating the use of theoretical frameworks, longitudinal design, comparison groups, and statistical rigor. Executive commitment of leadership, frequency of testing, intensity of training of the staff, redundancy of technology, and integration of supply chain risks were the best-practice predictors that were most consistently reported. The overall score of the methodological quality of reviewed studies was 7.12 (SD = 1.6; maximum = 11). The results indicate that there is still a significant gap in BC/DR testing frequency, cross-sector information transfer, and macro-level regulatory congruence. The review provides a synthesized evidence base that can guide practitioners, regulators, and researchers associated with the nexus of cybersecurity governance and critical infrastructure resilience.
Keywords:
Business Continuity Planning; Disaster Recovery; Critical Infrastructure Protection; Federal Cybersecurity Regulations; Organizational Resilience
Full text article in PDF:
Copyright information:
Copyright © 2022 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution Liscense 4.0