How to develop a Cyber Resilience Framework
- Published: Friday, 26 May 2017 09:35
In today's networked, digital world, the ability to detect, prevent and recover from a cyber attack is critical. Cyber resilience is thus key to organizational sustainability, says Al de Brito, senior technical analyst at ContinuitySA.
"Cyber resilience - the ability to recover fully from any cyber disaster - has many moving parts. Organizations need to approach it methodically, and a Cyber Resilience Framework provides a comprehensive, flexible structure to ensure that all bases are covered," says Mr De Brito.
To build a cyber resilient organization capable of withstanding or recovering from cyber attacks, Mr De Brito says that five inter-connected domains need to be used to guide a concerted programme. These domains or pillars make up a comprehensive Cyber Resilience Framework, each with several functions:
The aim is to develop an organization's understanding and management of the risks to systems, assets, data and capabilities. Key functional areas in this domain are:
- The management of all ICT assets, including personnel, devices, systems and facilities.
- Governance, which covers the creation of an information security policy, and ensuring that all legal and regulatory requirements are met.
- Assessment of the cyber risk, including the organization's vulnerabilities. Care must be taken to monitor the threat landscape continuously, and to understand the business impacts. The latter will assist in prioritising risk responses.
- Development of a risk management strategy, including establishing relevant processes and obtaining the buy-in of all stakeholders.
This is perhaps the most important domain area, and covers activities that will develop/update and implement effective precautions to ensure that all critical infrastructure services can deliver their business purpose. Key functional areas are:
- Controlling access to all ICT assets and facilities. The principle of ‘least privilege’ will inform these measures.
- Implement the right technology (hardware and software) to protect systems and data.
- Motivating and educating everybody within the organization's value chain, including partners and suppliers, to create a solid security culture.
- Ensuring data security based on basic considerations of confidentiality, integrity and availability.
- Protection of all information: probably the most important function within the domain.
- Regular maintenance of all access control systems as well as the ICT system components to ensure protection measures are current.
In this domain, the focus is on activities to identify cybersecurity events. This includes the ability to detect suspicious activity rapidly and assess its impact. Continuous monitoring of all systems, networks and assets is essential, along with vulnerability and penetration testing. Initiatives to maintain, test and improve these detection procedures should also be in place.
This domain covers all activities required to respond to a detected cybersecurity event. Functional areas include response planning, communications, analysis, mitigation and improvement.
As important as the Protect phase, this domain covers how to plan a strategy to recover fully from a cybersecurity event. It should include continuous improvement, and communications with the public, customers and all other stakeholders.
"Cyber resilience basically determines how well your organization can defend its vital ICT systems and assets from attack, and how quickly it can recover when an attack succeeds," Mr De Brito concludes. "The Framework offers a tried-and-trusted methodology for getting it right."