Maksim Kabakou - Fotolia

Security Think Tank: Three key cyber resilience goals

How can companies best assess business resilience to identify the gaps and improve business resiliency to reduce the impact of cyber attacks?

Cyber resilience is an organisation’s capability to withstand the effects of unexpected threats from activities in cyber space.

While technically distinct from business resilience, the sheer connectivity demanded by customers and employees means no business resilience assessment is complete without understanding the potential impact of cyber attacks.

In assessing business resilience, there are many methods organisations can implement, such as following the UK government’s Business Continuity Toolkit, performing an assessment exercise using ISO 22301 or speaking to resilience experts. No matter the business resilience method followed, there should always be three key outcomes for cyber resilience.

Cyber awareness

Organisations should be aware of the dangers of the constantly evolving cyber landscape and incorporate effective situational awareness into their resilience plan.

By gathering cyber threat intelligence, organisations should plan the appropriate responses to cyber attacks. Exercises to identify critical assets and services will also assist organisations in creating effective cyber-resilience plans.

Resilience capability confirmation

Based on asset discovery and the cyber threat intelligence gathered, organisations should assess and improve their cyber resilience.

Using cyber threat intelligence, organisations should evaluate their key threats and manage the risks posed by them. Threat identification is key to an effective cyber resilience plan – not only can an organisation mitigate persistent threats, but it can also identify gaps new threats can exploit.

Effective response

No cyber resilience plan is complete without the ability to respond to incidents and minimise their effects.

Using effective cyber intelligence and asset discovery, resilience plans can be maintained and improved, mitigating threats before incidents occur. Crisis planning and simulation can also help organisations understand and respond effectively to cyber risks and confirm the strength of preventative and reactive cyber resilience approaches.


Alex Jordan is a research analyst with the Information Security Forum.

This was last published in September 2015

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business continuity planning

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close