USA
Select regional store:

Cyber Resilience

What is cyber resilience?

Cyber resilience is the ability to prepare for, respond to, and recover from cyber attacks. It helps an organization protect against cyber risks, defend against, and limit the severity of attacks, and ensure its continued survival despite an attack.

Cyber resilience has emerged over the past few years because traditional cybersecurity measures are no longer enough. 

It is now commonly accepted that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a cyber attack.

This means that instead of focusing your efforts on keeping criminals out of your network, it’s better to assume they will eventually break through your defences, and start working on a strategy to reduce the impact. 

The four elements of cyber resilience

The IT Governance Cyber Resilience Framework recommends a four-part approach to cyber resilience:

1. Manage and protect

First element

The first element of a cyber resilience program involves being able to identify, assess, and manage the risks associated with network and information systems, including those across the supply chain.

It also requires the protection of information and systems from cyber attacks, system failures, and unauthorized access. 

Find out more >>

This stage should cover:

  • Malware protection 
  • Information and security policies 
  • Formal information security management program
  • Identity and access control 
  • Security teams are competent and receive regular training 
  • Security staff awareness training 
  • Encryption 
  • Physical and environmental security 
  • Patch management 
  • Network and communications security 
  • Systems security 
  • Asset management   
  • Supply chain risk management

2. Identify and detect

Second element

The second element of a cyber resilience program depends on continual monitoring of network and information systems to detect anomalies and potential cybersecurity incidents before they can cause any significant damage.

Find out more >>

This stage should cover:

  • Security monitoring 
  • Active detection

3. Respond and recover

Third element

Implementing an incident response management program and measures to ensure business continuity will help you continue to operate even if you have been hit by a cyber attack, and get back to business as usual as quickly and efficiently as possible.

Find out more >>

This stage should cover:

  • Incident response management 
  • ICT continuity management  
  • Business continuity management  
  • Information sharing and collaboration

4. Govern and assure

Fourth element

The final element is to ensure that your program is overseen from the top of the organization and built into business as usual. Over time, it should align more and more closely with your wider business objectives.

Find out more >>

This stage should cover:

  • Comprehensive risk management program 
  • Continual improvement process 
  • Governance structure and processes 
  • Board-level commitment and involvement 
  • Internal audit 
  • External certification/validation

The benefits of cyber resilience

A cyber-resilient posture helps you to:

This website uses cookies. View our cookie policy
Risk Assessment
Workshop
Oct 22