Components of Cyber Resilience: Thinking Beyond Situational Awareness Part 1

According to the Cyber Resilience Review (CRR) guide, cyber resilience (CR) is an organization’s ability to “manage operational risk to critical services and their associated assets,” and situational awareness is just one of many tenets of CR that contributes to a holistic cyber security posture. In part one of this series on CR, we will explore additional CR tenets including asset management, controls management, and configuration management.

Cyber Reslience (CR) and Asset Management

Asset management is a core tenet of CR and focuses on the management and support of a business’ critical and high-value assets throughout their life cycle. Asset management involves the planning and identification, documentation, and management of people, information, technology, and facilities. This includes the development of contingency plans should an asset disruption take place.

Controls Management as It Pertains to CR

Controls management, from a CR perspective, involves the administrative, technical, and physical (internal and organizational) processes that help companies ensure readiness in the event of a cyber incident. Effective controls management aligns the control objectives and the associated operational and enterprise controls with the company’s organizational priorities.

Configuration and Change Management from a CR Viewpoint

IT infrastructure is increasingly complex, as are the systems to maintain that infrastructure. Thus, configuration errors-- whether malicious or accidental--can result in costly consequences. To prevent such errors and maintain hardware, software, documentation, and firmware integrity, organizations must have in place effective configuration and change management practices. These include continuous and efficient review and management of changes to assets and support systems so that cyber security is maintained regardless of potential and actual risks and threats.

CR Requires a Holistic Approach

Security Pursuit recognizes that CR involves a holistic approach to cybersecurity—not just situational awareness, change and configuration management, or asset management. We offer security awareness training customized to the needs of your staff, industry, and organization so that everyone is onboard and working toward CR. Contact us today for a free consultation and evaluation of your organization’s cyber resilience practices.