In our two previous posts on cyber resilience (CR)—how you manage operational risk and protect your assets—we explored how a holistic approach is best practice for a security-minded organization. Continuing to build on that knowledge foundation, this third part in the series explores risk management, external dependencies management, training and situational awareness.
CR Through Risk Management
As the name implies, through risk management, an organization identifies, analyzes, and manages risk to the data and services that are critical to the company. An effective risk management approach applies throughout the company, from the top-level executives through interns.
External Dependencies Management and CR
The government’s Cyber Resilience Review (CRR) guide explains that external dependency management (EDM) “focuses on establishing an appropriate level of controls to manage the risks that originate from (or are related to) the organization’s dependence on these external entities. The purpose of EDM is to ensure the protection and sustainment of services and assets that are dependent on the actions of external entities.” In other words, EDM focuses on how your company handles its relationships with other companies from a security perspective.
Key Components of CR: Training and Situational Awareness
Training and situational awareness go hand in hand when it comes to CR. Training and situational awareness are important not only for those in IT but also for staff as a whole. Through effective and ongoing security training, your staff can become part of your line of defense—and a crucial aspect of avoiding social engineering attacks. Situational awareness also entails awareness and communication of the current, ongoing, and future state of critical services throughout your organization.
The Goal of CR
A truly resilient organization, from a cyber security perspective, approaches CR and all its associated factors as a whole, from asset management through service continuity management and situational awareness. Although different companies will have different levels of maturity in each area, the goal is to continue to strengthen your CR. At Security Pursuit, we can help you establish your baseline CR position through penetration testing, then help you fill any gaps and implement an approach to bolster all tenets of CR.