Components of Cyber Resilience Part 2: Thinking Beyond Vulnerability Management

Cyber resilience (CR)—how you manage operational risk and protect your assets—is, or should be, the goal of every security-minded organization. Building on our previous CR post, let’s explore additional tenets of CR, including vulnerability, incident, and service continuity management.

Vulnerability Management as Part of Your CR Approach

Vulnerability management defines how your organization identifies, analyzes, and manages vulnerabilities, or those processes or attributes that put your company at risk. As the government’s Cyber Resilience Review (CRR) guide explains, vulnerability management is made up of a four-part cyclical strategy:

  • Strategy definition
  • Plan development
  • Capability implementation
  • Capability assessment and improvement

Following this cycle will enable you to continually refresh your vulnerability management approach to ensure utmost security for your organization.

How Incident Management Integrates with CR

In developing a holistic CR approach, your company needs a strong incident management process. In this arena, you define and identify events, determining whether they are incidents that require a response. For effective incident management, you need to have a plan in place to deal with incidents quickly and efficiently, and you need to regularly test that plan and make improvements as necessary.

CR and Service Continuity Management

What happens when there is a disruption to your company’s essential services? How do you maintain continuity? This aspect of CR truly focuses on your resiliency—developing and regularly exercising your disruption mitigation processes, and again, making improvements as necessary. Your organization should feel confident that, should an incident occur, it will be capable of continuity at an established level until full performance is re-established.

The Reality of CR

CR is not a single task but an overarching approach to security and asset protection. Security Pursuit offers penetration testing to baseline where your security posture is currently, and how it can be advanced to a truly cyber-resilient level, encompassing all tenets of CR.