Do you know what to do when an unplanned event like a cyber attack compromises your business?
Cyber Resilience is about being strategically prepared to respond to a broad spectrum of unplanned events that will compromise your productivity, reputation, and bottom line. Cyber Resilience is acceptance that the illusion of 100% Cyber Security is gone.
The spectrum of unplanned events includes spear phishing attacks, insider and 3rd party threats, including social engineering, malware, ransomeware, DDoS attacks, and other disasters, like benign file corruption and data loss. There’s no way to guarantee which of these will happen to you. The only guarantee is that they will happen.
Acceptance of this reality inspired us to create the Cyber Resilience Diagnostic.
Prevention, governance, and compliance are important but we’ve had enough experience to know, even when done well, these don’t offer organizations resilience, which means they still don’t know what to do to get back to work as quickly as possible after an attack.
The Cyber Resilience Diagnostic goes beyond those measures to make sure you’re prepared when that moment comes.
Step 1: Diagnose Your cyber Resilience
Our proprietary 4-Step framework quickly identifies, defines, and prioritizes your preventable and acceptable risks. It’s synthesized from a current and comprehensive set of industry compliance standards for Data Protection and Privacy, including GDPR, HIPAA, ISO, PCI, NIST, and others, but also takes these a step further by offering your business a strategic plan for how to respond to unplanned incidents that will compromise your business.
How long does Step 1 take?
Depending on your organization’s size and complexity, typically 40-60 hours. No one wants to bring a tank to a knife fight, so we define what your organization needs and what it doesn’t.
What does Step 1 achieve?
This step delivers 4 key components:
Cyber Resilience Team: We’ll help you create your own internal Cyber Resilience Team by identifying key allies, stakeholders, and subject matter experts. We establish their ownership and buy-in to uncover the hidden machinery that makes your business tick.
Cyber Resilience Blueprint: A concrete, step-by-step blueprint that quickly and cost-effectively identifies how to eliminate your preventable risks, minimize the ones you must accept, and designs your overall Cyber Resilience Strategy.
Information Security Policy Set: A complete set of policies mapped to your prioritized risks, customized for your organization’s unique requirements, industry, and culture.
Awareness Training: Fast and fresh presentations introduce the Information Security Policy Set to your team and elevate their knowledge of the latest intelligence, tools, and strategies to protect themselves and your organization’s bottom line.
Step 2: Establish your Cyber Resilience
We’re happy to work with your own in-house IT or with our own team of trusted experts to implement the overall Cyber Resilience Strategy, eliminate preventable risks, and prioritize tactical and strategic response planning for the risks your organization must accept.
How long does Step 2 take?
Typically 4-8 weeks, depending on what we learn from the Cyber Resilience Diagnostic in Step 1 and also the size and complexity of your organization.
Step 3: Sustain your Cyber Resilience
To ensure our work maintains it value over the long-term, we create the Cyber Resilience Sustainability Plan (or CRSP), an annual calendar of tasks:
Cyber Resilience Awareness Training Schedule (2 x per year) Designed to reinforce successful cultural integration of the Resilience Strategy and Information Security Policy Set, regular Awareness Training also keeps your team sharp.
Table-Top Simulations (2 x per year) Low-stakes, high-return exercises that familiarize your team with Incident Response to a broad spectrum of unplanned events.
Annual Review (1 x per year) We’ll meet once a year to measure and revisit the Cyber Resilience Strategy and Information Security Policy Set, to make sure we’re continuing to adapt to changing data protection and privacy laws, evolving risk and threat landscapes, and your organization’s needs, growth, and continued success.
Learn more about Cyber Resilience in the media:
Why Cyber is Not Enough: You Need Cyber Resilience — Forbes, January 15, 2014
Microsoft’s Perspective on Cyber Resilience — Microsoft, August 23, 2017
What is Cyber Resilience? — [Video] IT Governance Ltd., February 12, 2018
Cyber Resilience — Wikipedia