Cyber Resilience | IT Governance USA

Speak to an expert

Please contact our team for advice and guidance on improving your cyber resilience.

What is cyber resilience?

Cyber resilience is the ability to prepare for, respond to, and recover from cyber attacks. It helps an organization protect against cyber risks, defend against, and limit the severity of attacks, and ensure its continued survival despite an attack.

Cyber resilience has emerged over the past few years because traditional cybersecurity measures are no longer enough.

It is now commonly accepted that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a cyber attack.

This means that instead of focusing your efforts on keeping criminals out of your network, it’s better to assume they will eventually break through your defences, and start working on a strategy to reduce the impact.

The four elements of cyber resilience

The IT Governance Cyber Resilience Framework recommends a four-part approach to cyber resilience:

1. Manage and protect

First element

The first element of a cyber resilience program involves being able to identify, assess, and manage the risks associated with network and information systems, including those across the supply chain.

It also requires the protection of information and systems from cyber attacks, system failures, and unauthorized access.

Find out more >>

This stage should cover:

Malware protection
Information and security policies
Formal information security management program
Identity and access control
Security teams are competent and receive regular training
Security staff awareness training
Encryption
Physical and environmental security
Patch management
Network and communications security
Systems security
Asset management  
Supply chain risk management

2. Identify and detect

Second element

The second element of a cyber resilience program depends on continual monitoring of network and information systems to detect anomalies and potential cybersecurity incidents before they can cause any significant damage.

Find out more >>

This stage should cover:

Security monitoring
Active detection

3. Respond and recover

Third element

Implementing an incident response management program and measures to ensure business continuity will help you continue to operate even if you have been hit by a cyber attack, and get back to business as usual as quickly and efficiently as possible.

Find out more >>

This stage should cover:

Incident response management
ICT continuity management 
Business continuity management 
Information sharing and collaboration

4. Govern and assure

Fourth element

The final element is to ensure that your program is overseen from the top of the organization and built into business as usual. Over time, it should align more and more closely with your wider business objectives.

Find out more >>

This stage should cover:

Comprehensive risk management program
Continual improvement process
Governance structure and processes
Board-level commitment and involvement
Internal audit
External certification/validation

The benefits of cyber resilience

A cyber-resilient posture helps you to:

Reduce financial losses
Meet legal and regulatory requirements: new regulations such as the California Consumer Privacy Act (CCPA) and the EU's GDPR (General Data Protection Regulation) call for improved incident response management and in some cases, business continuity management.
Improve your organizational culture and internal processes
Protect your brand and reputation