Unit 3. Main Domains of Cyber Resilience

Main Domains of Cyber Resilience

Integrating ecological, social, psychological, organizational, and engineering perspectives and definitions are the roots of resilience. As a result, cyber resilience ought to be taken into account in the context of intricate systems that encompass both the physical and information domains as well as the cognitive and social ones.

In addition, considering the interconnected hardware, software, and sensing elements of cyber infrastructure ensures system recovery (the figure). According to Linkov & Kott (2019), it serves as a link between the system’s maintenance and mission accomplishment.

A cyber resilience assessment supposes that an organization deploys its resources (people, data, technology, and equipment) to support specific mission-critical services. Based on this principle, the review assesses the maturity of an organization’s capabilities and capacities to perform, plan, manage, measure, and define cybersecurity capabilities in 10 domains:

  • 1. Asset management
  • 2. Control management
  • 3. Configuration and change management
  • 4. Vulnerability Management
  • 5. Measures Management
  • 6. Service Continuity Management
  • 7. Risk management
  • 8. External dependency management
  • 9. Training and Awareness
  • 10. Situational awareness
Asset Management

The domain of asset management defines an approach for organizations to plan, identify, record, and manage their assets, which are described as people, data, technology and equipment.

Controls Management

An organization employs internal control as a governance strategy to provide a reasonable assurance of success and to guarantee the effective and efficient achievement of organizational goals.

The Controls Management domain presents the organization with a means of determining control objectives and implementing controls to achieve those goals. In addition, the Controls Management domain discusses the significance of analyzing and evaluating these controls to guarantee that the procedure is continuously improved.

Configuration and Change Management

This domain is concerned with how an organization can apply procedures and processes that manage resources and ensure that changes to those resources cause minimal disruptions to the organization.

Vulnerability Management

This domain is concerned with how an organization can apply procedures and processes that manage resources and ensure that changes to those resources cause minimal disruption to the organization.

Before being exploited, vulnerabilities are identified and analyzed by a vulnerability management process. It also informs the organization of threats that need to be analyzed in the risk management procedure to examine if they pose a substantial risk to the organization in light of the organization’s risk tolerance.

Incident Management

This domain evaluates at a company’s ability to recognize significant operational environment interruptions, analyse them, and establish how and when to react.

Service Continuity Management

Service continuity is the process of evaluating, prioritizing, planning for, responding to, and improving plans to deal with disruptive events. By utilizing established plans that facilitate consistent service continuity, the aim of service continuity is to reduce the impact of disruptive incidents.

Risk Management

Risk management is one of the core activities of any organization that is implemented at all levels within business units, from executive managers to individuals. The cyber ​​resilience assessment is based on cyber operational risks that could disrupt the delivery of crucial services. Even though the operational risk is the focus of the assessment, it’s important to observe that operational risk management only works effectively when it’s done in its entirety.

External Dependencies Management

Outsourcing services, development, and manufacturing have become a normal part of many organizations’ operations, as it allows the use of specialized skills and equipment in a cost-effective manner compared to internal options. The domain of external dependencies management provides a method to recognize and prioritize these external dependencies and then concentrate on managing and maintaining them.

Training and Awareness

The domain concentrates on the procedures whereby an organization plans, detects needs for, and improves training and awareness to guarantee that the operational requirements and objectives of cyber resilience are known and met. Employees will be made aware of their role in the cyber resilience posture of the organization through training and awareness activities. Employees need to also receive specific training to empower them to play their role in managing the cyber resilience of organizations.

Situational Awareness

The entire organization engages in situational awareness activities to provide timely and precise information on the status of operational processes. To meet the resilience demands of critical services, activities must facilitate communication with a wide range of internal and external stakeholders.

How to become Cyber Resilient?

Building a cyber resilient organization requires the following critical steps:

Adopt a holistic cybersecurity approach

Business decision makers should fight to educate themselves and their staff about cyber risks. There is no longer any assurance that acquiring the appropriate technology will do the magic. You must adopt a more holistic approach in light of the increasing complexity and ferocity of cyberattacks. Specifically, seeing your company’s assets as interconnected. concentrating on the actions of all internal stakeholders, not just security teams, is essential to cyber resilience. Security vulnerabilities can be identified using governance, risk management, and compliance tools.

Maintain fundamental security hygiene

This section comprises of regular and monotonous tasks such as requiring users and staff to set strong passwords and update them regularly. A basic security precaution is not to forget the rat in the room when we are busy giving attention to the elephants. They are necessary for regularly applying patches, updates, and access permissions to software and systems.

Get ready for change

It is important to respond quickly and flexibly to new cyber threats and attacks. This appears like this: device resilience through capabilities like reverting back to a safe state when devices are targeted in an advanced attack, automating communication, and the first line of response through artificial intelligence are all examples of decentralized data protection.

Build resilient networks

You can define fundamental user behavior by consolidating and analyzing data from all of your systems and networks. If you incorporate this data into your intrusion detection software, you will have an extremely advanced ability to identify unusual and malicious activity. Build systems that can effectively respond to attacks by leveraging automation with AI and ML. While onboarding trained staff to act as sensors, threat intelligence services can assist you in detecting Advanced Persistent Threats.

Implement data-driven cybersecurity

Approximations related to cybersecurity are eclipsed by data-driven cybersecurity. It transcends traditional data security. Data is not just an afterthought when it comes to security techniques like threat intelligence, tokenization and segmentation as well as access control, and automated access decisions. As a means of protecting assets, incorporating data into your cybersecurity posture may be the most crucial decision you make toward cyber resilience.

Implement security by design

Security is nowadays a topic in the boardroom. Security is nowadays a council topic. Just as an organization’s key stakeholders discuss about the next business topic, they should also include cybersecurity as an important part of their agenda. As a result, cybersecurity is no longer just a nice-to-have but an essential component of business operations. Security becomes ingrained in your solutions and procedures when it is made a priority. There is no going back after taking this step.

Cyber Resilience Framework

Today, there is a perception that it is no longer a matter of “if” but “when” an organization will be exposed to a cyber-attack. This indicates that rather than concentrating your efforts on preventing criminals from entering your network, it is preferable to assume that they will eventually penetrate your defenses and begin devising strategies to minimize their impact.

A four-part method for cyber resilience is proposed by the common cyber resilience framework:

1. Manage and protect

The first kind of cyber resilience program can protect the confidentiality, integrity, and availability of information assets, business processes, and infrastructure by enforcing risk-appropriate information security measures using people, procedures, and technologies.

Information and systems must also be protected from cyberattacks, system failures, and unauthorized access.

This category may cover:

– Asset management  

– Information security policies

-Physical and environmental security

 – Identity and access control

– Malware protection

– Configuration and patch management

– Encryption

– System security

– Network and communications security

– Security competence and training

– Staff awareness training

– Comprehensive risk management programme

– Supply chain risk management

2. Identify and detect

The second kind of cyber resilience program relies on constant monitoring of the network and information systems to spot unusual and possible cyber security incidents before they cause substantial damage.

This category may include:

– Threat and vulnerability intelligence

– Security monitoring

3. Respond and recover

In the event of a cyberattack, having a business continuity plan and an incident response management program will support you continue operating and return to normal operations as soon as possible.

This category might include:

– Management of incident response

– Management of ICT continuity

– Management of business continuity

4. Govern and assure

The last category is to guarantee that your program is monitored at the highest level of the organization and integrated into business as usual. Over time, this must increasingly align with your broader business goals.

This category may include:

– A formal information security management plan

– Continuous improvement process

– Commitment and involvement at the board level

– Governance structure and processes

– Internal audit

– External certification/validation

How to Build a Cyber Resilient Framework in Your Company

Cyber ​​resilience is all about mitigating cyber risk in your network while making sure that your company can rebound from threats without negatively impacting your business.

You must transform your security and risk strategy toward a proactive, end-to-end cyber resilience framework if you want to keep your business safe and competitive.

To establish a cyber resilience framework, each business requires three essential components. They are as follows:

1. Preparing for an attack

Understanding where the risk is hidden in your expanding digital ecosystem – on-premises, in the cloud, across business units, geographies, and shadow IT – is the first step in preparing for an attack and hopefully preventing one.

The effectiveness of cybersecurity controls is continuously monitored, measured, and communicated by each company. With this knowledge, each business can assign resources to quick remediation and prioritize areas of concentrated risk.

2. Responding to an attack

Any cyber resilience framework must include incident response teams. They make it possible to lessen the effects of cyberattacks, quickly restore services, and stop further damage.

However, you must also make efforts to respond to your partners and vendors. Hackers frequently move laterally across the interconnected supply chain after a breach to search for sensitive data, seed malware and encrypt systems.

3. Recovering from an attack

Additionally, a cyber resilience framework can assist you in recovering from a cyberattack and restoring business continuity. This necessitates extensive pre-planning, including comprehending system dependencies, ensuring that your most important data is safe and simple to restore, carrying out attack simulations, and evaluating recovery plans.

However, part of recovery is also preventing future incidents of a similar nature. You must address the issue and identify the breach’s underlying cause to accomplish this. Numerous businesses mitigate cyber risk by patching, scanning for vulnerabilities, and moving on to the next fire. However, this method will not reveal the root cause of an attack or where there is an ongoing risk.

SUMMARY AND KEY TAKEAWAYS

  1. An organization’s resources are assumed to be used to support particular mission-critical services in a cyber resilience review. To review and assess an organization’s maturity in performing, planning, managing, measuring, and defining cybersecurity capabilities, there are ten main domains of cyber resilience based on this principle.
  2. There are six essential steps involved in building a cyber-resilient organization
  3. The four-part approach to cyber resilience that is suggested by the common cyber resilience framework can be of assistance to businesses.

CHECK YOUR UNDERSTANDING

Consider each of the following inquiries. Before moving on to the next question, check the material you have read if you are unsure of the response.

1. What are the main domains of cyber resilience?

2. What are the critical steps for constructing a cyber-resilient organization?

3. What are the main steps of building a cyber resilience framework in your organization?