Part 2 : Implementing Cyber Resilience
In the Part 1, we discussed why building cyber resilient resources is critical to building an agile and adaptive business solution. Continuing on the same topic, in this blog we discuss on nuances of implementing cyber resilient resources.
If not already evident, cyber resilience is a multi-level function in an organization. Just line organisation level functions are broken into more granular bits, we break the cyber resilience framework into Goals, Objective and Techniques.
Goals and Objectives of Cyber Resilience
Goals can be considered as a starting point, providing the linkage between risk management decisions at the business process level and at the system resource level.
At a minimum, cyber resilience seeks to address the following goals.
- Anticipate: Maintain a state of preparedness for Cyber Incidents.
- Withstand: Continue essential business functions despite cyber Incident
- Recover: Restore business function to the earliest (RTO & RPO) after Cyber Incident.
- Adapt: Modify business functions and/or support capabilities to predicted changes in the technical, operational and threat environments.
Objectives are specific statements of what a system must achieve in its operating environment and sustain the same throughout its lifecycle.
- Prevent or Avoid: Preclude a successful execution of a cyber attack
- Prepare: Maintain a set of realistic course of action to address predicted cyber-attacks.
- Continue: To keep essential business functions up and operational during a cyber-incident to the maximum duration possible.
- Constrain: Limit the extent of damage / adverse impact to the minimum due to cyber-incident.
- Reconstitute: Restore maximum business functions at the least possible time.