Cyber Resilience refers to the capability of an organization to perform its operations, tasks, mission, and objectives despite experiencing impacts from security incidents.
In Cybersecurity, replication refers to having multiple copies of the same data available in multiple locations.
This sounds similar to geographic dispersal, but, remember, these are two different concepts!
In Cybersecurity, high availability refers to the assurance that a system will be available to respond to requests and complete requested operations in a timely manner.
Elasticity and scalability are two important pieces of ensuring high availability.
In Cybersecurity, restoration order refers to the sequence in which mission-critical business processes should be restored.
In Cybersecurity, diversity refers to having multilayered security by having different types of access control provided by different entities/products to support Cyber Resilience.
In Cybersecurity, non-persistence refers to the ability to maintain a system’s integrity despite multiple attempts of changes by the users or attackers.
In Cybersecurity, some things that go into achieving Cyber Resilience are:
In Cybersecurity, redundancy refers to having alternate ways to maintain the availability of a resource.
In Cybersecurity, geographical dispersal refers to placing physical distances between duplicate systems so the organization can avoid damages to both the primary and alternate resources from the same disaster.
Geographic redundancy can help prevent a complete loss of data or resources in the case of natural disasters like hurricanes, tornados, earthquakes, etc.
Classification protects data based on the need for secrecy, sensitivity, or confidentially during storing, processing, or in transit.
In Cybersecurity, classification can be a part of an organization’s data policy.
Frameworks are optional sets of standards and best practices that organizations can use to improve their overall security.
The NIST Cybersecurity Framework is an example of this.
The NIST Framework consists of five main elements:
In Cybersecurity, incident response is defined as everything that needs to happen to investigate and recover from an incident.
In Cybersecurity, Incident Response (IR) Policy ensures that an organization has a plan and is prepared to respond to Cybersecurity incidents so the organization can:
In Cybersecurity, Policies and Procedures refer to the documentation that defines how employees should accomplish their tasks in compliance with the security policy.
They often includes specific plans and procedures defining how to install and configure security components, respond to incidents, and avoid incidents.
In Cybersecurity, Personnel Policies are policies that mandate appropriate user behaviors in order to implement proper security measures.
In Cybersecurity, Third-party Risk Management (TPRM) plans address the Cybersecurity risk involved when interacting with external entities.
TPRM plans should include:
In Cybersecurity, Data Policies cover:
Data Governance is a collection of best practices to support the security efforts of an organization’s data.
In Cybersecurity, governance can be a part of an organization’s data policy.
Data Retention defines a specific time frame to store, delete, destroy, and/or sanitize data.
In Cybersecurity, retention can be a part of an organization’s data policy.
In Cybersecurity, Credentials policies define the requirements for subjects to receive authentication, authorization, and accounting (AAA) in order to be fully operational in an organization.
Organizational Policies dictate security methods and requirements for the organization.
These could include:
The NIST framework core has five functions that aid in expressing cybersecurity risk at the management level and enables decisions making:
The Identify Function helps an organization prioritize its efforts based on understanding the business context, required resources to support critical functions, and related cybersecurity risks.
The Protect Function provides safeguards to ensure the rendering of critical services despite cybersecurity events.
The Detect Function delineates appropriate activities to discover cybersecurity events timely.
The Respond Function is comprised of actions after detecting a cybersecurity incident.
The Recover Function includes activities that help establish normal operations after a cybersecurity incident.
The NIST Cybersecurity Framework has three components:
The NIST Cybersecurity Framework’s Core provides desired Cybersecurity activities and outcomes that are organized into:
The NIST Cybersecurity Framework (CSF) implementation tiers measure how well-integrated cybersecurity risk decisions are into the organization’s broader risk decisions.
The organizations based on their business needs can select the desired tiers. The tiers range from 1-4:
The NIST Cybersecurity Framework profiles are used to align:
These are used to identify gaps between the current and target operating state. Profiling allows organizations to create a prioritized implementation plan that helps them plan and budget cybersecurity improvements.