Codecademy Logo

Cyber Resilience

Classification

Classification protects data based on the need for secrecy, sensitivity, or confidentially during storing, processing, or in transit.

In Cybersecurity, classification can be a part of an organization’s data policy.

Cybersecurity Frameworks

Frameworks are optional sets of standards and best practices that organizations can use to improve their overall security.

The NIST Cybersecurity Framework is an example of this.

The NIST Framework consists of five main elements:

  • Identify: Identify and understand threats and risks
  • Protect: Protect the organization’s assets
  • Detect: Detect incidents
  • Respond: Respond to incidents
  • Recover: Recover from incidents, evaluating how to prevent reoccurrence

Incident Response

In Cybersecurity, incident response is defined as everything that needs to happen to investigate and recover from an incident.

Incident Response (IR) Policy

In Cybersecurity, Incident Response (IR) Policy ensures that an organization has a plan and is prepared to respond to Cybersecurity incidents so the organization can:

  1. Protect its systems and data
  2. Prevent disruption of its services

Cybersecurity Policies & Procedures

In Cybersecurity, Policies and Procedures refer to the documentation that defines how employees should accomplish their tasks in compliance with the security policy.

They often includes specific plans and procedures defining how to install and configure security components, respond to incidents, and avoid incidents.

An image showing a checklist titled "Policies".

Personnel Policies

In Cybersecurity, Personnel Policies are policies that mandate appropriate user behaviors in order to implement proper security measures.

Third-Party Risk Management

In Cybersecurity, Third-party Risk Management (TPRM) plans address the Cybersecurity risk involved when interacting with external entities.

TPRM plans should include:

  • Business Partners
  • Service-Level Agreements (SLA)
  • Memorandums of Understanding (MOU)
  • Business Partnership Agreements (BPA).

Data Policies

In Cybersecurity, Data Policies cover:

  • Classification of Data
  • Governance of Data
  • Retention of Data

Data Governance

Data Governance is a collection of best practices to support the security efforts of an organization’s data.

In Cybersecurity, governance can be a part of an organization’s data policy.

Data Retention

Data Retention defines a specific time frame to store, delete, destroy, and/or sanitize data.

In Cybersecurity, retention can be a part of an organization’s data policy.

Credentials policies

In Cybersecurity, Credentials policies define the requirements for subjects to receive authentication, authorization, and accounting (AAA) in order to be fully operational in an organization.

Organizational Policies

Organizational Policies dictate security methods and requirements for the organization.

These could include:

  • Change management
  • Change control process
  • Asset inventory management
  • Data policies
  • Credentials policies
  • Personnel policies

NIST CSF Core’s Functions

The NIST framework core has five functions that aid in expressing cybersecurity risk at the management level and enables decisions making:

  • The Identify Function helps an organization prioritize its efforts based on understanding the business context, required resources to support critical functions, and related cybersecurity risks.

  • The Protect Function provides safeguards to ensure the rendering of critical services despite cybersecurity events.

  • The Detect Function delineates appropriate activities to discover cybersecurity events timely.

  • The Respond Function is comprised of actions after detecting a cybersecurity incident.

  • The Recover Function includes activities that help establish normal operations after a cybersecurity incident.

An image showing that the NIST Cybersecurity Framework includes identify, protect, detect, respond, and recover.

NIST Cybersecurity Framework Components

The NIST Cybersecurity Framework has three components:

  • Framework Core
  • Implementation Tiers
  • Profiles

NIST CST Core

The NIST Cybersecurity Framework’s Core provides desired Cybersecurity activities and outcomes that are organized into:

  • Functions
  • Categories
  • Subcategories
  • Informative references

NIST CSF Implementation Tiers

The NIST Cybersecurity Framework (CSF) implementation tiers measure how well-integrated cybersecurity risk decisions are into the organization’s broader risk decisions.

The organizations based on their business needs can select the desired tiers. The tiers range from 1-4:

  • Partial: Organization has limited awareness of cybersecurity risk.
  • Risk-Informed: Organization has awareness of cybersecurity risk.
  • Repeatable: Organization takes action against cyber risks in the supply chain.
  • Adaptive: Organizational culture includes cybersecurity risk management.

NIST CSF Profiles

The NIST Cybersecurity Framework profiles are used to align:

  • Organizational objectives
  • Risk appetite
  • Resources against desired outcomes

These are used to identify gaps between the current and target operating state. Profiling allows organizations to create a prioritized implementation plan that helps them plan and budget cybersecurity improvements.

Cyber Resilience

Cyber Resilience refers to the capability of an organization to perform its operations, tasks, mission, and objectives despite experiencing impacts from security incidents.

Replication

In Cybersecurity, replication refers to having multiple copies of the same data available in multiple locations.

This sounds similar to geographic dispersal, but, remember, these are two different concepts!

High Availability

In Cybersecurity, high availability refers to the assurance that a system will be available to respond to requests and complete requested operations in a timely manner.

Elasticity and scalability are two important pieces of ensuring high availability.

Restoration Order

In Cybersecurity, restoration order refers to the sequence in which mission-critical business processes should be restored.

Diversity

In Cybersecurity, diversity refers to having multilayered security by having different types of access control provided by different entities/products to support Cyber Resilience.

Non-persistence

In Cybersecurity, non-persistence refers to the ability to maintain a system’s integrity despite multiple attempts of changes by the users or attackers.

Cyber Resilience Components

In Cybersecurity, some things that go into achieving Cyber Resilience are:

  • Redundancy of Geography, Disk, Network, and Power
  • Replication of Data through Backups
  • Non-Persistence
  • High Availability
  • Restoration Order
  • Diversity

Redundancy

In Cybersecurity, redundancy refers to having alternate ways to maintain the availability of a resource.

Geographic Dispersal

In Cybersecurity, geographical dispersal refers to placing physical distances between duplicate systems so the organization can avoid damages to both the primary and alternate resources from the same disaster.

Geographic redundancy can help prevent a complete loss of data or resources in the case of natural disasters like hurricanes, tornados, earthquakes, etc.

Learn more on Codecademy