The Essential Guide to Cybersecurity for SMBs by Hayslip Gary
Author:Hayslip, Gary [Hayslip, Gary]
Language: eng
Format: azw3, epub, pdf
Published: 2020-06-09T16:00:00+00:00
Chapter 13
What Does a Cyber-resilient Business Look Like?
Resiliency is not just for large organizations. SMBs should incorporate resiliency principles as a means of reducing risk. As a community, we continuously hear that all companies are experiencing a rise in the threats and attacks they face and that there are new evolving threats are out there waiting to strike. I don’t believe in fear-mongering; however, keeping this sense of urgency in mind, I think it’s essential for the security managers of SMBs to understand what resiliency looks like, how it can fit into their security program’s strategic plan, and how it will change an SMBs security budget. As the security manager and company start to contemplate what processes may require resiliency, don’t forget that it is also important to include methods for measuring high levels of resiliency. The end goal is to effectively blend resiliency into critical business operations and develop metrics that the SMB’s security manager can use to measure what level of resiliency equates to measurable business value, justifying the expenditure of security department resources.
The dictionary definition of resilience is the “capacity to recover quickly from difficulties .” In cybersecurity, the definition of resiliency is focused on how organizations recover from an incident that incorporates multiple domains such as cybersecurity, business continuity, disaster recovery, and organizational operations. The objective of cyber resiliency is for the SMB to be able to adapt and continue delivering services to its customers while the event is ongoing and being addressed by their security manager and team. Additionally, the business operations domain should include processes to restore standard business services after the incident occurs .
From a security manager’s perspective, I believe this concept is critical to protecting an organization’s strategic operations. While I researched cyber resiliency for improving my organization's business continuity operations I enjoyed the work done by MITRE, which showcased their version of a Cyber Resiliency Engineering Framework for businesses [25] . They pictured a methodology of techniques that, when incorporated together, helped organizations meet specific objectives and enabled resilient business operations. Fast forward to 2018, and many of the same authors and researchers from MITRE matured their research, which is now available in the current NIST publication, “Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems.” It is absolutely worth reading.
For cyber resiliency, the NIST publication states that there are specific techniques that provide a level of trustworthiness when adequately incorporated into a business’ security and risk management portfolio. I find that many of the methods listed by the new NIST cyber resiliency publication [26] can be traced to fundamental cyber hygiene principles. Note that we have covered many of these principles in chapter four, so if you were reading along and implementing them to help your SMB you were already incorporating resilient practices. – congratulations!
The following are the NIST resiliency techniques, with hygiene controls and practices in bold, that security managers for small businesses can implement to mature their security programs and improve their company’s ability to provide services during a cyber incident.
Download
The Essential Guide to Cybersecurity for SMBs by Hayslip Gary.epub
The Essential Guide to Cybersecurity for SMBs by Hayslip Gary.pdf
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7402)
Grails in Action by Glen Smith Peter Ledbrook(7295)
Kotlin in Action by Dmitry Jemerov(4638)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4131)
The Age of Surveillance Capitalism by Shoshana Zuboff(3422)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3242)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3027)
Mastering Python for Networking and Security by José Manuel Ortega(2951)
Blockchain Basics by Daniel Drescher(2890)
TCP IP by Todd Lammle(2639)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(2605)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2483)
Hands-On Azure for Developers by Kamil Mrzyglod(2411)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(2361)
React Native - Building Mobile Apps with JavaScript by Novick Vladimir(2340)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2313)
The Social Psychology of Inequality by Unknown(2310)
The Art Of Deception by Kevin Mitnick(2297)
Azure Containers Explained by Wesley Haakman & Richard Hooper(2250)