The Essential Guide to Cybersecurity for SMBs by Hayslip Gary

Author:Hayslip, Gary [Hayslip, Gary]
Language: eng
Format: azw3, epub, pdf
Published: 2020-06-09T16:00:00+00:00

Chapter 13

What Does a Cyber-resilient Business Look Like?

Resiliency is not just for large organizations. SMBs should incorporate resiliency principles as a means of reducing risk. As a community, we continuously hear that all companies are experiencing a rise in the threats and attacks they face and that there are new evolving threats are out there waiting to strike. I don’t believe in fear-mongering; however, keeping this sense of urgency in mind, I think it’s essential for the security managers of SMBs to understand what resiliency looks like, how it can fit into their security program’s strategic plan, and how it will change an SMBs security budget. As the security manager and company start to contemplate what processes may require resiliency, don’t forget that it is also important to include methods for measuring high levels of resiliency. The end goal is to effectively blend resiliency into critical business operations and develop metrics that the SMB’s security manager can use to measure what level of resiliency equates to measurable business value, justifying the expenditure of security department resources.

The dictionary definition of resilience is the “capacity to recover quickly from difficulties .” In cybersecurity, the definition of resiliency is focused on how organizations recover from an incident that incorporates multiple domains such as cybersecurity, business continuity, disaster recovery, and organizational operations. The objective of cyber resiliency is for the SMB to be able to adapt and continue delivering services to its customers while the event is ongoing and being addressed by their security manager and team. Additionally, the business operations domain should include processes to restore standard business services after the incident occurs .

From a security manager’s perspective, I believe this concept is critical to protecting an organization’s strategic operations. While I researched cyber resiliency for improving my organization's business continuity operations I enjoyed the work done by MITRE, which showcased their version of a Cyber Resiliency Engineering Framework for businesses [25] . They pictured a methodology of techniques that, when incorporated together, helped organizations meet specific objectives and enabled resilient business operations. Fast forward to 2018, and many of the same authors and researchers from MITRE matured their research, which is now available in the current NIST publication, “Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems.” It is absolutely worth reading.

For cyber resiliency, the NIST publication states that there are specific techniques that provide a level of trustworthiness when adequately incorporated into a business’ security and risk management portfolio. I find that many of the methods listed by the new NIST cyber resiliency publication [26] can be traced to fundamental cyber hygiene principles. Note that we have covered many of these principles in chapter four, so if you were reading along and implementing them to help your SMB you were already incorporating resilient practices. – congratulations!

The following are the NIST resiliency techniques, with hygiene controls and practices in bold, that security managers for small businesses can implement to mature their security programs and improve their company’s ability to provide services during a cyber incident.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.