Implement infrastructure, applications and operations that are secure by design
Cyber-resilience is the ability of an organization to continuously deliver products and services despite cyber-related events impacting normal operations. This belief embraces the concept that businesses must prepare for, prevent, respond and successfully recover to secure state without disruption or degradation to normal delivery expectations.
Secure by design
Cybersecurity must be considered as a core business function, designed to protect resources and implemented to mitigate risk. Organizations must implement infrastructure, applications and operations that are secure by design ̶ meaning including security is a key and conscious decision in the approach to designing business solutions from end to end. But since absolute cybersecurity is impossible, they must also consider how to become cyber-resilient.
How to develop a cyber-resilience strategy
A good place to start is understanding what exactly the organization is trying to protect. A business’ ability to identify key intellectual property, critical assets, data and core delivery functions are fundamental to its capability to design an appropriate infrastructure and overarching security program. Although there are several risk assessment methodologies organizations may consider, the foundational concept should aim to address the following questions:
- What data and capabilities are the most important for our business?
- What are the systems involved in supporting the data and capabilities?
- How will our organization and our customers use the data and services provided?
With the information, you can begin to define a comprehensive security program that includes the policies, development controls, processes, technologies, and training as well as components of network design, application development and deployment.
Steps to success
To achieve true cyber-resilience, the following foundational concepts must be well planned and executed:
- Develop a cybersecurity strategy and ensure proper leadership support.
- Use a common language of risk while aligning security with business objectives.
- Establish the optimal security mindset and ensure all employees are aware they have a role in the success of the organization’s security program.
- Identify and map risks to critical assets.
- Design, build and deploy solutions that are difficult to attack and are secure by design.
- Secure the foundation and don’t undervalue the foundations of security. Get the basics right first and build additional capabilities upon the strong foundation.
- Implement appropriate security monitoring to reduce adversary dwell time.
- Embrace the applied intelligence approach and ensure proactive defense and adaptive response capabilities are well architected and implemented.
- Measure your security capabilities and adjust your priorities based on insight from reporting, metrics and validation processes.
Insights uncovered by our Guide
IoT weaponization on the rise
Re-emergence of IoT weaponization as devices continue to be compromised.
The evolution of governance, risk and IT compliance
How the regulatory landscape is constantly changing.