CIO OPINION and the focus needs to be on keeping systems up and running during recovery , speed restoration , reduce downtime and minimize the overall impact of an attack .
Cyber-resilience relies on people , processes and technology
The second element – processes – need to be clearly defined and must be repeatable and measurable . For most organizations , pinpointing weaknesses and gaps and making the necessary process improvements will be an iterative journey that will require constant review .
Using the most conventional definition , cyberresilience measures an organization ’ s strength in preparing for , operating through , and recovering from an attack .
Using this description , companies will require a holistic security program to assure the resilience of their organization and that of their customers before , during and after adverse events . Key to the success of cyberresilience is an organization ’ s ability to quickly identify , respond to and recover from security incidents .
Finally , technology solutions must be able to properly support people and processes . This requires organizations to evaluate whether they have adopted the right solutions , determine whether they are using them to their full potential , and look at how technology could be more effectively harnessed .
Since a great number of cyber-resilience issues aren ’ t technology based , it ’ s important for organizations to realize that their cyber-resilience initiatives rely primarily on people and processes .
To achieve this next level of security , cyber-resilience must rest on people , processes and a combination of technologies . When assessing their security posture , organizations need to identify gaps in their security capabilities from a people , processes and technology perspective and take the necessary steps to address these .
For instance , if a company finds that the staff lacks security know-how , they need to determine the best way to remedy the gap . The solution may be to hire or develop dedicated security experts , as well as create enhanced security awareness throughout the organization by conducting periodic training .
In fact , technology investments come second , and they should be made based on the needs of people and processes , not vice versa .
In addition to their well-established cybersecurity practices , cyberresilience incorporates incident response , as well as Business Continuity and Disaster Recovery .
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 45