Governments, businesses, and individual users are targets for ever-more frequent and threatening attacks. Cyber attackers are now more ambitious than ever, targeting financial information, customer data and intellectual property - the loss of which can severally harm an entire business. Cybersecurity is a board level issue, but not enough organisations treat it that way.
Organisations should consider that a breach is inevitable, despite their best defensive efforts, motivated hackers will always find a way around firewalls, antivirus software and other protective measures. BCMfort allows management and IT departments to focus on critical assets and ensure the integrity, confidentiality and the availability of such assets.
The single biggest existential threat that's out there, is cyber - Michael Mullen
- 74% of organisations reported a security breach in the last year - PWC
- Every minute, we see about half a million attack attempts in cyber space - Fortinet
- 49% of companies consider cyber-security the biggest risk - KPMG
- Cybersecurity spending outlook: $1 trillion from 2017 to 2021 - CSO
Why is Cyber Resilience a struggle with standard technology?
Cyber-security as an issue has made it to the Boardroom, but the lack of management information and an understanding of their critical assets still eludes senior management and boards.
Why monitoring CYBER SECURITY is a struggle with standard technology?
- Data and information relevant to Cybersecurity is scattered across too many places to allow key insights
- IT departments have limited resources to deal with such sophisticated adversaries
- Organisations require an effective BCM system but are limited to:
- Complicated, extensive and costly GRC solutions, or
- Simple spreadsheets which are outdated and dangerous due to little or no control over changes, versioning, reporting, error checking
Who is involved?
|Individuals with information system, security, risk management, and oversight responsibilities||Individuals with information system, security, risk management, and oversight responsibilities|
|CIO, IT Directors, IT Managers||Government organisations|
|Individuals with oversight responsibilities in risk management||Individuals with development responsibilities|
|EXCO, risk executives||System designers, developers, integrator|
|Individuals responsible for conducting business critical functions||Individuals with monitoring responsibilities|
|Business owners, information owners, authorising officials||Auditors, inspectors, assessors, analysts|
|Individuals with operational responsibilities||Board of Directors|
ISO/IEC 27000 family
Information security management systems
Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
There are more than a dozen standards in the 27000 families, you can see them here.
Information Security Management System
We at BCMfort have taken the complex topic of Cyber Resilience and turned it into a pragmatic cycle that can be used by any organisation.
- Comprehensive Business Impact Assessment to identify their most critical Products and Services
- The Process and Resources required to make these operational
- Identify the threats to these Resources and Processes
- Build BCP plans to respond to an incident
- Setup and manage the controls to reduce the impact or probability of those threats.
- Be able to react to an incident promptly, no matter who is in the office.