Cyber Resilience

CYBER RESILIENCE

Governments, businesses, and individual users are targets for ever-more frequent and  threatening attacks. Cyber attackers are now more ambitious than ever,  targeting financial information, customer data and intellectual property - the loss of which can severally harm an entire business. Cybersecurity is a board level issue, but not enough organisations treat it that way.

Organisations should consider that a breach is inevitable, despite their best defensive efforts, motivated hackers will always find a way around firewalls, antivirus software and other protective measures.  BCMfort allows management and IT departments to focus on critical assets and ensure the integrity, confidentiality and the availability of such assets.

The single biggest existential threat that's out there, is cyber - Michael Mullen

  • 74% of organisations reported a security breach in the last year - PWC
  • Every minute, we see about half a million attack attempts in cyber space - Fortinet
  • 49% of companies consider cyber-security the biggest risk  - KPMG
  • Cybersecurity spending outlook: $1 trillion from 2017 to 2021 - CSO

Why is Cyber Resilience a struggle with standard technology?

Cyber-security as an issue has made it to the Boardroom, but the lack of management information and an understanding of their critical assets still eludes senior management and boards.

Why monitoring CYBER SECURITY is a struggle with standard technology?

  • Data and information relevant to Cybersecurity is scattered across too many places to allow key insights
  • IT departments have limited resources to deal with such sophisticated adversaries
  • Organisations require an effective BCM system but are limited to:
    • Complicated, extensive and costly GRC solutions, or
    • Simple spreadsheets which are outdated and dangerous due to little or no control over changes, versioning, reporting, error checking

Who is involved?

Individuals with information system, security, risk management, and oversight responsibilities Individuals with information system, security, risk management, and oversight responsibilities
 CIO, IT Directors, IT Managers Government organisations
Individuals with oversight responsibilities in risk management Individuals with development responsibilities
EXCO, risk executives System designers, developers, integrator
Individuals responsible for conducting business critical functions Individuals with monitoring responsibilities
Business owners, information owners, authorising officials Auditors, inspectors, assessors, analysts
Individuals with operational responsibilities Board of Directors
   

ISO/IEC 27000 family

Information security management systems

The ISO/IEC 27000 family of standards helps organizations keep information assets secure.

Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

There are more than a dozen standards in the 27000 families, you can see them here.

Information Security Management System

We at BCMfort have taken the complex topic of Cyber Resilience and turned it into a pragmatic cycle that can be used by any organisation.

  • Comprehensive Business Impact Assessment to identify their most critical Products and Services
    • The Process and Resources required to make these operational
  • Identify the threats to these Resources and Processes
  • Build BCP plans to respond to an incident
  • Setup and manage the controls to reduce the impact or probability of those threats.
  • Be able to react to an incident promptly, no matter who is in the office.

See how BCMfort as a ISMS can help