Cyber resilience is the ability to prepare for, respond to and recover from cyber attacks. It helps organisations protect themselves from cyber risks, defend against and limit the severity of attacks, and ensure that business operations continue to function.
The concept is relatively new, but it has its roots in longstanding solutions to common problems and is quickly becoming an essential response to the modern threat landscape. Cyber crime is thriving and attacks are indiscriminate, meaning all organisations must prepare for the possibility of a disruption.
To help spread the understanding of cyber resilience, we’ve created the Cyber Resilience Framework.
Understanding the framework
The IT Governance Cyber Resilience Framework describes four levels of cyber resilience maturity:
- Core: for organisations getting started with cyber security.
- Baseline: covering the majority of controls that are necessary to meet legal and regulatory requirements.
- Extended: for those building resilience by securing suppliers, services and continuity.
- Embedded: in which cyber resilience objectives are aligned with wider business objectives.
The framework also identifies four key components of effective cyber resilience, each of which comprises a number of controls.
We explain which controls are necessary for each level of maturity and to meet the requirements of various laws and best practices, including the GDPR (General Data Protection Regulation), PCI DSS (Payment Card Industry Data Security Standard), Cyber Essentials, ISO 27001 and ISO 22301.
Are you on the right path to cyber resilience?
You can find out more about the IT Governance Cyber Resilience Framework by downloading our free green paper: Managing Cyber Risk.
It makes the case for why your organisation must adopt a cyber resilience approach, and explains in more detail how our framework and cyber resilience maturity scale works.