Organisations have a harder time than ever staying cyber secure. Cyber criminals are constantly looking for new ways to launch attacks, so even the most vigilant organisation can get caught out. After all, it only takes one vulnerability for an attack to be successful.
To best prepare for cyber incidents, organisations need to accept that they will probably be breached at some point. But there’s no need to treat it as just one of things that happens; rather, organisations should implement a business continuity management system (BCMS) to mitigate the damage of an attack and speed up the recovery process.
A BCMS should work alongside an information security management system (ISMS) to tackle both prevention and response.
When prepared for together, cyber security and business continuity form an approach known as cyber resilience:
- Identify and protect with an effective information security management system (ISMS);
- Detect through event monitoring and logging and penetration testing; and
- Respond and recover with a robust business continuity management system (BCMS).
The cyber resilience approach
The benefit of cyber resilience is that it allows organisations to avoid an ‘all or nothing’ outlook on information security. You can’t put all your faith in your ability to prevent cyber attacks, nor can you blindly accept that you’re going to be breached at some point.
Any organisation that wants to implement a cyber resilience approach needs to document its:
- ISMS, including:
- Scope statement;
- Information security policy;
- Risk assessment;
- Risk treatment plan;
- Information security continuity plan;
- Internal audit procedure;
- BCMS, including:
- Continual improvement;
- Business continuity policy;
- Business continuity objectives and planning procedure; and
- Business impact analysis procedure.
You can complete all these documents easily with the help of our Cyber Resilience Toolkit.
This toolkit includes templates for all the documents you’ll need, as well as guidance documents and project tools to make sure you’ve correctly implemented the requirements. Easy-to-use dashboards and gap analysis tools give you full control over the process, and you’ll also receive guidance from experienced information security and business continuity experts.