This website uses cookies. View our cookie policy
Close
United Kingdom
Select regional store:

Cyber Resilience Framework 4: govern and assure

The fourth element of IT Governance’s Cyber Resilience Framework includes activities for the board and senior managers to ensure that cyber resilience is overseen and validated from the top of the organisation.

It should cover:

  • Comprehensive risk management programme 
    A systematic and ongoing process of identifying, assessing and responding to cyber and information security risks. This is a fundamental competence for any effective cyber security or cyber resilience framework, and will inform how and when the other processes are applied. 

  • External validation/certification  
    Certification to international standards or established cyber security frameworks provides external validation of your organisation’s cyber security and resilience, and can provide assurance to customers and other stakeholders. In some cases, third parties may require compliance audits or validation through a specific scheme.

  • Internal audit 
    A programme of regular audits assesses the organisation’s information security controls. The results are assessed as part of a senior management review. 

  • Board-level commitment and involvement 
    The board endorses, supports and participates in the cyber security strategy, and receives regular updates on security issues, risks and compliance. 

  • Governance structure and processes 
    The organisation has clear governance structures and defined lines of responsibility and accountability to oversee its cyber security and resilience processes. This might include organising different elements of the framework into functions overseen by an accountable director or governance committee. 

  • Continual improvement process  
    A process to continually review and improve the organisation’s security measures, and to adapt to the changing threat landscape. This might include adopting well-known improvement models such as PDCA (Plan-Do-Check-Act), ITIL®’s Continual Service Improvement or COBIT®’s continual improvement lifecycle. 

The extent to which you implement these measures will depend on your own environment and compliance requirements.
 

<< 3: Respond and recover


Speak to an expert

Please contact our team for advice and guidance on our cyber resilience products and services.