Please contact our team for advice and guidance on our cyber resilience products and services.
A systematic and ongoing process of identifying, assessing and responding to cyber and information security risks. This is a fundamental competence for any effective cyber security or cyber resilience framework, and will inform how and when the other processes are applied.
Certification to international standards or established cyber security frameworks provides external validation of your organisation’s cyber security and resilience, and can provide assurance to customers and other stakeholders. In some cases, third parties may require compliance audits or validation through a specific scheme.
A programme of regular audits assesses the organisation’s information security controls. The results are assessed as part of a senior management review.
The board endorses, supports and participates in the cyber security strategy, and receives regular updates on security issues, risks and compliance.
The organisation has clear governance structures and defined lines of responsibility and accountability to oversee its cyber security and resilience processes. This might include organising different elements of the framework into functions overseen by an accountable director or governance committee.
A process to continually review and improve the organisation’s security measures, and to adapt to the changing threat landscape. This might include adopting well-known improvement models such as PDCA (Plan-Do-Check-Act), ITIL®’s Continual Service Improvement or COBIT®’s continual improvement lifecycle.
The extent to which you implement these measures will depend on your own environment and compliance requirements.