Suggested Cyber Resilience Activity Plan

Suggested Cyber Resilience Activity Plan

Suggested Cyber Resilience Activity Plan

1. Establish governance: Start by understanding key business drivers and obtaining senior management support for a robust cyber security programme.

2. Identify critical objectives, products and services to support people, processes, technology and the data infrastructure, rank critical objectives. This includes the ecosystem and supply chain, both 3rd parties who supply you and those that you supply.

3. Understand the threats, who might want to attack you, why, and how they might go about carrying out such an attack.

4. Understand what the most likely cyberattacks could cost your business through simplified cyber risk quantification coupled with a cyber risk management framework, which forms part of your overall operational risk management processes. This includes setting your risk appetite and reporting mechanism.

5. Establish an education and awareness programme, ensuring all of your employees, contractors and third parties can identify a cyberattack.

6. Secure your business at the technology level by deploying protections including secure configuration, patch management, firewalls, anti-malware, removable media controls, remote access controls, and encryption. Establish a Vulnerability Management, programme which manages vulnerabilities from identification through to remediation.

7. Be able to detect an attack. Establish a security monitoring capability which can detect an attack through monitoring activity at various levels within your business.

8. Establish a formal cyber incident management team who have been trained in and are following a documented plan, which is tested at least annually.

9. Establish recovery plans (including comprehensive backups) for all processes

10. Implement additional automated protections in addition to implementing complimentary capabilities/technologies such as Intrusion Prevention Systems (IPS), Intrusion
Detection Systems (IDS), Web Application Firewalls (WAF) and Data Loss Prevention systems.

11. Carry out a cyber incident simulation exercise to test your executive management’s ability to manage the response to a significant cyberattack.

12. Create a cyber risk management lifecycle. Reflect on all areas of your cyber risk management programme and identify areas for ongoing improvement, repeating risk assessments on a regular basis, and considering compliance with relevant regulations.




Comptia Security Plus ISO Model

Comptia Security Plus ISO Model, TCTIP Model, Hybird Model

How does ARP work? | ARP Commands

How does ARP work?, ARP Command

Comptia Security Plus | Network Traffic Analysis

Comptia Security Plus | Network Traffic Analysis

Ransomware and The Role of Cryptocurrency

Ransomware and The Role of Cryptocurrency

Understanding Ransomware | Defending Against Ransomware

Understanding Ransomware and Defending Against Ransomware

Types of Cyber Security Threats

Types of Cyber Security Threats: Ransomware, Malware, Social engineering, Phishing

Kaseya Cyber Attack | Kaseya Ransomware Attack

About 200 US businesses have been hit by ransomware attack, according to a cyber-security firm.

Cyber Security Structure Attacks | Unstructured Attacks

The cyber attacks can also be classified as structure attacks and unstructured attacks based on the level of maturity of the attacker

Suggested Cyber Resilience Activity Plan

Suggested Cyber Resilience Activity Plan

Classification of Cyber Crimes | Cyber Attacks

The cyber criminal could be internal or external to the organization facing the cyber attack