ACHIEVING CYBER RESILIENCE: A NEW FRAMEWORK
Announcement posted by InConsult 05 Mar 2021
Strengthen risk management and business continuity by shifting from cyber security to cyber resilience
SYDNEY, Australia – March 2, 2021 – InConsult, an advisory firm specialising in end-to-end risk management, cyber risk management, internal audit and business resilience services has released a revised cyber resilience framework.
Director, Tony Harb said "With more people and businesses connected to the Internet of Things (IoT) and cyber attacks at an all time high, cyber resilience, not just cyber security, has never being more important."
Cyber resilience is the ability to anticipate, prepare for, respond to and recover from cyber attacks or disruptions impacting information technology. It recognises that cyber security on its own is not enough and helps prepare the organisation to respond and recover from a range of cyber attacks," he added.
InConsult undertook a literary review of several cyber resilience frameworks and assessed them against business resilience models.
"We were very surprised with some fundamental gaps we observed. Yes, the various frameworks had most of the important elements, but our revised cyber resilience framework is different in three ways." Harb said.
InConsult's refined cyber resilience framework has 6 elements:
- Governance
- Identify
- Protect
- Detect and refine
- Respond
- Recover
Cyber resilience provides an organisation with an opportunity to look at and manage cyber risks from the top down, across different elements and at pre and post incident stage. It also is about engaging with stakeholders from the board down to end-users, vendors and customers. The framework shares its foundations with existing cyber resilience framework, but goes further. Harb described the key refinements to the cyber resilience framework as follows:
"Governance is the first step in our revised framework and forms the foundations of cyber resilience. Governance exists across all elements of the framework. In some of the frameworks we reviewed, governance was either missing or the last element."
"We also separate resilience into 2 states (1) pre incident state and (2) post incident state. This is important as enhancements in a post incident state need to happen much faster as there is an extreme sense of urgency and reputational risk is heightened"
"Finally, we include ‘refine’ as a centrepiece of the framework to ensure continuous improvement is considered before and after an incident." he concluded.
"A good framework is not a silver bullet against cyber risks, it should always be appropriate to the organisation, its environment and risk posture, but we wanted to help the board, management and information management specialists understand and apply elements of cyber resilience to their organisation" he added. "The framework is a work in progress and it will be refined with application in practice and as part of our continuous improvement process."
To take look at our new and revised cyber resilience framework, click here
About InConsult
Established in 2001, InConsult is a leading professional services firm based in Sydney with extensive local and international experience in risk management, business resilience, internal audit, corporate governance and risk management technology solutions. InConsult offers a comprehensive, end-to-end range of solutions to help public and private sector organisations effectively manage risks and improve internal controls to maximise opportunities. InConsult clients include Australian listed companies, not-for-profit organisations, international insurers and public sector organisations.
For more information, please contact:
Tony Harb, Director, InConsult
Telephone: 02 9241 1344
Email: admin@inconsult.com.au