Put cyber resilience into action

The five step process for cyber resilience

While there are many variations – like Gartner’s ® Continuous Threat and Exposure Management (CTEM) and NIST’s Five Pillars – there is alignment in approaches around core risk management concepts.

Focus
- Set a narrow and actionable focus for this iteration of the cyber resilience process.
- The process can be scoped on an attack surface (ie., external-facing assets, cloud assets), by threat vector (ie., lookalike domains, insecure emails), or by business application (ie., brand abuse, executive impersonation).
- Stay focused and avoid the temptation to try to do everything.
Action plan
- Begin with the end in mind.
- Set forth an action plan for when you find security issues related to your focus.
- Scenario plan, gain organizational alignment on resources and timeline.
- Use if/then statements like “if we find certificates that are expired we will renew them within 24 hours.”
Verify
- Confirm the risk or threat is truly exploitable through red teaming, penetration testing or other validation methods. 85 percent of security issues in backlogs cannot be exploited.
- Validate the time investment for remediation
Prioritize
- Risks that are in scope and have been validated as truly exploitable should be prioritized based on business impact, likelihood of exploit and severity.
- Leverage information from automated tooling and organizational expertise to build a prioritized inventory of items to be remediated.
Remediate
- Focus on the business impact, not the number of issues fixed.
- Use automated fixes like patches and upgrades in addition to manual remediations for non-patchable exposures.
- Communicate effectively about the impact of the fixes through non-technical language.