Cyber Security

- Cyber Security Planning and Execution

Cyber security planning is essential because you will be the target of a breach at some time in the future. Your level of preparedness will be crucial in helping the organisation defeat the attack or limit the damage caused.

Cyber Security

- Cyber Security Planning and Execution

Cyber security planning is essential because you will be the target of a breach at some time in the future. Your level of preparedness will be crucial in helping the organisation defeat the attack or limit the damage caused.

Why you need a Cyber Security Plan

 

The Protective Security Requirements (PSR) outlines the Government’s expectations for managing personnel, physical and information security. Your Cyber Security planning should encompass planning for cyber events and threats to your core services.

The level of preparedness cuts down the time expended in executing a response to the threats and/or cyber attacks underway on your information systems. This time can save data, and limit the extent of damage to connected systems.  In turn, this enables a timely and accurate assessment to be made to inform stakeholders and progress remediation.

These are all activities which can limit the amount of damage to systems and data, and also limit the amount of reputational damage to an organisation.

Cyber Attacks are expected, poor responses and unpreparedness are not.

What does a Cyber Security Plan involve?

Planning involves taking a holistic look at an organisation and it’s ability to respond in the event of an attack.  This means considering resources, capabilities, skillsets, tools, planning and processes for incident response.  One of the key issues to consider is knowledge.  What level of threat intelligence is operating in the organisation? Where does it reside and how is it disseminated? What processes are in place to ensure that appropriate actions support the identification of a threat and it’s remediation? What are the organisation’s key information assets and how might they be compromised?

Depending on the organisation’s ICT maturity, the plan may augment existing processes, or identify a gap in core information security management capability and structure.

Items to consider could be:

1. Organisation structure, governance, roles and responsibilities.

Who has the responsibility to ensure the security of core and critical information systems? Are they adequately funded? Resourced? Supported by software and security toolsets and licensing?

2. Intimate knowledge of core information systems.

System components, OS versions, Application components and supporting technologies, licensing, dataflows, data repositories, connected systems, networking and internet connectivity.

3. Key knowledge repositories and staff.

What key knowledge and understanding of systems is documented? Is it up to date? Is it accessible to support staff? Are the key staff supported and is local knowledge shared?

4. Threat Intelligence processing.

What processes and resources support your threat analysis? Do you have the appropriate skills in place? What are your sources of information? Are feeds automated?

5. System Security.

Is each system component hardened? Has the least privilege principal been applied to access control? Is multi-factor authentication in place for management and admin access? Are security events logged and monitored? Are controls integrated into an operational security capability? Have threshold event triggers been tested?

6. Vulnerability Management.

Is a defined process in place? Is it prioritised for critical and key systems? Does it cover all layers of your application stack? Is there regular system scanning in place?

7. Availability Backups and DR.

Are availability SLA’s in place with business stakeholder’s and contractually agreed with all support vendors? Are the backup, restore and DR process’s all defined and tested?

8. Data Security.

Are all data stores protected from unauthorised access? Is data encrypted at rest and in transit?

9. Security Testing.

Are security controls regularly tested? Embedded for critical systems? How do you know they are secure? Are regular risk assessments undertaken? Is appropriate reporting in place?

10. Assurance.

Are assurance processes embedded for critical systems? How do you know they are secure? Are regular risk assessments undertaken? Is appropriate reporting in place? Are the systems certified by an approved independent security certification provider? How do you rate your current cyber security capability?

The expert team at CANDA can provide a complete ICT security service for your agency, ensuring all upskilling, assessments, and NZISM-specific requirements are followed through the Certification & Accreditation process.

Contact CANDA ICT Cyber Security experts for assistance

 

Our experienced team at CANDA are experts in everything ICT security related and can provide a range of services to ensure you are prepared for any cyber security events.

Contact CANDA today to speak to one of our team and learn more about how we can help.

CONTACT CANDA