Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

‘Cyber Security Strategies: Achieving Cyber Resilience’

Independent information security body, the Information Security Forum (ISF) has published a new guidance document for business leaders and information security professionals, giving advice and practical guidance on the threats in cyberspace. The report, ‘Cyber Security Strategies: Achieving Cyber Resilience’ addresses the risk vs reward aspects of cyberspace and identifies the key capabilities that organizations need to adopt to increase their resilience to threats.

Michael de Crespigny, CEO of ISF, says: “Business leaders recognise the huge opportunities and benefits cyberspace offers in terms of increasing innovation, collaboration, productivity, competitiveness and customer engagement and they will continue to work hard to exploit the opportunities it presents. Yet many are having difficulty determining the risk vs reward aspect, preparing for adverse surprises, and understanding that with benefits come significant risks.”

ISF believes the step change in benefits from cyberspace is accompanied by a step change in the profile and seriousness of the threats, driven by two key factors:

  • Cyber criminals (hacker groups, criminal organizations and hacktivists) worldwide are better organized and more professional in their approach. They innovate just as business does and the financial rewards for them grow as business use of cyberspace grows. They have access to powerful, evolving capabilities, which they use to identify, target and attack. They have well-developed marketplaces for buying and selling tools and expertise to execute sophisticated attacks – ISF calls this ‘Malspace’.
  • Cyberspace is constantly evolving and presenting new opportunities. The desire of businesses to quickly adopt new technologies, using the Internet to open new channels and adopting cloud services, provides enormous opportunity, but also brings unforeseen risks and unintended consequences that can have a negative impact.

The ISF report addresses this step change by recommending a way forward for public and private sector organizations and providing advice on how to anticipate and respond to the threats. As well as identifying the problems, it introduces the ISF Cyber Resilience Framework, a vision for organizational resilience that can be used to deal with threats head-on, while building on existing security practices and infrastructure.

De Crespigny adds: “Cyberspace is critical to all organizations today – from the supply chain to customer engagement – and slowing adoption or disconnecting is simply not an option. Based on insights from our global Membership and research, our Cyber Resilience Framework identifies the key capabilities that organizations need in order to enhance their security posture and protect their business against ever-evolving cyber threats.”

There are 10 key findings in the Cyber Security Strategies: Achieving cyber resilience report:

1. The benefits of cyberspace are immense, as are the risks – the more successful you are in cyber space the greater the impact of risk;
2. Organizations must embrace uncertainty and develop cyber risk resilience;
3. Malspace is a global industry that has evolved to facilitate cyber crime;
4. Impacts from cyber threats can have a very long and disproportionate risk tail;
5. Hacktivism presents significant threats to the organization, not just its information security;
6. Cyberspace vastly increases information security risk;
7. Information security is fundamental and more important for security in cyberspace;
8. The complexity of cyberspace enables threats to combine quickly in unpredictable and dangerous ways;
9. It is essential to collaborate, share intelligence and influence good practice across cyberspace;
10. Cyber security is more than information security - it’s a business issue.

The ISF report also includes practical guidance on getting support from senior management to address cyberspace threats; creating a Cyber Resilience Group to drive and co-ordinate all cyber resilience activities; and collaborating with others, including customers, supply chain partners and suppliers, to share intelligence and best practice. An executive summary of the report is available from the ISF website www.securityforum.org and the full report is now available to non-Members to purchase from ISF’s online store: https://store.securityforum.org/shop/

•Date: 27th January 2012 • UK/World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here