Implement infrastructure, applications and operations that are secure by design

Cyber-resilience is the ability of an organization to continuously deliver products and services despite cyber-related events impacting normal operations. This belief embraces the concept that businesses must prepare for, prevent, respond and successfully recover to secure state without disruption or degradation to normal delivery expectations.

Secure by design

Cybersecurity must be considered as a core business function, designed to protect resources and implemented to mitigate risk. Organizations must implement infrastructure, applications and operations that are secure by design  ̶  meaning including security is a key and conscious decision in the approach to designing business solutions from end to end. But since absolute cybersecurity is impossible, they must also consider how to become cyber-resilient.

How to develop a cyber-resilience strategy

A good place to start is understanding what exactly the organization is trying to protect. A business’ ability to identify key intellectual property, critical assets, data and core delivery functions are fundamental to its capability to design an appropriate infrastructure and overarching security program. Although there are several risk assessment methodologies organizations may consider, the foundational concept should aim to address the following questions:

  • What data and capabilities are the most important for our business?
  • What are the systems involved in supporting the data and capabilities?
  • How will our organization and our customers use the data and services provided?

With the information, you can begin to define a comprehensive security program that includes the policies, development controls, processes, technologies, and training as well as components of network design, application development and deployment.

Pursue intelligence-driven security to be cyber-resilient . #cybersecurity #GTIR2020 Tweet this

Steps to success

To achieve true cyber-resilience, the following foundational concepts must be well planned and executed:

  • Develop a cybersecurity strategy and ensure proper leadership support.
  • Use a common language of risk while aligning security with business objectives.
  • Establish the optimal security mindset and ensure all employees are aware they have a role in the success of the organization’s security program.
  • Identify and map risks to critical assets.
  • Design, build and deploy solutions that are difficult to attack and are secure by design.
  • Secure the foundation and don’t undervalue the foundations of security. Get the basics right first and build additional capabilities upon the strong foundation.
  • Implement appropriate security monitoring to reduce adversary dwell time.
  • Embrace the applied intelligence approach and ensure proactive defense and adaptive response capabilities are well architected and implemented.
  • Measure your security capabilities and adjust your priorities based on insight from reporting, metrics and validation processes.
Jon Heimerl

Jon Heimerl

Senior Manager, Threat Intelligence Communication Team NTT Ltd.

How we can help you

form

Download the Technical Report and our Executive Guide