STRATEGIC DEFENCE-GARTNER DESCRIBES BIA AS THE“CENTRE OF THE UNIVERSE” REGARDINGALL RESILIENCE ACTIVITIES.Understanding the True Valueof Cybersecurity InvestmentSo, how do we elevate thecybersecurity investmentconversation? Firstly, security leadersmust determine what functions aremission-critical to the business. Theymust then understand the possiblerisk scenarios that could jeopardisethose functions. It’s essential to knowwhat you’re protecting and why. This,in turn, will help you to understandwho threatens you and whattechniques, tactics and processes(TTPs) they are likely to use.By understanding the outcomes ofthe BIA, businesses can developa security program that prioritisescritical functions to monitorand the controls required toprotect them. This approach willhelp organisations protect their“crown jewels” or mission-criticalsystems. A bonus by-product ofa comprehensive BIA is that itcan also increase efficiency andsafety by identifying duplicate orunderused applications or assetsfor possible retirement.Failing to fully scope or definemission-critical components of thebusiness or understand incidentramifications can lead to over orunder-investment, disorganisedpriorities, or unsuitable recoveryrequirements. It could also leadto an overabundance ofmisplaced confidence in thebusiness’s incident responsecapabilities.Using BIA to DriveCyber ResilienceGartner describes BIA as the“centre of the universe” regardingall resilience activities. Gartnerrecommends that organisationsundertaking BIA do the following:•Develop a set of risk tolerancelevels across multiplerisk impact categories,including financial, brandand reputational, legal andregulatory, life and safety,and productivity. This holisticapproach enables informeddecision-making and helpsorganisations maintain abalanced risk posture in theface of diverse challenges.•Formulate a prioritisedlist of business functionsby criticality, ranging frommission-critical to deferrable.•Chart a dependency map ofother business functions,facilities, workforce,applications, IT services,third parties and vital data.•Establish collaborationbetween business and ITthrough joint sponsorshipand project management foraccurate and valuable results.This ensures that criticalitydesignations are unbiasedand balanced acrossdifferent areas.Once the BIA results have beenvalidated and approved, the nextcrucial step is to implement them.The IT teams can evaluate theirrecovery abilities based on theBIA results, pinpointing areasthat need improvement. Thisassessment will guide theimplementation of essentialprocessing, backup, and recoverysolutions to address these gaps.Similarly, management will needto assess their capability tosupport remote work when theprimary production location cannotbe accessed. This evaluationensures that necessary measuresare in place to enable seamlessremote working and maintainoperational efficiency.Clear scoping leads to a clearmission, enabling effective directionof cybersecurity investments.Demonstrating resilience, ensuringcontinuity, and quantifying cyberinvestments become achievablethrough these efforts. Forprofessional guidance, considerengaging an independent thirdparty like Adarma to support yourorganisation in this process.ADARMA CYBER INSIDERS|39
It seems that your browser's pop-up blocker has prevented us from opening a new window/tab. Please click the button below to open the link manually.
