Enhancing your cyber posture and achieving critical infrastructure resiliency is essential to your business. To achieve it, you need to understand the challenges of building such a cyber program, despite the evolving threat landscape and perpetually expanding regulatory standards. When our clients seek to develop a more comprehensive cyber security program based on the NIST Cyber Security Framework (“CSF”), they intend to create a cyber security program to cover assets in their Operational Technology (OT) network not currently covered by regulatory compliance requirements. The starting point for achieving cyber resiliency is to implement a risk-centric program. To implement a risk-centric program, we assess the cyber threats and set realistic implementation goals to be completed.
Furthermore, well-defined governance processes enable organizations to continually adjust the program as both the business and threat environments change. Implementing a Cyber Resiliency program would likely not be practical without addressing the organizational disparity between the business technology environment and the ICS side. The program is not simply an expanded set of technical requirements—it may also require shifts in adoption and use, re-engineering of design and construction standards and processes, and new collaboration and accountability mechanisms.
Learning Objectives:- Develop a working understanding of NIST Cyber Security Framework
- Understand the benefits of risk-based approach
