is a way of looking at the world. It’s acceptance that the illusion of 100% Cyber Security 100% of the time is gone. While we continue to support the concepts of defense, governance, and prevention, a Resilience-focused mindset goes beyond those measures to eliminate your preventable risks and help you plan for acceptance of the less preventable ones with an emphasis on strategic response.
It’s about being ready to act when incidents occur. Because they will occur. Making sure you’re prepared to respond quickly, accurately, and confidently when they occur is what WIMZKL is all about. Honestly, doing these important things well isn’t easy. It means opening hearts and minds to a new way of thinking about how to protect your livelihood by learning more about data protection and privacy laws, cyber insurance requirements, and what it means to be prepared to respond in a crisis by understanding your owned risk even better than before.
It’s about being prepared to respond to any of a broad spectrum of unplanned events, from spear phishing attacks to natural disasters, insidious insider and 3rd party threats (including malware, ransomeware, DDoS attacks, and so many more) to more benign file corruption and data loss.
WIMZKL designs your Resilience Strategy in 3 steps:
Step 1: Diagnose Resilience
Our proprietary framework, the Resilience Diagnostic, quickly identifies, defines, and prioritizes your preventable and acceptable risks. It’s synthesized from a current and comprehensive set of industry compliance standards for Data Protection and Privacy, including GDPR, HIPAA, ISO, PCI, NIST, and others.
How long does Step 1 (the Resilience Diagnostic) take?
Depending on your organization’s size and complexity, typically 40-60 hours. No one wants to bring a tank to a knife fight, so the Resilience Diagnostic defines what your organization needs and what it doesn’t. This step focuses on four primary deliverables:
- Resilience Team: First, we’ll help you create your own internal Resilience Team, including key allies, stakeholders, and subject matter experts. Our process ensures that we work with your team to establish a sense of ownership and buy-in as we begin to uncover the quantitative and qualitative hidden machinery that makes your business tick, especially where technology is concerned, where subtle nuance can hide important details.
- Resilience Blueprint: A baseline physical and cyber security audit that produces a friendly, concrete, step-by-step guide to quickly and cost-effectively eliminate your preventable risks, minimize the ones you must accept, and recommendations for the design of your overall Resilience Strategy, preparing you for unplanned events that would otherwise compromise your business.
- Information Security Policy Set: A complete set of customized policies mapped to your prioritized risks and designed for your organization’s unique requirements and culture.
- Awareness Training: Fast, fresh, and fun presentations designed to speak to the nature of your business’ risks and its culture that elevate your team’s knowledge with the latest intelligence, tools, and strategies to protect your productivity, reputation, and bottom line.
Step 2: Establish Resilience
Working with your in-house IT or providing our own, trusted experts, this step implements the overall Resilience Strategy to eliminate preventable risks and prepare you for a broad spectrum of unplanned events, from cyber attacks to natural disasters, from insider or vendor-related threats, to more common disaster recovery incidents.
How long does Step 2 take?
Typically between 4-8 weeks, depending on what we learn from the Resilience Diagnostic in Step 1 and the size and complexity of your organization.
Step 3: Sustain Resilience
In this step, we create the Resilience Sustainability Plan, an annual calendar of events designed to make sure the work we’ve done so far maintains its value long-term:
- A Resilience Awareness Training schedule (2 x a year, for example) designed to reinforce positive cultural integration of the Resilience Strategy and Information Security Policy Set.
- Table-top exercises – once or twice a year, we sit down together and do one or more simulations, great opportunities for your Resilience Team to get familiar with the steps involved in responding to a diverse set of incidents.
- We’ll plan an annual review of the Resilience Strategy, Information Security Policy Set, along with measurements of our efforts to ensure we’re being successful in our approach and are continuing to adapt to changing data protection and privacy laws, evolving risk and threat landscapes, and your organization’s needs, growth, and continued success.
Learn more about Resilience:
- Case Study: Resilience in Chicago
- Resilience: Insights from a Simulation
- Cyber is dead. Long live Resilience Strategy
In the media:
- Why Cyber is Not Enough: You Need Cyber Resilience — Forbes, January 15, 2014
- Microsoft’s Perspective on Cyber Resilience — Microsoft, August 23, 2017
- What is Cyber Resilience? — [Video] IT Governance Ltd., February 12, 2018
- Cyber Resilience — Wikipedia