通过基于风险的方法实现网络弹性
AI智能总结
in collaboration with The World Government Summit is a global platform dedicated toshaping the future of governments worldwide. Each year, the Summitsets the agenda for the next generation of governments with a focuson how they can harness innovation and technology to solve universalchallenges facing humanity.The World Government Summit is a knowledge exchange center at theintersection of government, futurism, technology, and innovation. Itfunctions as a thought leadership platform and networking hub forpolicymakers, experts, and pioneers in human development.The Summit is a gateway to the future as it functions as the stage foranalysis of future trends, concerns, and opportunities facing humanity.It is also an arena to showcase innovations, best practice, and smartsolutions to inspire creativity to tackle these future challenges.To Inspireand EnableThe Next Generationof GovernmentsWorld Government Summit Table of ContentsSection 1: Executive SummarySection 2: Geopolitics And The Digital Domain:How Cyberspace Is Impacting Government And ThePublic Sector OrganizationsSection 3: How Cybersecurity RegulatoryEnvironment Is Evolving To Combat The Impacts OfA Fragile Geopolitical LandscapeSection 4: An Effective Governance Approach ForManaging Cyber ResilienceSection 5: Implementing An Agile Approach ForManaging Cyber Risks And Compliance RequirementsSection 6: Managing Business Continuity AndDefining Response, Recovery StrategiesSection 7: ConclusionCall To ActionReferencesContributorsTopics 6101421293841434647 An organization’s ability to achieve its businessobjectives depends on its ability to effectively managethe risks it faces, including cyber risk. Unfortunately,executive management is uncertain about how wellcyber risk is being managed in their organizations andhow resilient their operations are.Section 1Executive SummaryThe Global InformationSecurity Survey (GISS)2021 further outlinedthis concern whereby56.2%of executivessurveyed stated thatthey do not knowwhether their defensesare strong enough forhackers’ new strategies 1 Despite the growing concern aroundmaintaining cyber resilience, the pressureto deliver digital transformation at speedhas led organizations, especially in thegovernment and public sector, to bypasscybersecurity processes. Not coincidentally,it is at a time when cyberattacks, especiallyfrom geopolitical threat actors such asstate agencies and state-related groups,are on the rise.At their core, all government and publicsector organizations function basedon trust. To win and maintain the trustof citizens, such organizations have todemonstrate consistent dedication inpreserving confidentiality, confirming theavailability of systems and services, andmaintaining the integrity of data. As such,cyberattacks pose an unprecedented threatto the government and public sector. It isimportant that cybersecurity is placed atthe heart of any organization’s strategy,that is, an effective cyber governance,risk and compliance program, driven by asecurity-by-design(SbD) approach thatembeds risk-based thinking from theonset of all projects.EY teams’ cross-functional expertise andcore competencies in cyber governance,risk and compliance has allowed us toassist several organizations in establishingeffective methodologies to ensure cyberresilience. Pioneering organizations arebuilding methodologies that consider notonly the business environment, but alsothe geopolitical risk landscape. As it hasbecome evident that a hybrid warfare,such as cyberattacks is the new reality.and geopolitics and cybersecurity areinextricably linked. While no organization is immune to cyberattacks,organizations with strong cyber defenses and dataprotection systems, and those that consider a risk-basedapproach to cybersecurity, are likely to be more resilient.A risk-based approach to cybersecurity allowsorganizations to focus on protecting high-valueinformation assets and mitigating the most impactfulrisks, thereby reducing the attack surface. Implementingsuch an approach requires an integrated mechanismthat considers multiple facets of an organization (e.g.,types of assets, complexity of processes) and a phasedmethodology that covers understanding of business andtechnology environment, classification of technologyassets, analysis of risks or threats, assessment of controldesign, and implementation of risk treatment options.This white paper outlines how the government and publicsector organizations should focus on cyber resiliencecapabilities that reduce the impact of a successful cyber-attack. It presents the aforementioned risk-basedapproach to implement holistic and effective cybergovernance, risk and compliance programs that primarilyinclude cyber risk assessments supported by thoroughtechnical assessments, such as vulnerability assessments,penetration testing, and critical assets configurationreviews.A risk-based approachto cybersecurityallows organizationsto focus on protectinghigh value informationassets and mitigatingt
