Skip to content
Home » Archives for March 2021

March 2021

A Practical Approach to Cyber Resilience – The five-step process (Part 2 of 3)

    This is the second of a 3-blog series on Practical Cyber Resilience. In the first part, I covered the four key characteristics (or guiding principles) of cyber resilience. In this blog we will review the main objectives and 5-step Cyber Resilience Analysis methodology, as defined by the NIST Special Publication 800-160, Developing Cyber Resilient Systems. Within the context of this framework, cyber resilience efforts should focus on four key goals: Anticipate, Withstand, Recover from incidents, and Adapt. Sometimes with different wording,… Read More »A Practical Approach to Cyber Resilience – The five-step process (Part 2 of 3)

    Three takeaways for a Small Business from the Microsoft Exchange hack

      I heard this so many times: “My company is too small to be the target of an advanced attack”. Unfortunately, this is not true and the recent cyber-attacks on Microsoft Exchange servers clearly show it. Compared to the recent SolarWinds Orion security breach that directly affected mostly large organizations, the Exchange vulnerabilities were used to attack in excess of 30.000 organizations in the US alone, mostly small businesses and local government offices.  Here are the three lessons that a small… Read More »Three takeaways for a Small Business from the Microsoft Exchange hack

      A Practical Approach to Cyber Resilience – Part 1 of a 3 Part Series

        In a previous blog, I looked at the key differences between cybersecurity and cyber-resilience, and why cyber-resilience is a better approach for organizations to follow in 2021 because it is holistic. The IT cyber-resilience is a complex objective requiring a solid understanding and a structured approach. NIST Special Publication 800-160, Developing Cyber Resilient Systems, is one the most comprehensive resources available for those enrolled on this journey. Although a bit difficult to navigate, the value of this publication is in its… Read More »A Practical Approach to Cyber Resilience – Part 1 of a 3 Part Series