In this blog series, we examine the fourteen themes of IASME Cyber Assurance, the comprehensive, cost-effective cyber security standard designed to help organisations of all sizes improve their cyber resilience.
Previous blogs have explored the categories, Identify and Classify, Protect, and Detect and Deter. In this final blog, we take a look at the last category, Respond and Recover.
Theme 13 – Backup and Restore
This theme highlights the critical need to regularly back up business information and ensure it can be restored in case of accidental or malicious tampering, hardware failure, or ransomware. Backups are a critical safeguard to protect against data loss and ensure business continuity. Organisations must determine the frequency of backups based on their tolerance for rework and the potential impact of data loss, ensuring at least weekly backups as a minimum. Backups should be created before significant system changes to allow for recovery if issues arise.
A robust backup strategy involves maintaining three copies of data: the original working version, a primary backup (preferably stored off-site), and a local backup for quick retrieval. Backups must be logically segregated from the main system to prevent incidents such as malware infections from spreading to backup copies. Businesses should also ensure that backups are as secure as the original data, using encryption and access controls to protect sensitive information. Cloud-based backups should be verified to ensure they are stored in separate physical locations and configured to prevent overwriting or tampering.
Testing backups is essential to ensure they can be restored when needed. Monthly restoration tests guided by a risk assessment help confirm the reliability of backups. While full data restoration is not always necessary during testing, verifying the accessibility of a selection of files is critical. Automated testing processes can streamline this task and ensure consistency.
Ultimately, a well-implemented backup strategy minimises the risk of data loss, supports business continuity, and protects against potential threats. By following best practices, such as maintaining multiple backups, encrypting sensitive data, and testing restoration processes, businesses can safeguard their information and reduce the impact of incidents.
Theme 14 – Resilience
The final theme, resilience, focuses on ensuring businesses are prepared to respond to and recover from incidents such as cyber attacks, natural disasters, or accidental data loss. It emphasises the importance of detecting, recording, and addressing breaches of data confidentiality, integrity, or availability in compliance with legal and ethical obligations to stakeholders. Organisations must establish clear processes for incident reporting, investigation, and resolution, ensuring that all employees and stakeholders understand their roles and responsibilities during such events.
A key requirement is the development of a Business Impact Assessment (BIA) and a Business Continuity and Disaster Recovery Plan (BCDRP). The BIA identifies critical functions and assets, prioritising their recovery based on their importance to business operations. The BCDRP outlines how to respond to disruptions, including preserving legal evidence, assigning roles, and ensuring timely recovery of critical systems. The plan should also include contact information for internal and external stakeholders, as well as details on software licenses, hardware, and other resources needed for recovery.
Regular testing and updating of the BCDRP are essential to ensure its effectiveness. Businesses should conduct annual exercises, such as tabletop simulations, to evaluate their incident response processes and identify areas for improvement. Real incidents can also serve as opportunities to test and refine the plan. Lessons learned from incidents should be used to update risk assessments, policies, and procedures, ensuring continuous improvement in security measures.
Ultimately, this theme underscores the importance of resilience and adaptability in the face of unexpected disruptions. By preparing for incidents, learning from past events, and maintaining up-to-date recovery plans, businesses can minimise the impact of incidents on their operations, protect stakeholders, and ensure long-term sustainability.