Rebalancing cyber security: Prioritizing response and recovery in governance

The NIST Cyber security Framework (CSF) identifies five key pillars: Identify, Protect, Detect, Respond, and Recover [1]. These pillars are widely adopted to shape Cybersecurity strategies and governance efforts, including the recent NSW Cyber security policy [2]. The ‘Identify’ pillar involves understanding the organisation's systems, assets, data, and capabilities, and developing an organisational understanding to manage Cybersecurity risks. ‘Protect’ focuses on implementing safeguards to ensure the delivery of critical infrastructure services, while ‘Detect‘ involves implementing activities to identify the occurrence of a Cybersecurity event.

However, recent research on Cyber security governance [3] reveals a common trend among participating organisations: while capabilities in Identify, Protect, and Detect are often well developed, the areas of Respond and Recover frequently lag behind. This discrepancy is concerning, especially since it is widely accepted that achieving 100% Cyber security is unattainable [4]. Cyber security defences face numerous challenges, including sophisticated cyber-attacks, human error, and the inherent limitations of preventive technologies. Despite robust capabilities in Identify, Protect, and Detect, residual vulnerabilities persist in most technological environments.

Therefore, enhancing efforts in Respond and Recover is crucial to effectively address and mitigate these inevitable threats. The ‘Respond’ pillar involves developing and implementing appropriate activities to take action regarding a detected Cyber security incident, while ‘Recover’ focuses on maintaining plans for resilience and restoring any capabilities or services that were impaired due to a Cyber security incident.

This presentation will advocate for heightened focus on the Respond and Recover areas by sharing insights from recent academic research in Cyber security governance and practical industry experiences. The first part of the presentation will introduce the topic and share insights from the a case study of Cyber security governance in the energy sector, providing a comprehensive overview of the current state of Cyber security governance and the observed gaps in Respond and Recover capabilities.

In the second part of the presentation, an industry leader will share their experiences of relevant real-world examples of incident response scenarios. They will provide a practical checklist for action based on case studies, offering attendees actionable steps to enhance their organisation's Respond and Recover capabilities. By examining case studies and real-world examples, the presentation will illustrate the importance of robust Respond and Recover capabilities in maintaining organisational resilience and ensuring a swift recovery from Cyber security incidents. This comprehensive approach is essential for building a resilient Cyber security posture that can effectively manage and mitigate the inevitable threats faced by modern organisations.