Cyber Certification Key Elements
The Cyber Security Certification integrates two key concepts into a single program: Cyber Risk Management and Cyber Program Compliance. These two concepts are often at odds within the same organization. The key premise of the Cyber Security Certification is that an effective program requires a mix of both technical and business process controls.
Cyber Threat and Risk Management
An organization must identify and respond to key threats, including the development of a robust control framework that reduces cyber risk. The Cyber Certification addresses key cyber threats facing all organizations.
Cyber Program Management
Organizations cannot effectively manage the controls needed to protect information without a properly established and documented Cyber Security Program. Key elements of a Cyber Security Program include the development of information security policies and procedures, an Information Security Organization, and proper tools for program assessment and updates.
Information System Asset Management
Information System assets must be managed throughout their lifecycle, from procurement to ongoing configuration management to disposition. The Cyber Certification includes key controls for asset management.
Third Party Vendor Management
Effective cyber security governance requires an understanding of third-party vendor relationships. The Cyber Security Certification includes key controls for the identification and mitigation of third party risks.
The foundation of information security is protecting the confidentiality, integrity and availability of information. The Cyber Certification has key controls for protecting information throughout its lifecycle, including collection, storage, transfer and disposal.
Many organizations develop software as part of their core products and services to customers. The Cyber Certification has key controls to secure application during design, development and deployment.
Network and Boundary Protection
External threats are constantly testing network perimeters. The Cyber Certification contains key controls for network protection, including configuration, traffic control and perimeter defense.
People continue to be the weakest link in cyber security. A robust technical infrastructure can be compromise by a single click by a user. The Cyber Certification contains key controls for the management of employees and contractors.
Response and Recovery
Effective cyber security enables an organization to identify and respond to events that may require organized response. The Cyber Certification includes key controls for incident response and recovery of operations and systems.