Welcome to the
CyberIQs Knowledge Centre
Notifications
Clear all
Topic starter
26/12/2020 3:54 pm
Hi, I am sorry if this is not the right room to ask this ?
I need to develop a methodology to deliver cyber resilience assessments to my clients, but I am new to this kind of assessments.
Please, can someone explain what methodologies are available to deliver cyber resilience assessments and what sort of results are expected from these sort of assessments?
31/12/2020 11:25 am
Hello nextCiso,
The methodology we follow in our organization is the following,
https://us-cert.cisa.gov/resources/assessments
It was created by CISA ( Cybersecurity & Infrastructure Security Agency)
In the link above you can find an explanation of the methodology and loads of resources to get you started. This methodology aligns well with NIST CSF thus the results of the assessment can be expressed according to one of the fours Tiers present in NIST framework.
https://us-cert.cisa.gov/sites/default/files/c3vp/csc-crr-nist-framework-crosswalk.pdf
I hope you find this useful!
Gulam_rab liked
01/01/2021 5:13 pm
Hello nextCiso, because we are located in Scotland we followed the Cyber Resilience Framework published by the Scottish government which is bssed on NIST CSF and also aligns with the ISO 27001 standard.
Please, see below the framework
https://www.gov.scot/publications/cyber-resilience-framework/
Annex A provides a Matrix mapping to different frameworks such as ISO 27001 and NIS.
I hope this is useful!
Topic starter
03/01/2021 7:08 am
Thanks so much! these resources will get me started.
Forum Statistics
7
Forums
42
Topics
183
Posts
0
Online
7,469
Members
Latest Post: Certificate of Cloud Auditing Knowledge ( CCAK) Our newest member: Jordan Parkin Recent Posts Unread Posts
