Second-Class Cyber Citizens: Defense on a Budget
It outlines a five-stage process for implementing a defense doctrine in a category B organization.
📌 Stage 0 – Corporate governance and strategy for corporate risk management: This stage involves establishing a governance structure and strategy for managing corporate risk. It sets the foundation for the organization's approach to cyber defense.
📌 Stage 1 – Demarcation of activity and risk assessment survey: This stage involves defining the scope of the organization's activities and conducting a risk assessment survey. This helps the organization understand its potential vulnerabilities and the risks associated with its activities.
📌 Stage 2 – Risk Assessment: This stage involves a detailed assessment of the risks identified in the previous stage. The organization evaluates the potential impact and likelihood of each risk, which helps in prioritizing them for mitigation.
📌 Stage 3 – Handling the risk: After the risks have been assessed, this stage involves developing strategies to manage them. This could involve mitigating the risk, transferring it, accepting it, or avoiding it, depending on the nature of the risk and the organization's risk tolerance.
📌 Stage 4 – Building a work plan: Based on the risk handling strategies developed in the previous stage, this stage involves creating a detailed work plan. This plan outlines the steps the organization will take to implement its risk handling strategies.
📌 Stage 5 – Continuous auditing and monitoring: This final stage involves ongoing auditing and monitoring to ensure that the risk handling strategies are effectively implemented and to identify any new or changing risks. This ensures that the organization's approach to cyber defense remains effective over time