Addressing cybersecurity in a holistic manner with ISSP Cybersecurity Preparedness Framework
Oleh Derevianko, Chairman & CVO of ISSP took part in the Polish-Ukrainian webinar on security, hybrid threats and human rights on 7-8 September 2021. The event was organized by the Polish Platform for Homeland Security and Ministry of Internal Affairs of Ukraine.
Oleh Derevianko shared with the Polish and Ukrainian audience the ISSP Cybersecurity Preparedness Framework (CPF) – a holistic approach to cybersecurity, resilience, and countering cybercrime. It is a management and technology framework developed by ISSP’s cybersecurity experts to reduce short- and long-term vulnerabilities, build cybersecurity capacity and strengthen cybersecurity resilience of critical infrastructure operators.
One of the core components of the ISSP CPF is the 360 Cybersecurity Incident Preparedness Assessment which comprises 6 stages:
Compromise Assessment - discovering unknown security breaches, malware, fraud or misconduct, and signs of unauthorized access currently ongoing or evident in recent past;
Vulnerability assessment - identifying weaknesses in OT/IT systems, addressing and prioritizing them, building mitigation steps;
Cybersecurity Maturity Model - a self-assessment methodology for companies including training materials and a questionnaire-based assessment module;
Skills assessment - assessing top management, IT/CISO team and users’ capabilities, knowledge, expertise, and cyber hygiene awareness;
ISO/NIST Gap assessment - evaluating cybersecurity strategy, governance, and processes;
Benchmarking - peer-learning and intelligence sharing enabling companies to compare their level of security to industry standards.
The ISSP CPF was developed based on 12 years of working in cybersecurity domain, including on the frontlines of modern cyber war in Eastern Europe, and hundreds of projects ISSP implemented with private and public customers and partners globally. The framework is applicable to cybersecurity preparedness assessment and improvement at the level of individual organizations, for the whole industries as well as national cybersecurity. It is currently used by USAID Cybersecurity for Critical Infrastructure in Ukraine Activity, a 4-year program with the purpose to strengthen the resilience of Ukraine’s critical infrastructure from cyberattacks.
The Polish-Ukrainian webinar on security, hybrid threats and human rights was implemented in cooperation with the Foundation Leaders of Change within the framework of the Study Tours to Poland Programme financed by the Polish-American Freedom Foundation.