Spring 2014 issue of Horizons

FEATURE

8. Human Resources – To ensure employees and those who may leave the company are managed 9. Supply Chain – To ensure vendors have signed a commitment to cyber security with your company The leaders should ensure testing of the plan allows regular re-evaluation of both the prioritized assets and the actions needed to protect those priority assets as the security landscape evolves. This activity will help validate the security and the responsiveness. Step Four: Communicate the Plan – Executive Level Executive level direction and support is essential. Cyber resilience plans require executive buy-in, collaboration from different levels within the entity and coordination with vendors and customers.

When preparing your cyber resilience plan, consider:

∙ There are no answers which provide 100% assurance

∙ It is not a question of if an attack or incident will occur, but a question of when

> Only 31% of U.S. entities have cyber insurance policies.

∙ There is a direct relationship between response time and the exposure to operations, finances and reputation In summary, communication of the plan, relevant updates, as well as what is driving these updates should be delivered to leadership and the board regularly. Step Five: Monitor and Report Moving forward, entities should continue to monitor the evolution of their cyber resilience plan. They should communicate to stakeholders, both internally and externally, monitoring results and changes to the direction of the plan.

~ Experian Information Solutions, Inc.

page 12 | horizons Spring 2014