The evolution of regulatory assessments: building cyber and operational resilience
Apostolos Mastoris, Principal Consultant
February, 2021
Regulatory assessments such as CBEST, TBEST, TIBER, iCAST, and CORIE, are more than just tick box exercises to remain compliant. By assessing organizations in realistic, threat-intelligence-led attack simulations, they present an opportunity to build defensive capability and minimize the disruption to core business services from a cyber attack.
In critical industries where severe disruption to business continuity can pose a broader risk to national or international infrastructure, regulators seek to safeguard people, businesses, and whole industries. One measure of this is cyber resilience, or an organization’s ability to prevent cyber attacks and minimize disruption to core business services should they occur.
Regulatory frameworks measure organizations’ cyber resilience by mandating controlled and standardized security testing. They provide an opportunity for organizations to develop new means to detect and stop more attacks with greater efficiency. Those that embrace this opportunity can realize the business benefits of greater cyber resilience and be able to execute their strategies with less risk of operational disruption.
Regulatory frameworks currently apply to financial institutions, telecoms providers, governmental bodies, and the civil nuclear sector. It is expected that yet more critical industries will adopt them. This guide is designed to help such organizations maximize the value they gain from regulatory assessment by: