Français
5. Cyber-resilience activities and continuous improvement plan
According to ISO 9001, the quality management standard, continuous improvement is "a regular activity designed to increase the ability to satisfy requirements".
Crises linked to cyber-attacks or cyber-crime can generate anxiety, prompting us to act with a sense of urgency. During a disaster, we may identify vulnerabilities in our processes, in our human activities or in our technological security measures. Although very negative, these chaotic situations very often highlight a certain immaturity in the organization of our cyber defense. They demonstrate that a posture focused exclusively on cost reduction is totally at odds with efficient cyber resilience activities. They show that the absence of an effective risk assessment is all too often induced by a significant reduction in the finances allocated to our cyber defense....
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Cyber-resilience activities and continuous improvement plan
Differences between NIS2 and ISO/IEC 27001
Bibliography
Standards and norms
- Information security, cybersecurity and privacy protection – Information security management systems – Requirements - ISO/IEC 27001 - 2022
- Information security, cybersecurity and privacy protection – Information security management systems – Requirements. Amendment 1: Action on climate change. - ISO/IEC 27001:2022/Amd 1 - 2024
- Information security, cybersecurity and privacy protection – Information security...
Regulations
(non-exhaustive list)
Directive (EU) 2022/2555 of the European Parliament and of the Council of December 14, 2022 on measures to ensure a common high level of cybersecurity throughout the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (SRI 2 Directive), OJEU L 333 of December 27, 2022.
Treaty on the Functioning of the European...
Directory
Organizations – Federations – Associations (non-exhaustive list)
ANSSI (Agence nationale de la sécurité des systèmes d'information) :
ENISA (European Union Agency for Cybersecurity) or AESRI (Agence de l'Union européenne pour la cybersécurité) :
The Ultimate Scientific and Technical Reference
