Resilient against digital undermining
Digital subversion refers to activities aimed at undermining, weakening or disrupting digital systems with the aim of affecting the stability, security or operation of a business. This standards framework focuses specifically on undermining related to influencing the availability and/or integrity of digital information and systems. By applying this standards framework, you as a company can demonstrate that you have an increased level of digital maturity and are therefore less susceptible to digital undermining. The Digital Demining Standards Framework is always linked to one of the other CYRA steps, Entry, Basic, Intermediate and Advanced. The overview below shows in green the additions compared to the regular CYRA standards framework.
Organization
- Information security and privacy policies
+ Policy rules on digital subversion - Access Security
+ Protection against ‘insider threat’ - Registration and deregistration of users
+ Protection against abuse - Access rights
- Roles and responsibilities in information security and privacy
+ Classification of information - Monitoring, assessing and managing changes in supplier services
- Information security in adverse situations
Staff
- Screening
- Awareness, education and training regarding information security
+ Recognizing subversion - Telecommuting
- Information security event reporting
Physical
- Physical security area
Technology
- Generation, retention and review of log files
+ Protection against subversion - Protecting information in networks and supporting systems
- Ensuring security in the use of network services.
- Guarantee proper and effective use of encryption to ensure confidentiality, integrity and availability in line with applicable laws and regulations.
- Secure development policy
- Information security requirements in application design and procurement.
- Change Management
- Secure login procedures.
- Technical and organizational protection against malware
- Preventing exploitation of technical vulnerabilities
Privacy
- Purposes of the organization
- Records relating to the processing of personal data
Undermining specifically
- Screening undermining
- Undermining hotline