Resilient against digital subversion
Digital subversion refers to activities aimed at undermining, weakening, or disrupting digital systems, with the goal of influencing the stability, security, or functioning of an organization. This framework specifically addresses subversion related to affecting the availability and/or integrity of digital information and systems. By applying this framework, your organization can demonstrate an increased level of digital maturity and thus be less vulnerable to digital subversion. The Digital Subversion Framework is always linked to one of the other CYRA levels, Entry, Basic, Intermediate, and Advanced. The additions compared to the regular CYRA framework are highlighted in green in the overview below.
Organization
- Information security and privacy policies
+ Policies on digital subversion - Access security
+ Protection against ‘insider threat’ - Registration and deregistration of users
+ Protection against misuse - Access rights
- Roles and responsibilities in information security and privacy
+ Classification of information - Monitoring, assessing and managing changes in supplier services
- Information security in adverse situations
Staff
- Screening
- Awareness, education and training regarding information security
+ Recognizing undermining
Telecommuting
Reporting of information security events
Physically
- Physical security zone
Technology
- Generating, storing and reviewing log files
+ Protection against subversion - Protecting information in networks and supporting systems
- Guarantee security in the use of network services.
- Ensure proper and effective use of encryption to ensure confidentiality, integrity and availability in line with applicable laws and regulations.
- Secure development policy
- Information security requirements in the design and purchase of applications.
- Change management
- Secure login procedures.
- Technical and organizational protection against malware
- Preventing exploitation of technical vulnerabilities
Privacy
- Purposes of the organization
- Registrations relating to the processing of personal data
Subversion specifically
- Screening subversion
- Subversion hotline