HOPEX Aquila EN

GRC - Governance, Risk & Compliance > HOPEX Cyber Resilience > Building Cyber Resilience > Steps in the Cyber Resilience Process

Steps in the Cyber Resilience Process

Managing the ICT Environment

Identifying Critical IT Processes and Resources

Assessing the Cyber Resilience Framework

Planning the Cyber Resilience Initiative

Managing Cyber-related Incidents

Monitoring Cyber Resilience

HOPEX Cyber Resilience is a module which you can be used throughout your cyber resilience initiative.

For more details on module installation, see Importing a Module into HOPEX.

Managing the ICT Environment

HOPEX enables to manage:

• enterprise processes

See Managing Processes.

• associated IT resources

See Managing Applications.

• ICT-related risks

See Managing Risks.

HOPEX Cyber Resilience enables to view the following object types (in addition to the object types provided with GRC solutions).

• Technology

A software technology is a basic component necessary for operation of business applications.

To manage technologies, go to Environment > Organization > Technologies.

• Server (deployed)

A (deployed) server is a computer on which applications are run.

• Data center

A data center is a physical site that groups together IT facilities responsible for storing and distributing data through an internal network or via Internet access.

• Facility

A facility is a model of site of interest for the enterprise (for example: data center, factory, outlet).

• Data Category

A data category represents a type of data with shared characteristics (for example: sensitive data, confidential data).

Identifying Critical IT Processes and Resources

You need to identify risks related to Information and Communication Technologies (ICT).

To do so, you must perform BIAs to identify critical processes.

See Defining a Business Impact Analysis.

The BIA Impacts report is a dendrogram which displays risks, applications, and technologies. You may click the elements of the dendrogram to expand the report.

When you hover the mouse over an object, a tooltip might display information about the object, when available.

This report is available in the Reports page of BIA properties (Continuity > Business impact Analysis).

Assessing the Cyber Resilience Framework

Cyber-related risks must be assessed. A specific questionnaire template is available.

See Assessing ICT Risks.

Planning the Cyber Resilience Initiative

You must document and test Business Continuity Plans.

See Designing a Business Continuity Plan and Testing a Business Continuity Plan.

You can view BIAs and BCPs in the properties of applications and software technologies linked to critical processes.

Managing Cyber-related Incidents

You must document, notify, and follow-up cyber incidents.

For general information on incidents, see Collecting Incidents.

In incident properties, the Root Cause Description page enables you to enter a comment regarding cause analysis.

Specific reports allow you to:

• generate a Major incident reports to inform authorities.

See Major Incident Report (MS-Word).

• analyze incidents.

See Incident Bow-Tie Analysis.

• monitor cyber-related incidents.

See Incident Monitoring.

Monitoring Cyber Resilience

Reports enable you to monitor your cyber resilience initiative.

For further details, see Cyber Resilience Reports.