Multinational Experiment 7. Outcome 3 - Cyber Domain, Objective 3.1: Threats and Vulnernability Methodology Version 1.0.

摘要

This document presents a generic methodology designed to support decision makers in enhancing resilience through a better understanding of how their nation or organization is dependent on the cyber domain, and how they can be better prepared to maintain essential capabilities and services in the event of cyber attacks on their critical assets. The main body of the concept is a step-by-step guide to the practical application of the methodology. It takes a working group through the identification of an organization's critical assets, analysis of its dependencies on cyber space and any associated vulnerabilities, and the need to maintain a current threat picture. Finally it introduces mitigating measures that will help make a system more resilient. As this methodology is designed to be generic, some parts of it will be more relevant than others for your organization and your specific level within that organization. While the methodology is presented as a whole, parts of it can also be standalone or used as separate methods as appropriate. For those interested in understanding the conceptual basis upon which the methodology rests, Annex A explains the theoretical principles and key definitions. Annex B contains Ten Commandments of Resilience an aide memoire for achieving resilience, while Annex C contains a Methodology Crosswalk a handy two-page form which will aid you in finding the right section in the methodology for the particular task with which you are dealing, as well as identifying potential outputs for each step.