Organizational Cyber Defense Doctrine Published

 

Just a few days before the opening of the annual Tel Aviv CyberWeek, the National Cyber Defense Authority has published a comprehensive document on Cyber defense.

The Organizational Cyber Defense Doctrine is part of a multi-layer national cyber defense perception. It is aimed at providing the Israeli market adequate protection from cyber threats and maintain its business continuity.

The document (176 pages long) defines a method to understand potential risks, formulate the necessary response and create a comprehensive corporate plan to mitigate the risks.

The cyber defense doctrine is based on 5 general principles: corporate management responsibilities; a risk-based approach; a defense based on vast Israeli knowledge and experience; proactive defense and multi-dimensional approach (the 3 P’s – People, Products and Processes).

The recurring defense process structure of the theory includes mapping and assessment, implementation of organizational processes and measures and on-going updates.

The security controls are based on the NIST Cyber Security Framework, with considerable modifications made to adapt the framework to the Israeli market.

The modern perception of cyber security sees intrusion prevention as insufficient. It is based on 5 separate stages of controls: identification, protection, detection, response and recovery.

The development of an organizational cyber security process comprises 5 stages: The corporate assets that need defense, understanding of the impact of cyber risks on commercial activities, the desired control, controls’ gap analysis and creation of an implementation work plan.

The Organizational Cyber Defense Doctrine draws a line between two categories of potential damage: Organizations with a low cyber risk will perform a simple mapping of the protected assets and will implement appropriate control. Organizations with a high cyber risk will perform a comprehensive implementation program.

The full document is available in Hebrew at: https://www.gov.il/BlobFolder/policy/cyber_security_methodology_for_organizations/he/Cyber317_A4_176p.pdf

Read more about Data Breach Notification In Israeli Law

Visit our News Room for more updates