A tool to better support cyber crisis management over the long term
For the past three years, ANSSI has been providing a collection of guides on cyber crisis management that present the best practices to be put in place to better deal with cyber threats and the crises they may generate. To enable the entire ecosystem to better assess its level of preparedness, these guides have been translated, with the support of the Club des directeurs de sécurité et de sûreté des entreprises (CDSE), into a self-assessment tool – allowing each organisation to more accurately measure its strengths and weaknesses in the field of crisis management and business continuity in the face of cyber threats.
This tool offers a series of 57 questions, divided into 5 themes: governance and interactions between teams involved, processes and tools, crisis communication and external relations, incident detection and response, business continuity and reconstruction. For each question, a series of progressive answers allow a positioning between a novice level (0) and “state of the art”-level (3). It can be used as part of a rapid assessment or as part of a more comprehensive audit, depending on individual needs.
A tool to evaluate and improve
Once the evaluation is completed, the results are presented in the form of a series of indicators, including a synthetic one to monitor its score over time. Other finer results (by theme or by crisis temporality) are also available to identify, in an easy manner, specific improvement areas.
The result also makes it possible to identify the next steps to improve its level of maturity. To accelerate capacity-building activities, a set of tools and documents available in ANSSI’s documentary corpus and within the ecosystem is also offered. This list of tools and documents will be regularly updated, in particular with the new productions of the “Cyber Crisis Management” collection of ANSSI and the “Crisis Management and Training” working group of the Cyber Campus.