Get in touch
 +41 (0)56 511 22 90
info@osmond.ch

Cybersecurity strategy

A cybersecurity strategy is a high-level plan outlining how an organisation will secure its critical information & communication technology (ICT) assets and minimise cyber risks. It serves as a living document, adaptable to the ever-evolving threat landscape and business needs. The strategy includes a comprehensive plan that outlines the measures and procedures to protect ICT assets from unauthorised access, use, disclosure, disruption, modification, or destruction.


Our recommendation is to use a cyber defence-in-depth (DiD) concept or an National Institute of Standards & Technology (NIST) Cybersecurity Framework (CSF) to establish a strategy as the basis for cyber security goals and a strategic plan.

Cybersecurity strategy based on DiD.

DiD is a holistic approach that seeks to protect all ICT assets against all types of risks. The resulting measures must cover ICT systems in their entirety. A cyber attack only poses a threat to an ICT system if it succeeds in exploiting a vulnerability in one of the following elements. 

Elements of a defence-in-depth strategy (Source: BACS, ICS Standard)

Cybersecurity strategy based on NIST CSF.

The NIST CSF is a valuable framework for organisations to manage and communicate their cybersecurity efforts. It provides a taxonomy of high-level cybersecurity outcomes that can be used by any organisation, regardless of size, sector, or maturity. Here are the key components of the CSF which are the basis for a cybersecurity strategy:

  1. Govern: Establishing policies, roles, and responsibilities to manage cybersecurity risk effectively.
  2. Identify: Understanding and managing cybersecurity risks to systems, assets, data, and capabilities.
  3. Protect: Implementing safeguards to prevent or limit the impact of cybersecurity events.
  4. Detect: Developing and deploying mechanisms to identify cybersecurity incidents promptly.
  5. Respond: Developing and implementing response plans to address detected incidents.
  6. Recover: Restoring normal operations after a cybersecurity incident.

Cyber Security Profile (Source: NIST)

Osmond advises and supports its clients in defining their strategy. It is important to note that security strategies should be reviewed and updated regularly to ensure that they remain effective in the face of evolving threats and changing business needs. 

We’re here to help!

Contact Us

Share by: