As the Cybersecurity & Infrastructure Security Agency (CISA) kicks off Critical Infrastructure Security and Resilience Month, the agency is offering advice to critical infrastructure organizations on how to remain resilient. The central points include: 

• Understand infrastructure and dependencies: Organizations should identify highly critical systems and assets for operation, then work to understand dependencies on other systems that allow for the continuity of operations. 
• Assess risks: Appraise the threats that could disrupt the organization’s infrastructure, then examine specific vulnerabilities and their potential consequences. 
• Create actionable plans: Develop risk mitigation and incident response plans to minimize the identified vulnerabilities and effectively respond to incidents. 
• Determine progress and plan measures of improvement: Consistently evaluate and update plans to remain proactive against the evolving threat landscape. 

Throughout the month of November, CISA plans to discuss how organizations can best integrate these practices into the workplace. CISA encourages security leaders to get involved with Critical Infrastructure Security and Resilience Month by reviewing available resources promoting the resolve for resiliency. 

https://www.securitymagazine.com/articles/101193-advice-for-critical-infrastructure-security-and-resilience-month