Browse Definitions :
Definition

cyber resilience

Cyber resilience is the ability of a computing system to recover quickly should it experience adverse conditions. It requires continuous effort and touches on may aspects of information security (infosec), including disaster recovery (DR), business continuity (BC) and computer forensics.

Although not event-specific, cyber resilience is built up over time and refers to the preparations an organization makes to deal with threats and vulnerabilities, the defenses that have been developed, and the resources that are available for mitigating a security failure after the fact. Cyber resilience capabilities are essential in IT systems, critical infrastructure, business processes, organizations, societies and nation-states.

Presidential Policy Directive PPD-21, which former President Barack Obama issued in 2013 to update earlier directives, defines "resilience" as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Examples include developing a business continuity plan, having a backup power generator and using more durable building materials.

Cyber resilience should not be considered synonymous with recovery, but rather with the ability of an enterprise to limit the effects of security incidents and continuously deliver the intended outcome despite a system failure or cyber attack. The concept includes the ability to restore regular delivery mechanisms after such events -- as well as the ability to modify these delivery mechanisms continuously in the face of new risks. 

For strategic planning, a key element of cyber-resilience is a deep understanding of risk – which means going beyond IT planning to make limiting risk exposure an integral part of the strategy. To capitalize on the Paradigm shift from cybersecurity to cyber resilience, businesses should focus their resources on the cyber risks that are likely to have the biggest impacts and hone in on the metrics that provide insight into and help predict them.

Business and government leaders should focus on resilience to avoid the catastrophic failure threatened by an all-or-nothing approach to cyber risks (i.e., preventing network entry as the only plan). Additionally, addressing resilience extends beyond information technology or information security. To ensure greater efficiency and effectiveness, technology and strategic leaders should be involved in an overall cyber resilience approach as a key part of their long-term strategy, including outlining which technologies a business will implement in the next five, 10 or more years.

This was last updated in February 2018

Continue Reading About cyber resilience

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • threat modeling

    Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and ...

  • distributed denial-of-service (DDoS) attack

    A distributed denial-of-service (DDoS) attack is one in which multiple compromised computer systems attack a target, such as a ...

  • social engineering

    Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into ...

SearchHealthIT
SearchDisasterRecovery
  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

  • risk mitigation

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

SearchStorage
  • bare-metal cloud

    Bare-metal cloud is a public cloud service that offers dedicated hardware resources without any installed operating systems or ...

  • race condition

    A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at ...

  • storage security

    Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted ...

Close