Posts Tagged ‘resilience’

Cyber Resilience: Part Two Resistance

Cybersecurity has traditionally and overwhelmingly focused on resistance to cyber attack: development and deployment of cyber controls that limit the extent and mitigate the impact of attacks, with the core assumption being that the organisation will be able to prevent most attacks, and at worst, continue to function near-normally during an incident and be able to resume normal operations with minimal delay.

Robust cyber resistance frameworks such as the NIST Cyber Security Framework have emerged, but in reality, good practices that are being developed every day in the field aren’t making their way back into the standards quickly enough in order to make these frameworks practically useful in the fight against cybercrime. At the same time, we also see leading organisations that have successfully mapped out good practices, but struggle to meet their own aspirations across all affected areas of the enterprise.

(more…)

Cyber Resilience: Part One Introduction

This blog series is a re-tooling of a white paper I drafted in May 2015 while working at Stroz Friedberg. I want to thank Stroz Friedberg for the support and time to develop these ideas and specifically want to thank Bill Trent and Simon Viney from Stroz Friedbergs London office for their assistance and review. I also recieved valuable feedback from David Porter at Resilient Thinking and Dave Whitley at BAE Systems.

Introduction

The prevalence of digitally-enabled businesses, Internet-dependent customers and Internet-connected supply chains creates near unlimited opportunities and points of entry for cyberattacks, and significantly increases the potential for cybercrime to damage a company’s ability to maintain operations. This has created an environment in which cyberattacks by criminals, hacktivists and state-sponsored actors are more frequent and more damaging than ever.

(more…)

Twitter RSS