The IT cyberresilience is a complex objective requiring a solid understanding and a structured approach. NIST Special Publication 800-160, Developing Cyber Resilient Systems is one the most comprehensive resources available for those enrolled on this journey. Although a bit difficult to navigate, the value of this publication is in its ability to provide the why, the what, and indications for how to approach the topic of cyber resilience.
Over the course of several blogs, I will extract several key learnings, with practical value for any organization looking to improve their resiliency to attacks.
NIST defines cyberresilience as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” The systems and environments that are cyberresilient can withstand cyberattacks, faults, and failures and can continue to operate even in a degraded or debilitated state. Also, of great importance, they can continue delivering mission-essential functions while ensuring that safety and information security are preserved during an incident.
To bring further clarity on the topic, four key cyber resilience characteristics (or guiding principles) are defined within the framework:
Why are these principles important? They have a special practical significance as they help to correctly frame any approach to cyber-resilience. Here is what these characteristics are stating:
In other words, any cyberresilience initiative should be focused on advanced attacks that target critical business functions, with a special consideration for the attacker’s stealthy actions and persistence in the environment. These are key premises that organization looking to improve its cyber resilience should always consider.
In the next part of this series, I will explore the 5 steps Cyber Resiliency Analysis Process and provide a practical and effective way to address cyber resiliency.
To learn more on the importance of cyber resilience for organizations and how to improve the ability to withstand advanced threats, check-out the on-demand webinar: How to increase the cyber-resilience of your business.
Acting Cybersecurity Professional and Product Marketing Director at Bitdefender, Bogdan has extensive international experience in various roles across IT Industry, including IT Systems Integration, Cybersecurity, Sales Engineering, and Product Management. He enjoys combining his engineering background with industry knowledge and business sense to fulfill his professional mission: help businesses grow by leveraging technology.View all posts
Don’t miss out on exclusive content and exciting announcements!